ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain exportmunic007.duckdns.org.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:247473
IOC: exportmunic007.duckdns.org
IOC Type :domain
Threat Type :botnet_cc
Malware: NetWire RC
Malware alias:NetWeird, NetWire, Recam
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS27323 SERVERSTADIUM
Country:- US
First seen:2021-11-12 15:17:59 UTC
Last seen:2023-12-17 15:40:53 UTC
UUID:b881ca53-43cb-11ec-8ab6-42010aa4000a
Reporter AndreGironda
Reward 5 credits from ThreatFox
Tags:NetWire
Reference: https://tria.ge/211112-nb3vwaachj

Avatar
AndreGironda
MITRE T1566.001
Date: 12 Nov 2021 08:30-09:00 +0100
Received: from guvenismentese.com.tr (212.192.241.75)
Reply-To: Semra Sönmez <exportmunic007@gmail.com>
From: Semra Sönmez <info@guvenismentese.com.tr>
Subject: Annexed payment (PO:938323)
Message-ID: <20211112085554.B0EEEACD03ACF3D7@guvenismentese.com.tr>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_1D0179FE.3B02C9B0"
Return-Path: info@guvenismentese.com.tr
Attachment Name: annexed_payment.tar
Attachment SHA256: 331140a49d785b9e26307223a90478b5b48b854548153a1c28e3959c9abc905c
Uncompressed Executable Name: annexed_payment.exe
Executable SHA256: 7b2046a98f7f06d33fa42e473ee16465340713c76e27dc3cdd883c42fe06ed2a
Stage URL 1: hXXps://cdn.discordapp[.]com/attachments/893177342426509335/908617520284581908/jounces.jpg
Stage URL 2: hXXps://cdn.discordapp[.]com/attachments/893177342426509335/908617518623633408/photooxidizes.jpg
Stage Executable SHA256: 29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b