ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 107.172.73.148:3360.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-06-04 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 247474 |
|---|---|
| IOC: | 107.172.73.148:3360 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | NetWire RC |
| Malware alias: | NetWeird, NetWire, Recam |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS36352 AS-COLOCROSSING |
| Country: |  US |
| First seen: | 2021-11-12 15:18:21 UTC |
| Last seen: | never |
| UUID: | c56e9131-43cb-11ec-8ab6-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | NetWire |
| Reference: | https://tria.ge/211112-nb3vwaachj |
AndreGironda
MITRE T1566.001Date: 12 Nov 2021 08:30-09:00 +0100
Received: from guvenismentese.com.tr (212.192.241.75)
Reply-To: Semra Sönmez <exportmunic007@gmail.com>
From: Semra Sönmez <info@guvenismentese.com.tr>
Subject: Annexed payment (PO:938323)
Message-ID: <20211112085554.B0EEEACD03ACF3D7@guvenismentese.com.tr>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_1D0179FE.3B02C9B0"
Return-Path: info@guvenismentese.com.tr
Attachment Name: annexed_payment.tar
Attachment SHA256: 331140a49d785b9e26307223a90478b5b48b854548153a1c28e3959c9abc905c
Uncompressed Executable Name: annexed_payment.exe
Executable SHA256: 7b2046a98f7f06d33fa42e473ee16465340713c76e27dc3cdd883c42fe06ed2a
Stage URL 1: hXXps://cdn.discordapp[.]com/attachments/893177342426509335/908617520284581908/jounces.jpg
Stage URL 2: hXXps://cdn.discordapp[.]com/attachments/893177342426509335/908617518623633408/photooxidizes.jpg
Stage Executable SHA256: 29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2021-11-12 16:35:53 | 7b2046a98f7f06d33fa42e473ee16465340713c76e27dc3cdd883c42fe06ed2a |