ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 94.140.112.17:80.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-10 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 273914 |
|---|---|
| IOC: | 94.140.112.17:80 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | IcedID Downloader |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS43513 NANO-AS |
| Country: |  LV |
| First seen: | 2021-12-10 18:52:52 UTC |
| Last seen: | never |
| UUID: | 60e74aab-59ea-11ec-8ab6-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | IceID TA551 |
| Reference: | https://tria.ge/211210-w8fqlsaghq |
AndreGironda
MITRE T1566.001Date: Fri, 10 Dec 2021 14:00-14:30 +0000
Received: from [184.166.213.5] (port=36675 helo=localhost)
From: yann@pennec.net
Subject: Re: Don't owe it to yourself and your partner to try the best medicine Yann
Message-ID: <f94a8aa87ce57ee666220bc314320670@127.0.0.1>
X-Mailer: iPhone Mail
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="b1_f94a8aa87ce57ee666220bc314320670"
X-Source-IP: 184.166.213.5
X-Source-Sender: (localhost) [184.166.213.5]:36675
X-Source-Auth: lidia@mitacotaqueria.com
X-Email-Count: 82
X-Source-Cap: c3VtbWVycDI7c3VtbWVycDI7Ym94NTE5NC5ibHVlaG9zdC5jb20=
X-Local-Domain: no
Return-Path: yann@pennec.net
Attachment Name: Info.zip
Attachment SHA256: 94f348178ee6bb97462107b26500de689b8f1ed10188ed5eca5cfa70fcac702a
Maldoc Name: facts,12.21.doc
Maldoc SHA256: 42e28df5b3a1adec65fe008603c972c630e5c6408ed7ae1f1cfaa0b1b3316c29
Stage URL: hXXp://huntcrypto1998b[.]com/frhe/iA4HTDSZ3k0XFD2m235o1wJMYw4LI0G1CtHNvSFOIGIg/qU2STVjHI3jOYvRag0ieGLuZQvKUOsWWbkpz4kZK4b/97086/nbdRmR3/Zn5a0hw9TkCa8DB2GNc80TDg5xBOnOkAQixWY7sJJ/izzLtuT6BVV0xRecCKVVHAAR6PkgGrIPNTSNgan/IkfbvjGO0qobcg4DyUX11Z/67688/repa7?user=IevFn6nc1K2n8i
IceID DLL SHA256: adaa957d3caa3c152600f9952b260be9ee53947b96dec9a8b8a73db12475068b
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2022-02-23 18:07:03 | de1ae614a8a926b44989594d2bd4615c14700e575662d7c4689789d6b228f79e |