ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain legend4000.duckdns.org.

Database Entry


IOC ID:294845
IOC: legend4000.duckdns.org
IOC Type :domain
Threat Type :botnet_cc
Malware: NjRAT
Malware alias:Bladabindi
Confidence Level : Confidence level is high (100%)
First seen:2022-01-13 21:45:00 UTC
Last seen:never
UUID:0ea970f5-74ba-11ec-8ab6-42010aa4000a
Reporter @AndreGironda
Reward 5 credits from ThreatFox
Tags:Bladabindi njrat
Reference: https://tria.ge/220113-1eecxacfb9

Twitter
@AndreGironda
MITRE T1566.001
Date: Fri, 14 Jan 2022 05:00-05:30 +0800
Received: from smtp84.iad3b.emailsrvr.com (146.20.161.84)
X-Auth-ID: vhoang@openheart.net
Received: by smtp11.relay.iad3b.emailsrvr.com (Authenticated sender: vhoang-AT-openheart.net) with ESMTPA id 8F1D24017D; Thu, 13 Jan 2022 16:15:20 -0500 (EST)
From: "Vhoang Gabriel"<Vhoang@openheart.net>
Subject: Payment Receipt...
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0128_01C2A9A6.5DDF22A2"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Classification-ID: 7424933c-b5e9-4b24-8a9f-84c0699b5a24-1-1
Message-ID: <e29406d4-5fa7-4a82-9c8f-71b8c6f55351@DM6NAM11FT028.eop-nam11.prod.protection.outlook.com>
To: Undisclosed recipients:;
Return-Path: Vhoang@openheart.net
Attachment Name: A81N2M36C_INV0ICE_RECEIPT.iso
powerdrinkers_and_powerisos SHA256: da7700879e6013d9dad54b7f65375fd84a0988a6297e510d0130720d5c8fcfdb
Contained Executable Name: A81N2M36C_INV0ICE_RECEIPT.exe
Executable SHA256: 0a9d287a3539c979a8c215ca003ca35293c324644e2f2c4dc3a38b4c7f9fa143
Unpacked NjRAT Executable SHA256: a40caae7441c3e44dd934fa3bbc615465603fc89abb6256965adb3c29805b1d5