ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 194.5.98.28:4100.

Database Entry


IOC ID:295279
IOC: 194.5.98.28:4100
IOC Type :ip:port
Threat Type :botnet_cc
Malware: Nanocore RAT
Malware alias:Nancrat, NanoCore
Confidence Level : Confidence level is high (100%)
First seen:2022-01-14 16:45:51 UTC
Last seen:never
UUID:6ee90ca0-7559-11ec-8ab6-42010aa4000a
Reporter @AndreGironda
Reward 5 credits from ThreatFox
Tags:NanoCore
Reference: https://tria.ge/220114-tygttahbf3

Twitter
@AndreGironda
MITRE T1566.001
Date: Fri, 14 Jan 2022 21:00-21:30 +0800
Received: from smtp72.ord1d.emailsrvr.com (184.106.54.72)
X-Auth-ID: marc.delfau@fiorano.com
Received: by smtp2.relay.ord1d.emailsrvr.com (Authenticated sender: marc.delfau-AT-fiorano.com) with ESMTPA id 99B222008A; Fri, 14 Jan 2022 08:27:45 -0500 (EST)
From: "Marc Alejandro"<marc.delfau@fiorano.com>
Subject: Payment Receipt...
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0003_01C2A9A6.2006ED58"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Classification-ID: cb78fc06-31d7-4fb7-8f75-5cb695bbf2bd-1-1
Message-ID: <f144bf2d-2e4c-4cd2-881f-86f212c1878d@BN8NAM11FT006.eop-nam11.prod.protection.outlook.com>
To: Undisclosed recipients:;
Return-Path: marc.delfau@fiorano.com
Attachment Name: Y1K3875FX_INV0ICE_RECEIPT.zip
Attachment SHA256:
9dc8c1ba2816b6abbd8f7f5a5745bc5ade524ce0669252c0cde5f08c76c1b5af
Unzipped ISO Name: Y1K3875FX_INV0ICE_RECEIPT.iso
ISO SHA256:
5f1815018ba3736c77da69873cf89eddee1cb456253cf5b0b35d85696b2d1f88
Contained VBScript Name: Y1K3875FX_INV0ICE_RECEIPT.vbs
VBScript SHA256: a52cb2c09e66deb221d1db56e62b67138e5e3de516966481f789cd48dcacbe66
Stage 1 URL: hXXp://swmen[.]com/vet/PS1NAIO.txt
Stage 2 URL: hXXp://swmen[.]com/vet/ServerFJG.txt