ThreatFox IOC Database
You are viewing the ThreatFox database entry for url https://pastebin.com/raw/R2nB6NU0.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-04-10 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 382130 |
|---|---|
| IOC: | https://pastebin.com/raw/R2nB6NU0 |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | LimeRAT |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS13335 CLOUDFLARENET |
| Country: |  US |
| First seen: | 2022-02-08 05:18:41 UTC |
| Last seen: | never |
| UUID: | 9417cd2b-889e-11ec-a022-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | LimeRAT |
| Reference: | https://bazaar.abuse.ch/sample/9ed684c16d180e8fad345ad752c38d982c4bd87852ce36bf22ba881b4d9521f2/ |
AndreGironda
MITRE T1566.002Date: Tue, 08 Feb 2022 04:00-04:30 +0100
Received: from vm325618.pq.hosting (45.87.154.170)
Message-Id: <202202080300.21830pgT021442@vm325618.pq.hosting>
Mime-Version: 1.0
From: "(victim org) Fax" <jm@(victim org)>
Subject: (victim org) New document received - Docs-082022.pdf - 3-. pages
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
Return-Path: root@vm325618.pq.hosting
Message Body URL: hXXps://filebin[.]net/kbr6sg39gm7w6c2p/Faxx_Document.zip
Zipfile SHA256: ee4d1ed53556bbb51b2f3e676772ede6f7252a4703504dea79b8b61a0afff69d
JavaScript Dropper Name: Faxx Document.js
JS Dropper SHA256: 0d3f950913a4e2b5fff1a90b672ed9539b8d80475d385983aff6a83240d8a8d4
Unpacked .NET Executable Name: wUYia5ZSvQcHRWY.exe
Executable SHA256: 0b1034f063627ffa381f0fa2351e2656948870d197c6a06897e9d5827c5d6b24
Limerat Executable SHA256: 9ed684c16d180e8fad345ad752c38d982c4bd87852ce36bf22ba881b4d9521f2