ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 194.5.97.98:3388.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-06-04 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 384886 |
|---|---|
| IOC: | 194.5.97.98:3388 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | NetWire RC |
| Malware alias: | NetWeird, NetWire, Recam |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS149020 WEBHORIZON-AS-AP |
| Country: |  IN |
| First seen: | 2022-02-10 14:50:33 UTC |
| Last seen: | never |
| UUID: | ccbbfb6b-8a80-11ec-a022-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | NetWire |
| Reference: | https://tria.ge/220209-l9rjdsabap |
AndreGironda
MITRE T1566.001Date: Mon, 7 Feb 2022 05:30-06:00 -0800
Received: from abbyandassociateschambers.org (66.84.13.122)
Reply-To: <galenfinance@outlook.com>
From: "Mr. Frank"<galenfinance@outlook.com>
Subject: LOAN @3%
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0047_01C2A9A6.2A91BE30"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <d4ca4d3d-c207-4916-9653-eeff4318401b@DM6NAM11FT019.eop-nam11.prod.protection.outlook.com>
To: Undisclosed recipients:;
Return-Path: galenfinance@outlook.com
Attachment Name: Proof Of Payment.iso
powerdrinkers_and_powerisos SHA256: c898214632c9f94ab2eb9e360b1ec309ea10632cc22b6c9ad4c986ab142d24ee
UDF_Encapsulated_Executable Name: Proof Of Payment.exe
Executable SHA256: 613f834365193c618508ba88fd61987f9130b6627772ed233a441058c22ceade
Stage URL: hXXps://www.uplooder[.]net/img/image/54/eafe7ba691bbe87be3d558bbda02e28c/Proof-Of-Payment.png