ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 194.5.98.141:2180.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-31 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 436354 |
|---|---|
| IOC: | 194.5.98.141:2180 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Nanocore RAT |
| Malware alias: | Nancrat, NanoCore |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS149020 WEBHORIZON-AS-AP |
| Country: |  IN |
| First seen: | 2022-03-22 00:23:55 UTC |
| Last seen: | never |
| UUID: | 5bc457d6-a976-11ec-8129-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | NanoCore |
| Reference: | https://tria.ge/220321-3y44saacgl |
AndreGironda
MITRE T1566.001Date: Mon, 21 Mar 2022 12:30-13:00 +0800
Received: from mail.ashaheenco.com (74.208.53.220)
MIME-Version: 1.0
From: Standard Bank <ibsupport@standardbank.co.za>
To: undisclosed-recipients:;
Subject: PaymentConfirmation
Reply-To: noreply@standardbank.co.za
User-Agent: Kolab 16/Roundcube 1.4.11
Message-ID: <1dde5afd3d391e223da49817659317fb@standardbank.co.za>
X-Sender: ibsupport@standardbank.co.za
Organization: Standard Bank
Content-Type: multipart/mixed; boundary="=_d688f7497124a35e6be55e4088b8a026"
Return-Path: ibsupport@standardbank.co.za
Attachment 1 Name: PaymentConfirmation.iso
powerdrinkers_and_powerisos SHA256: dfae2b0eec6b85ad1a532127bba2452de7717351fa40df8c11ed60f79be2b242
Attachment 2 Name: PaymentConfirmation.R00.rar
Attachment 2 SHA256: 8c525d180f2d18915fac135599942cc3f0d12176c7162956700978cc0cda5f5a
UDF_Encapsulated_Executable RAR_Encapsulated_Executable Name: PaymentConfirmation.exe
Executable SHA256: 8143ce440d081fbd4fdb3c1dca4baa8aeaff53a350a41dd8ebe3eb51e8bd2483
Loaded Executable SHA256: 43daf586434a7a967a3ab7d8516c76666a6eeba6c1761cea70187e2a2e4513af
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2022-03-23 06:31:37 | 9edc14cb7b9c966a121bf2b954dc49826435e452a4b161242d42fda789ed45da |