ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://194.31.98.112/index.php.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	646754
IOC:	http://194.31.98.112/index.php
IOC Type :	url
Threat Type :	botnet_cc
Malware:	Azorult
Malware alias:	PuffStealer, Rultazo
Confidence Level :	Confidence level is moderate (50%)
ASN:	AS14178 Megacable_Comunicaciones_de_Mexico_S.A._de_C.V.
Country:	MX
First seen:	2022-06-02 02:52:15 UTC
Last seen:	2023-09-27 14:05:48 UTC
UUID:	026021ca-e21f-11ec-9c94-42010aa4000a
Reporter	AndreGironda
Reward	5 credits from ThreatFox
Tags:	AZORult
Reference:	https://tria.ge/220602-c7n6tagcgn

AndreGironda

MITRE T1566.001
Date: Wed, 01 Jun 2022 20:30-21:00 -0400
Received: from amerpoly.cloudns.ph (185.81.114.179)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=_882c836d5d4d7bbd08f36ed4778b7f42"
From: lnfo@wheelsup.com
To: undisclosed-recipients:;
Subject: RE: URGENT NEW ORDER
Message-ID: <489c2ca2571d8ec699638f20bd164ae0@wheelsup.com>
X-Sender: lnfo@wheelsup.com
User-Agent: Roundcube Webmail/1.3.6
Return-Path: lnfo@wheelsup.com
Attachment Name: New Order.xlsx
Maldoc SHA256: fa35ea7ba7e1adcac6ddede3d0c54bab06183f47315ece58fbb701dc6af9e2b3
Stage URL: hXXps://semenpadanghospital.co[.]id/web/Product%20specification.exe
Stage Executable SHA256: 6f42aa014eb22272fdd4f8e1e0cb5e30f934b54232547d816efec00d76f0d377
AZORult Unpacked Executable SHA256: caa9fa00809f54ab5915ba4308d4b40538635d4155a0e28f0bdc085a3c47138b

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2022-06-02 17:51:18	6f42aa014eb22272fdd4f8e1e0cb5e30f934b54232547d816efec00d76f0d377