ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain xman2.duckdns.org.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:701443
IOC: xman2.duckdns.org
IOC Type :domain
Threat Type :botnet_cc
Malware: NetWire RC
Malware alias:NetWeird, NetWire, Recam
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS51167 CONTABO
Country:- DE
First seen:2022-06-14 18:54:23 UTC
Last seen:2023-09-10 21:56:24 UTC
UUID:67d89b44-ec13-11ec-a975-42010aa4000a
Reporter AndreGironda
Reward 5 credits from ThreatFox
Tags:NetWire
Reference: https://tria.ge/220614-xdt57acgh9

Avatar
AndreGironda
MITRE T1566.001
Date: 14 Jun 2022 09:30-10:00 -0700
Received: from 5266108.doorrackpainter.com (162.240.1.83)
Received: from [144.126.208.207] (port=59959 helo=doorrackpainter.com) by 5266108.doorrackpainter.com with esmtpa (Exim 4.95) (envelope-from <best@doorrackpainter.com>) id 1o19di-0005dD-2Z
Reply-To: podznanorat@gmail.com
From: "accountspayableremit" <best@doorrackpainter.com>
Subject: Payment Notification
Message-ID: <20220614094341.5DA6DBF61DF1ED5C@doorrackpainter.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_BDAF7ED4.B47FCD6D"
Return-Path: best@doorrackpainter.com
Atttachment Name: Payment Notifcation.7z
Rarfile SHA256: b1567a1ae0b925c6faa052eebb72cb0210118b302c36e6d54e911bdc8e015861
Uncompressed Executable Name: Payment Notification.exe
Executable SHA256: a152ac9e30bb5899007c127a0855393e8c2257b44ee981a059427d61f2dd49d7
Netwire Unpacked Executable SHA256: b9680182476cd741b221e0928a628b23ff5f34ff06e82acadd31284fb4088928