ThreatFox IOC Database
You are viewing the ThreatFox database entry for url http://bransfortrionaf.com.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2026-03-30 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 834356 |
|---|---|
| IOC: | http://bransfortrionaf.com |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | IcedID Downloader |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| First seen: | 2022-07-13 17:48:27 UTC |
| Last seen: | never |
| UUID: | 001e9369-02d4-11ed-8d91-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | bokbot IcedID |
| Reference: | https://tria.ge/220713-v1h1bshacp |
AndreGironda
MITRE T1566.001Date: Wed, 13 Jul 2022 16:00-16:30 +0000
Received: from luluairtransfer.one (45.159.251.176)
From: Emma Strassner <no-reply@luluairtransfer.one>
Subject: <thread hijacking>
Message-ID: <8041b62bd5ab8310617d1b765aaeae61@127.0.0.1>
X-Mailer: TheBAT 1.1
Return-Path: no-reply@luluairtransfer.one
List-Unsubscribe: <mailto:unsubscribe-no-reply@luluairtransfer.one>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="b1_8041b62bd5ab8310617d1b765aaeae61"
Attachment Name: strassner,doc,07.13.2022.zip
Zipfile SHA256: 676e3175cde1653a9303b7385b2cdb3c31d98b574470b9ea990701825b3c480e
Password -- Office120722
Unzipped ISO-9660 Image Name: list_of_documents-130722.9244.iso
ISO SHA256: 650bf7593c70ce04f0e003ff83ae052fe3030d23928e44a6db3304f7f81a8f16
Contained DLL SHA256: 35d47f5562ef486191cd888363665078b02510b1dcf74eb94f02fb658f2f7649
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2022-07-14 13:45:38 | 66e18a529faaa8de957ab41fb3a49ad8f0fcb497a91d85b86d4a64d05987b3b3 |