ThreatFox IOC Database
You are viewing the ThreatFox database entry for url http://76.8.53.133:30308.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-12 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 839413 |
|---|---|
| IOC: | http://76.8.53.133:30308 |
| IOC Type : | url |
| Threat Type : | botnet_cc |
| Malware: | RedLine Stealer |
| Malware alias: | RECORDSTEALER |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS17185 D102-PHL-1 |
| Country: |  US |
| First seen: | 2022-07-25 05:21:18 UTC |
| Last seen: | never |
| UUID: | 9cc8ed91-0bd9-11ed-9b75-42010aa4000a |
| Reporter |  AndreGironda |
| Reward |
10 credits from |
| Tags: | RedLine RedLineStealer |
| Reference: | https://tria.ge/220725-ft93xagbfk |
AndreGironda
MITRE T1566.001Date: Mon, 25 Jul 2022 05:30-06:00 +0200
Received: from qmt5.citechco.net (203.83.177.224)
Content-Type: multipart/mixed; boundary="===============0315028397=="
MIME-Version: 1.0
Subject: Enquiry - AGIS - JULY & AUGUST - Assortment
From: "EDWIN VALEZ " <moshiur@interloopbd.com>
Message-ID: <b974fe9b-d9c6-445a-811e-18a7cc3ee241@BN8NAM11FT008.eop-nam11.prod.protection.outlook.com>
Return-Path: moshiur@interloopbd.com
Attachment Name: RFQ.doc
RTF SHA256: 6f3f0601dfed94ebbcefb8305de5fc98b9f055e094ec617e5b718c3b991abd82
Stage URL: hXXp://208[.]67.105.179/ikmerozx.exe
Stage Executable SHA256: e616c9cb9911bcc75db23046f1b0f6a9248114c64d25c1ab5971041c0dd11798
AveMaria Unpacked Executable SHA256: a27087a5e852d409af70e117cfe6beab449556581876daca7ed6169e27e8ddea
RedLine Executable SHA256: 0653031df30643ea5efa30506bc0bff8ce88fc4a589f69c0260381e982e9e1d5
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).