Skip to main content

ThreatFox IOCs for 2021-03-15

Medium
Published: Mon Mar 15 2021 (03/15/2021, 00:00:00 UTC)
Source: ThreatFox
Vendor/Project: type
Product: osint

Description

ThreatFox IOCs for 2021-03-15

AI-Powered Analysis

AILast updated: 06/19/2025, 14:32:47 UTC

Technical Analysis

The provided threat information pertains to a set of Indicators of Compromise (IOCs) published on March 15, 2021, sourced from ThreatFox, which is a platform dedicated to sharing threat intelligence data, particularly related to malware and associated IOCs. The threat is categorized under 'malware' with a focus on OSINT (Open Source Intelligence) data, indicating that the information primarily consists of observable artifacts or indicators rather than a specific malware family or exploit. There are no affected software versions or products explicitly listed, and no known exploits in the wild have been reported. The technical details include a threat level rated at 2 (on an unspecified scale), an analysis score of 1, and a distribution score of 3, suggesting moderate dissemination or sharing of these IOCs within the security community. The absence of CWE identifiers and patch links implies that this is not tied to a specific vulnerability or software flaw but rather to general threat intelligence data. The lack of indicators in the provided data limits the ability to pinpoint specific attack vectors or malware behaviors. Overall, this entry appears to be a collection or update of threat intelligence indicators rather than a direct exploit or active malware campaign.

Potential Impact

Given that the data represents OSINT-based IOCs without direct linkage to active exploits or specific vulnerabilities, the immediate impact on European organizations is limited. However, the dissemination of such IOCs is crucial for enhancing detection capabilities and proactive defense measures. European organizations that integrate these IOCs into their security monitoring tools can improve their ability to detect potential malicious activity early. The medium severity rating suggests that while the threat itself may not be immediately critical, failure to incorporate these indicators could result in delayed detection of malware infections or related cyber threats. The impact is therefore more indirect, emphasizing the importance of threat intelligence sharing and timely integration into security operations rather than an immediate risk to confidentiality, integrity, or availability.

Mitigation Recommendations

1. Integrate ThreatFox IOCs into existing Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR) systems to enhance detection capabilities. 2. Regularly update threat intelligence feeds and ensure automated ingestion of new IOCs to maintain up-to-date defense postures. 3. Conduct threat hunting exercises using these IOCs to proactively identify any latent infections or suspicious activities within the network. 4. Train security analysts on interpreting and leveraging OSINT-based IOCs effectively to reduce false positives and improve response times. 5. Collaborate with national and European cybersecurity information sharing organizations (e.g., ENISA, CERT-EU) to contextualize these IOCs within broader threat landscapes. 6. Since no specific vulnerabilities or patches are associated, focus on strengthening general malware detection and incident response capabilities rather than patch management for this threat.

Need more detailed analysis?Get Pro

Technical Details

Threat Level
2
Analysis
1
Distribution
3
Uuid
f1ce7ab7-d21b-4bb7-9e1b-be32159d78ac
Original Timestamp
1615852981

Indicators of Compromise

Hash

ValueDescriptionCopy
hashea7cab3b6b8294994c32544e89cb7425bc1a0253a64d8f796e3d0d9dac688e5d
Ave Maria payload (confidence level: 50%)
hash72e1816b0f9e1fb44f557dda6696b1596b8c61369e7e91e4e730de33646d4d72
Ave Maria payload (confidence level: 50%)
hashefc7eb536f7fe3e4fd57adbb282005306440909d6db4d31456859a4135d52905
Ave Maria payload (confidence level: 50%)
hash4a44c81b248621407e6fb1070b1176da569c60c34ee2d10ddb62b69d15ae7dda
Ave Maria payload (confidence level: 50%)
hash40dfb6798d2c91cdc97fd433766baba891a3fed51357c3a80873238fbc95daab
Agent Tesla payload (confidence level: 50%)
hash0422cf10eaf62568d1f907d37280f4cf70f11d9af4708d21450bdefb6253baa1
Agent Tesla payload (confidence level: 50%)
hash4a46f761909a89772d6fdc6cf38aee894831cdb8dc56f711537cc70d8b75a78e
Agent Tesla payload (confidence level: 50%)
hash43e7b5d8b2e7904627037b2e5a5169a7cf468f776cd54ccee94fce5266b9b824
Agent Tesla payload (confidence level: 50%)
hash229e96e1a3477d1153de8104751eca8b433669d7e80713530a9668909c07918b
Formbook payload (confidence level: 50%)
hash2c17af6f60a1ef7416caae22fd19507a6cfafde81b939fe7ee732e405aad73dd
Formbook payload (confidence level: 50%)
hash9e94cd431342b468037a305ac5616910b07b14b0ff143a82a45d1832b7bdf429
Formbook payload (confidence level: 50%)
hash67b662f28ef6c6a148443ebece272e63e7eeb9d366032b4366fe459b7c5c41f8
Formbook payload (confidence level: 50%)
hash6cb70a33a89fd40b31ce2b153d35c62bb5d728191b5470ed6fb31014fc9cb308
Agent Tesla payload (confidence level: 50%)
hash8f579ffef359daecde936f898bc3c4259d40d5ee8db6a9a7fbb51a82ccf9877c
Agent Tesla payload (confidence level: 50%)
hashd2c7b0aef97761240512a0827eb92dedf4fb6114748f44958397243d93b783e4
Agent Tesla payload (confidence level: 50%)
hashc01606f5f3f61982dad93886744f210406c5285c76d23577d862f508fa9fd77d
Agent Tesla payload (confidence level: 50%)
hashb7bb35d04c43970a32711eb06080774b5b1d56260fe28b8f7c65206372943e7c
LokiBot payload (confidence level: 50%)
hash7756e8e90ef11ee396e11585517298b7930be6596b8de5dc92ac87a0f75222cb
LokiBot payload (confidence level: 50%)
hasheb90fe5132eaaf077721cd485f1a56692ef6f7f0e28b305a4ca0efe3d56fe4a4
LokiBot payload (confidence level: 50%)
hashcbd36ecbe74b167ba71470da24c3f16961e22f6f41c436c9d1d53fa81335e968
LokiBot payload (confidence level: 50%)
hash920753b004f3c5bddb4bde34e6342de2bdcaf891aca4c9daab3d8ec8bc707b8d
Agent Tesla payload (confidence level: 50%)
hash4709c17e3a1cde10a874ee2d42b7ea213b9de8763f0e43ec438a78f46609f965
Agent Tesla payload (confidence level: 50%)
hash8e3d9b3ae3ba967428d6ffc1c76b8730784c899a94d90f548ffdc9bcada3c03a
Agent Tesla payload (confidence level: 50%)
hash7ccb9af5b2d8fc84fe5978e6890f10f6acd33bf6cd139d5eb9b54cacea71258a
Agent Tesla payload (confidence level: 50%)
hash4157b87ee3210bfdf1786dd2a2e18b1be597438f2830e857a2df5958a63ab3f8
Agent Tesla payload (confidence level: 50%)
hash4e5f06fb27d6c7b91305723c6bd0bd7259da017f8389bc47489d9a5744765b1e
Agent Tesla payload (confidence level: 50%)
hash40838ab66e88907074f374088b001c3c8c0c0df3a7663d4f59be55bbfc869aad
Agent Tesla payload (confidence level: 50%)
hash06e0915f51d8623be912b10a59ee9f601874a0710116be2c749880339535ec56
Agent Tesla payload (confidence level: 50%)
hash46ebcdf811aaae805fd148984b358a0036746f78a9248a2b3671ee73a9b8e147
Formbook payload (confidence level: 50%)
hash09f19a43e9a0b736e9fcd33359267340b91a2ccc376c8cda72fac9754c1493c0
Formbook payload (confidence level: 50%)
hash6da50c6b31b4125631987f40d7bd3dacab22c961ca9ba60dfdfa45120d5ec17a
Formbook payload (confidence level: 50%)
hasha26d22c6eed6211c52358ef2f0dcce5d3b17736330d81abad55101f5581c9f0a
Formbook payload (confidence level: 50%)
hash5dabf489b06eead96a677f4fb2823f86d3b09215d0b5e67da83730c487962ec5
Formbook payload (confidence level: 50%)
hash7c48cc2067df2dcf60bf4922311e2da6b85bd7b1982b98a257d5a2fa7d00cf2b
Formbook payload (confidence level: 50%)
hashc2c13eb1d9e256514cced254d3816ef62d939bf937f73dfb973705cf001e484a
Formbook payload (confidence level: 50%)
hash723fc2a02ff16459dad6943d5f8de485253aec7d7fcc0f43cc095edef3876200
Formbook payload (confidence level: 50%)
hashd707d5f6e5ce74d40a170c81dbe7b298341110a3bd22b573945fa5073504e226
Formbook payload (confidence level: 50%)
hash3e66c0c204b0917e4031d3de27b59bcae06b0c4ca97fba1d8bd3ec27296aaa84
Formbook payload (confidence level: 50%)
hash1b1837b1504714c306a023b8488d15e81b939b6394ff511fb619fa38f264622a
Formbook payload (confidence level: 50%)
hash172126490c7349785a47cb7bb858639efc19a0fd10f256dd35ba7af2ae14440f
Formbook payload (confidence level: 50%)
hashc8ce4bfd2ed577b4fb79022ea9d765f4c0d45f8503eef8e3eccb7c0be7a6ae27
NjRAT payload (confidence level: 50%)
hasha28b2f50eb31526831a83bbc71407ca6f6400862a11b9d43c7246902a0cc6681
NjRAT payload (confidence level: 50%)
hash8c2f739d692483080de75eeda21a38127ba146017cea06cb57814623c9bdce82
NjRAT payload (confidence level: 50%)
hashece0000e3f08666f08d267f44f9711ed56a4f76268b564c59fce4885e03b434d
NjRAT payload (confidence level: 50%)
hashb30915aa088811675a8669b3f9cc8c65c022905c23da4db88df770d5130fbe90
Snake Ransomware payload (confidence level: 50%)
hashf4eb5f39b7aa7ff1136fb05a3e7e7dba451f2d3bbabab2893c8c678c3a1e2c64
Snake Ransomware payload (confidence level: 50%)
hash7331f95a07beb3d748679ad215cb4ec731cafacee756c2a79795b8b91d3ecd17
Snake Ransomware payload (confidence level: 50%)
hash98756eb378125ca0840fced87224a307a873bb21ba92df5b6126703eca32fd49
Snake Ransomware payload (confidence level: 50%)
hash0f3397d012738cb0f62f93d00aba9b412a9425c854a2a835179df6266c4b1815
Agent Tesla payload (confidence level: 50%)
hash1400ea15a38148e92ce5621eb87e1d1f0de71fdafe74bd938f60da2f89a3dc9a
Agent Tesla payload (confidence level: 50%)
hasha24c80975b2de68dc792490800e421bb7490bbf304ff233eca3cb93d0adc8d81
Agent Tesla payload (confidence level: 50%)
hashaf72dea6102f0d8aecc1f2b5963749e739606c200e6af52a7cecd6b1a8e7f29c
Agent Tesla payload (confidence level: 50%)
hash49e8d6042f36db9172e722e34b38cb8d
Amadey payload (confidence level: 50%)
hash10051
Dridex botnet C2 server (confidence level: 75%)
hash443
Dridex botnet C2 server (confidence level: 75%)
hash6601
Dridex botnet C2 server (confidence level: 75%)
hashf1f48360f95e1b43e9fba0fec5a2afb8
PlugX payload (confidence level: 50%)
hasha437eb02db6537a1518998b6bb6c82403c822a97d8d7203dc461c2472097160d
Agent Tesla payload (confidence level: 50%)
hashc65b6318fd10a415f19e5bf9f78af619f159e3aa410ad865058ebdbf0b31f983
Agent Tesla payload (confidence level: 50%)
hasha1ea17999b912b48b590554db25af99908d5dedc80d04d552781328ba058efa3
Agent Tesla payload (confidence level: 50%)
hash506c0818db8d492f396990bdd4b3c662712ebe277016839fd559b04f4363fb7a
Agent Tesla payload (confidence level: 50%)
hashee387fcdb3658a047a1c79818a0011bd83b3ab8c9ee87bdd2d16611109c74e50
Agent Tesla payload (confidence level: 50%)
hash237cadaf190a36147a90d1d73ce6e3e10b058bb1b1e1a84bf74e4285de2a62f4
Agent Tesla payload (confidence level: 50%)
hash2615981d16dcd56396357a059cb1b7e0414eb1acf7746cda5947a6e34703bea4
Agent Tesla payload (confidence level: 50%)
hash9d9b4de9060d32acaf0b184384ded131ed0aa48e23eaeae825c828ade16be7b3
Agent Tesla payload (confidence level: 50%)
hash0ba3f0dc85d5abe2cf046202f589b45820731552cd0e966e9b4e51e706e15ef1
Snake Ransomware payload (confidence level: 50%)
hashf081397bb6974dc6dc0ca1f630981318610f6bd6e8119feed1bd44fefbd43a03
Snake Ransomware payload (confidence level: 50%)
hash5ee2c640f38f086371e82961e7e90cc3eecf7534e83d1b32b52ba90d648d5265
Snake Ransomware payload (confidence level: 50%)
hashceea824b8eabfc87b70bb95c1e88c668820d0d4317f056df125c547756620adc
Snake Ransomware payload (confidence level: 50%)
hash3a08a954b5420702dc1f57733dc238f9977c4dd2041749043ae3e48b36b638c6
Dridex payload (confidence level: 50%)
hash9e07faf56e5997e17bb91d34ed7e77e7685b7176ed1e23af768d18a6dcb5023d
Dridex payload (confidence level: 50%)
hash224377231dd24c7ae4b4e6ccbecfde5bb420b8c417d55f47214160fdbfaee130
Dridex payload (confidence level: 50%)
hash10270594d0719028a337eacdecc282885990ead35dff29781b25a86200d36f95
Dridex payload (confidence level: 50%)
hashc10e45bdd0608a0aaad08844db19a88ed25d36513324fe6d32defb5a5cadf60d
Dridex payload (confidence level: 50%)
hash5b965759f9af66ad12e3fcbf71481799926417240c8cfbd1445d4867238631b8
Dridex payload (confidence level: 50%)
hasha8b33d58e1b15e0565f703f762896f0883454c9f4109a7a8f2ab3a538a3fbc0c
Dridex payload (confidence level: 50%)
hash74a551c38c3165128be5e8c58766a1c57d38b7183f6c9977cd1eeadce159a00f
Dridex payload (confidence level: 50%)
hashf5ce9b9e842592913ed4e6e1dafe695eae938aa52d4e232ac5be3e52387db7c6
Agent Tesla payload (confidence level: 50%)
hash769ee0b120f492a93943a112ec62f4708f795730842541a949477731ed47aa20
Agent Tesla payload (confidence level: 50%)
hashd587db79e6897db436135e14b47127f5b9380868ec1f9edfbdbb7f09a0665466
Agent Tesla payload (confidence level: 50%)
hash7a118e8b992db7feb7d0cab5c415fcc012729f11def87d13ada844c2ff355ffd
Agent Tesla payload (confidence level: 50%)
hash3ec809146f0ae254cd138c24f7cb5718cdc51cbd99a67c360b86a5020a12704f
LokiBot payload (confidence level: 50%)
hash0842e1d9070234550544900fb5bfede1ee4597f1087d38f285abd75aa14c85fe
LokiBot payload (confidence level: 50%)
hashaf4d18f604793162eac9bc260e67eb46ebdcde2f93681a638c9f91c0d8011410
LokiBot payload (confidence level: 50%)
hashe21a7067931c2b2b5b58ec799a6932c8a3964c78e513f02abe5c3bcff4552e4f
LokiBot payload (confidence level: 50%)
hash88452c1c250adeb17561ab1a1128e526db7aa7f9b7a0d04c283ca7f7e15bc79b
Agent Tesla payload (confidence level: 50%)
hasha8dba39ad00064bad947851725eb20e863581975d75d02e5e74ba6773918c7b1
Agent Tesla payload (confidence level: 50%)
hash9e8a09fbb95461ec238f9536f36fab5fe07e78c8d52a2b406e4adc9592f3a425
Agent Tesla payload (confidence level: 50%)
hash532f850d2108f4187ec8b82df6dbd9de8a7b1b7e71a4d9ff81613590d7bd71b1
Agent Tesla payload (confidence level: 50%)
hash1573b4ec83ac67af060289a37896b0c9
Dridex payload (confidence level: 50%)
hashed7415b25b53b2f45b339345a7323f5d457e2102911b00952759056997bb6d42
IcedID payload (confidence level: 50%)
hash2baf563da8db9e2ed765fa7697025d277d06ee53424f6513671f2f6b7441387b
IcedID payload (confidence level: 50%)
hash8e51ccc6c8d14f0365d2d597c8aaf6015238839c0dab90e419107782bf460414
IcedID payload (confidence level: 50%)
hash48154
Nanocore RAT botnet C2 server (confidence level: 75%)
hashfa2451279832638dc9505173ecd7211bcb671d287ec0f49aec8294647766dad4
Remcos payload (confidence level: 50%)
hash871858f02aabb25986bb90757ab2a65f1a0d413e10712f3448d3148360a8572d
Remcos payload (confidence level: 50%)
hash5d20ab723dbc30184582ccec3877af8fbb8fc78f90d09fd680bf784325951ca3
Remcos payload (confidence level: 50%)
hash9ff7592555fb3123259e3b129248586cccb050c22719f401d16949519ecc259d
Remcos payload (confidence level: 50%)
hashc2339cb1d8bea695fd227b54ecca6b4c9927e176f0cbca58779f194afbe2bb1a
CloudEyE payload (confidence level: 50%)
hashbbcfa4ab07af5344791c51d9bbf45f9edd6f81467ea1be239dbea075c0d03a76
CloudEyE payload (confidence level: 50%)
hash311ebbb2ec6fd9b92d4b5d90b849c98d2bb0cbcb940dd3600c22253c63177e06
CloudEyE payload (confidence level: 50%)
hashfdeb1da0df5e4ff9251597ce8e89060544e87fd7d978e73e7f513db4e4c2f2d6
CloudEyE payload (confidence level: 50%)
hash15ab90be9c02f0cdaaedccfc0d1aec9e0651bc04e9cdf7171cb8c5db1eb7cba7
Nanocore RAT payload (confidence level: 50%)
hashb38739764a5e6a4f782bd8b10579f1e27eabcf8d3e57732ee23c876ed6f89d78
Nanocore RAT payload (confidence level: 50%)
hash4349f030943e72c29c52d6dcf11b19bee06d48349ea4eee5966be02cae8b9729
Nanocore RAT payload (confidence level: 50%)
hash8672ba701720e57a66c19ad19bd9ce4ccd81f6e9fe35dc3ae21408c94e06bbf9
Nanocore RAT payload (confidence level: 50%)
hashe3111016a98f008d96e3d3b3147ad433a495c826fbc5d82a1fa688db13f1aee7
Agent Tesla payload (confidence level: 50%)
hashf25b802bc6b7e1c587fbaf00456e8102073f4e40a068fd6da4cb27ce5f7956bb
Agent Tesla payload (confidence level: 50%)
hash12f38366023fc48b9957b3aacbb6566eb65e7e70c67a520d19faac4acd699db5
Agent Tesla payload (confidence level: 50%)
hash2aee7dd49f96f96b9ddbed5d152d5b092c582643f411231304168b45972f4caf
Agent Tesla payload (confidence level: 50%)
hash948ca4fb70be1cf0ae61fcb6d802d463d24de7369872497d2d66eda52d634486
NjRAT payload (confidence level: 50%)
hash9da9406ecc1b6be6712d7bb120b957e5d7d3f7364e7018a6cba2bfb35ddd1830
NjRAT payload (confidence level: 50%)
hashbef49ecdc6d9018cb57d8edc53e2177387659c128abca00c86578cda6e88e61e
NjRAT payload (confidence level: 50%)
hash882c2d397243c456fdefc25467864dfa71ad1d3ee215730381bd7370bba3721a
NjRAT payload (confidence level: 50%)
hash46db080a3de7815c953820d44bb47f414c5edfe9ae083c3da0a9c5b3eb936028
NjRAT payload (confidence level: 50%)
hash7bd6f034a4c3dc1e3dc2516f6962502aa8e243a3da541fd73e886f287792e970
Agent Tesla payload (confidence level: 50%)
hash66f95fa3d4fb8e27a1beca62098133d93bf58ca36b83f58fced7f808ba1f282a
Formbook payload (confidence level: 50%)
hash94afde50189796d71a329f77c8058e6748e473543140cf12eb5919898cc38172
Agent Tesla payload (confidence level: 50%)
hash3529d42ff603873587cd40acbd21d9a61a6ea146633e345d8792b82a77096094
Formbook payload (confidence level: 50%)
hash017ce39a0e5e883207abf6b0f608abfb41b3ec307527ce6b0e172a272d90aafb
Agent Tesla payload (confidence level: 50%)
hashd86c6c3141bd3e7d4e6868247f8a9627e6263245bc1d9a5148f3091d0d699c75
Formbook payload (confidence level: 50%)
hash022e5da6a6272208abe79ed8ef38c7732dd091a2dcad56e845f3e833165f66eb
Agent Tesla payload (confidence level: 50%)
hash83789bd9583cbaa64136f8d83d673be2aa33b6046a48e05a6edb864dfa9f6d70
Formbook payload (confidence level: 50%)

Domain

ValueDescriptionCopy
domaindistanstat.com
ISFB botnet C2 domain (confidence level: 100%)
domainzockzock.top
vidar botnet C2 domain (confidence level: 75%)

File

ValueDescriptionCopy
file147.78.186.4
Dridex botnet C2 server (confidence level: 75%)
file210.65.244.184
Dridex botnet C2 server (confidence level: 75%)
file62.75.168.152
Dridex botnet C2 server (confidence level: 75%)
file79.134.225.40
Nanocore RAT botnet C2 server (confidence level: 75%)

Url

ValueDescriptionCopy
urlhttp://thcotld.com/chief/kev/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://tradesgroups.com/wp-includes/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://onecoloradosport.com:443/jquery-3.3.1.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://onecoloradosport.com:443/jquery-3.3.2.slim.min.js
Cobalt Strike botnet C2 (confidence level: 75%)
urlhttp://87.251.79.157/m0ha/0/pin.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://doshlforex.com/bebe/five/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)
urlhttp://raptechenglneering.com/coco/coco1/fre.php
Loki Password Stealer (PWS) botnet C2 (confidence level: 75%)

Threat ID: 682c7abce3e6de8ceb752626

Added to database: 5/20/2025, 12:51:08 PM

Last enriched: 6/19/2025, 2:32:47 PM

Last updated: 8/16/2025, 3:39:00 PM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

External Links

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats