ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 198.12.126.169:8780.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1551569
IOC: 198.12.126.169:8780
IOC Type :ip:port
Threat Type :botnet_cc
Malware: XWorm
Confidence Level : Confidence level is high (99%)
ASN:AS36352 AS-COLOCROSSING
Country:- US
First seen:2025-06-30 12:17:40 UTC
Last seen:2025-08-06 11:33:47 UTC
UUID:a2a4f9d1-55a6-11f0-a7f6-42010aa4000a
Reporter netresec
Reward 50 credits from anonymous
10 credits from 01Xyris
50 credits from anonymous
Reference: https://app.any.run/tasks/bc5b3aa2-4ed3-4280-9ff5-ab754a243bcd

Avatar
netresec
Malicious protocol XWorm

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2025-08-01 14:35:09 ae016e4375fd5a26f3a6694090d6d4acdef0ad2e1a6b655245edaba423326207
2025-07-02 08:01:39 6022f226e68e690fa6cb1b54c57fbccf654c3d6880f1463943f4d42214e38de7
2025-07-02 08:01:36 20956193bf71a732ca34708c3c3989a7f5b7474f03b679dc9a38e69a1dfdbb53
2025-07-02 08:01:33 fc5a3f9ed9c4393cb50369a13d950a58c14f88b5db98422cfdfb0dab33581595
2025-07-02 08:01:31 22db59830bcc20ae4e63da56690fc3ec1c42b0009483f8a95e51d2284fe36366
2025-07-02 08:01:28 88170c9fa79e032ba011d0c8b8106e480bcb37985833a84cfe4263c778e421b6
2025-07-02 08:01:27 8e36d4f98a882487bedbedf73cbb010f793c7bb529d133a58673a14850198f9f
2025-07-02 08:01:26 8c7dcb164544b81ecbd5c3b6509ae9bf4a83762d9d97f8ea611eb495c8188619
2025-07-02 08:01:23 da23e4e01098ea352b7d8767ec68e715ec0aec368da768796b43560b37775ea4
2025-07-02 08:01:23 8b2cc228b4a72f956d83e49583f0b4c80a1b3963c13a9ed942f545e08d5f3ac5
2025-07-02 08:01:22 5c32fa2c4083969171e14b595a995580c2c40ea790edbfae019ea14137d5eef7
2025-07-02 08:01:21 ae8300b8080e4aabaa7b31f7035848a10ad59f180a823b8ba9ba63441ba8bca5