ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 198.23.227.212:6000.
Database Entry
| IOC ID: | 1567720 |
|---|---|
| IOC: | 198.23.227.212:6000 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | XWorm |
| Confidence Level : | Confidence level is elevated (75%) |
| Is compromised? : | False |
| ASN: | AS36352 AS-COLOCROSSING |
| Country: |  US |
| First seen: | 2025-08-12 15:16:11 UTC |
| Last seen: | 2025-08-15 12:12:43 UTC |
| UUID: | 476d7eaf-778f-11f0-851c-42010aa4000a |
| Reporter |  abuse_ch |
| Reward |
50 credits from anonymous 10 credits from 01Xyris 50 credits from anonymous 10 credits from netresec 10 credits from akanine1337 10 credits from Saber |
| Tags: | XWorm |
| Reference: | https://bazaar.abuse.ch/sample/93f8cfd3fc4486c9353306c91bd05bb92eac6489550d306c4a7886fb4b7b1a27/ |
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2025-09-06 04:35:25 | 3433ac1f8c27e6e4bf4f2482dbc6e9af1ee91e8221c9243a9504696f2c4617f7 |