ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 216.9.227.107:1122.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1608270
IOC: 216.9.227.107:1122
IOC Type :ip:port
Threat Type :botnet_cc
Malware: XWorm
Confidence Level : Confidence level is elevated (75%)
ASN:AS44382 FIBA
Country:- US
First seen:2025-10-06 14:11:17 UTC
Last seen:2025-10-10 11:34:46 UTC
UUID:5348b07c-a2be-11f0-894e-42010aa4000a
Reporter abuse_ch
Reward 10 credits from netresec
10 credits from akanine1337
10 credits from Saber
Tags:XWorm
Reference: https://bazaar.abuse.ch/sample/43c8dfe3daa3b5402f2c673b1bae02dc73f653570033efcd63e19a9b0f3e0255/

Avatar
abuse_ch
xworm botnet C2

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2025-10-09 10:50:23 3ca2df830068d109a89d63e7e151817cad8304ef3b01f0f2a8ac0016d3f4f8f4
2025-10-09 08:55:21 c41382baf0579770f75c871c2131638aa699af0e9e6a7fb44e053e325a55409f
2025-10-08 17:50:25 36de97d34c27bc19163101bfcc6a8a32bf411fd099119cd04a86a40dda4bac4d