ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 103.119.15.173:3322.
Database Entry
| IOC ID: | 1647792 |
|---|---|
| IOC: | 103.119.15.173:3322 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | ValleyRAT |
| Malware alias: | Winos |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS140869 TGL-AS-AP |
| Country: |  NZ |
| First seen: | 2025-11-21 12:04:29 UTC |
| Last seen: | 2025-12-31 11:41:53 UTC |
| UUID: | 3b829dbc-c6d2-11f0-a341-42010aa4000a |
| Reporter |  DonPasci |
| Reward |
10 credits from netresec |
| Tags: | AS140869 c2 RAT triage ValleyRAT |
| Reference: | https://tria.ge/251121-jtczysdl5z |
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).
| Time stamp (UTC) | SHA256 hash | Bazaar |
|---|---|---|
| 2025-11-21 15:50:19 | 2f427c091401f25c800002ac613e0e141c0c3eb5adb619d9d17add8bf29f38fb |