ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 109.230.231.17:2525.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1660961
IOC: 109.230.231.17:2525
IOC Type :ip:port
Threat Type :botnet_cc
Malware: XWorm
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS197071 ACTIVE-SERVERS
Country:- DE
First seen:2025-11-29 09:38:14 UTC
Last seen:2025-12-19 10:40:11 UTC
UUID:20dc86e6-cd07-11f0-a341-42010aa4000a
Reporter DonPasci
Reward 10 credits from akanine1337
10 credits from Saber
Tags:ACTIVE-SERVERS AS197071 c2 XWorm
Reference: https://x.com/K_N1kolenko/status/1994372549787124038

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2025-12-13 08:15:27 667304c2ddccd1ecfe41d3d95fed3bab3d2308f8c1190ea0c5728eccfd8cf082
2025-12-13 08:15:26 2eb43100d5acf0a5abec58a512a1fc8d3888b52d78de380475e13f129608f022
2025-12-13 08:15:25 125ae1365fe1c5f27482211b9b9418f64f2db572516b3f0a8f89d31e0a918077
2025-12-13 07:20:09 89ba6584811ee707fc6511fa30a8837e2b116dbb69baa6b651ff733e06e85166