ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 87.121.79.21:8888.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1780265
IOC: 87.121.79.21:8888
IOC Type :ip:port
Threat Type :botnet_cc
Malware: HijackLoader
Malware alias:DOILoader, GHOSTPULSE, IDAT Loader, SHADOWLADDER
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS213725 UK-03AI
Country:- GB
First seen:2026-04-02 06:23:42 UTC
Last seen:never
UUID:708b8580-2e20-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox

Avatar
Lenny_3BO
HijackLoader C2 panel (AutoVault MaaS framework). React frontend + PHP 8.4.5 backend on port 8888. Favicon MMH3: 2086204293. JS bundle: main.3bc2c05e.js (SHA256: 9f10630ab4ce4d21936282ea7832f5bec4a0f41aa0a3912b43aa9bca6041e46d). VT communicating files include Rugmi/Penguish/Androm samples. Ref: Lenny-3BO hunt.