ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 137.220.140.38:9000.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1791140
IOC: 137.220.140.38:9000
IOC Type :ip:port
Threat Type :botnet_cc
Malware: ValleyRAT
Malware alias:Winos
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS4907 BGPNETPTELTD-AS-AP
Country:- SG
First seen:2026-04-14 20:57:26 UTC
Last seen:never
UUID:8b0f7d3d-3844-11f1-8759-42010aa4000a
Reporter abuse_ch
Reward 5 credits from ThreatFox
Tags:valleyrat_s2
Reference: https://bazaar.abuse.ch/sample/dfb59fcee8102cd4055b29396a0a3b3d7d23c113b94ac37517ad24038b50e7ca/

Avatar
abuse_ch
valleyrat_s2 (aka Winos) botnet C2

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2026-04-14 21:01:23 dfb59fcee8102cd4055b29396a0a3b3d7d23c113b94ac37517ad24038b50e7ca
2026-04-14 21:01:19 e42418a96592473a22749b14e0472c8a145e24e538f1851f50e1e697c8d4fc46