ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 31.56.209.120:4764.
Database Entry
| IOC ID: | 1801502 |
|---|---|
| IOC: | 31.56.209.120:4764 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Remcos |
| Malware alias: | RemcosRAT, Remvio, Socmer |
| Confidence Level : | Confidence level is high (100%) |
| Is compromised? : | False |
| ASN: | AS209373 SWISSNET-AS |
| Country: |  IR |
| First seen: | 2026-04-28 09:22:27 UTC |
| Last seen: | never |
| UUID: | c6456005-42e3-11f1-8759-42010aa4000a |
| Reporter |  TomU |
| Reward | 5 credits from ThreatFox |
| Tags: | remcos |
| Reference: | https://www.virustotal.com/gui/ip-address/31.56.209.120/community |
TomU
https://www.virustotal.com/gui/file/06088a7d56179599e0f4129947c201371db743e7d55de6cb8321b14b5afe6fde/behaviorRemcos C2: 31.56.209.120:4764
Matches rule ET JA3 Hash - Remcos 3.x/4.x TLS Connection at Proofpoint Emerging Threats Open
Malware Command and Control Activity Detected
ET JA3 Hash - Remcos 3.x/4.x TLS Connection
Malware Command and Control Activity Detected
Proofpoint Emerging Threats Open
Context for the matching alerts
Destination IP: 31.56.209.120
Destination port: 4764
JA3 Client hashes: a85be79f7b569f1df5e6087b69deb493
JA3 Server hashes: eb1d94daa7e0344597e756a1fb6e7054
Communicating Files
06088a7d56179599e0f4129947c201371db743e7d55de6cb8321b14b5afe6fde
14218c721782e81f154ce5a7850c443482a489ffbd75c03d57d79d9a4c9b24f6
609efcd30e092b12cba60b4892d5859a6bdd33ade5ed0e7852b9c753888711c2
7fe2f63af608fdd52216dd55765f819735a2a20fa1730bc5a0b6a3ae503fe718
f0d91382203c83f1b098fed53d7bf21238160ae7d534e01cb2c25ef7d6fbe84f