ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 149.248.3.38:13339.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1836164
IOC: 149.248.3.38:13339
IOC Type :ip:port
Threat Type :botnet_cc
Malware: KV
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS20473 AS-VULTR
Country:- US
First seen:2026-06-23 06:52:00 UTC
Last seen:2026-06-24 05:10:23 UTC
UUID:5accb449-6e82-11f1-9258-42010aa4000a
Reporter Anonymous
Reward 5 credits from ThreatFox
Tags:botnet G1017 JDY recon VoltTyphoon
Reference: https://github.com/yankywilson/jdy-tasking-decryption

Avatar
Anonymous
JDY botnet C2/payload cluster (China-nexus, KV/JDY lineage, Volt Typhoon, MITRE G1017). All share the jdyfj self-signed TLS cert (SHA-256 2b640582bbbffe58c4efb8ab5a0412e95130e70a587fd1e194fbcd4b33d432cf). IPs rotate; 149.248.3.38 is a shared host — scope blocking accordingly. Full enumeration: https://github.com/yankywilson/jdy-tasking-decryption