ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 91.92.33.183:9999.

Database Entry


IOC ID:1844111
IOC: 91.92.33.183:9999
IOC Type :ip:port
Threat Type :botnet_cc
Malware: CraxsRAT
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS207043 DEDIK-IO
First seen:2026-07-04 07:10:22 UTC
Last seen:never
UUID:36f86ad5-7705-11f1-97fa-42010aa4000a
Reporter BadCoder1337
Reward 5 credits from ThreatFox
Tags:Android banker craxsrat Dropper Hvnc RAT SafeRussia

Avatar
BadCoder1337
CraxsRAT (SpyNote lineage) Android RAT C2. Primary command channel from hardcoded config (mainip:mainport). TCP/9999 open and live at time of analysis. Distributed as 'Safe Russia.apk' via compromised Telegram accounts; two-stage dropper com.uisy.cache.installertest -> com.veloxapp.speedcore. Features: HVNC, accessibility keylog/PIN theft, screen/cam/mic streaming, SMS interception, black-screen fraud overlay, Telegram exfil.