ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 185.215.113.99:21438.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2025-12-24 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	244756
IOC:	185.215.113.99:21438
IOC Type :	ip:port
Threat Type :	botnet_cc
Malware:	RedLine Stealer
Malware alias:	RECORDSTEALER
Confidence Level :	Confidence level is high (100%)
ASN:	AS51381 ELITETEAM-PEERING-AZ1
Country:	SC
First seen:	2021-11-06 17:45:22 UTC
Last seen:	2023-08-01 17:58:56 UTC
UUID:	50a09baa-3f29-11ec-8ab6-42010aa4000a
Reporter	fish_illuminati
Reward	5 credits from ThreatFox
Tags:	RedLineStealer
Reference:	https://app.any.run/tasks/cef0ea6d-d27f-4096-a1ca-83716d36df5d

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)	SHA256 hash	Bazaar
2021-11-07 16:25:32	ca4615a50dc5adad955daa48f4f2f83942719b55c293ebcff2f3911d97d2b062
2021-11-07 16:25:31	e7445d94c0f0e7f824a10a4eeb62ac26de23c8ab9355fa9bfc812bb26e93f0a3
2021-11-07 16:00:40	9aecf38b3ed3ecf1f26c556621fe314493909670ec6e408c59da665569248231
2021-11-07 15:35:25	2fa81f4a4c64e5595c5d538062b4e8435e10fccd9f81b73c6ddf752b9ace38af
2021-11-07 15:25:29	40b99287968196254dbb61673a964aef74e045a505d4b7b0a8354bb55c0270b8
2021-11-07 15:20:27	911d5864defca0256364a90ed1385c7006cfa4c4489eea555f8b78316abc7517
2021-11-07 15:20:26	cb1e09e5affb73670be3ba3a7d66a0a2f5df01cb81d8b6b2cd7cde41a5fed5c5
2021-11-07 15:05:29	13f344f4992df083cf861660d307f8909843db355215b102238b79b903edd70a
2021-11-07 14:50:23	24d0c8c617d6c6237022c5d2d064c1ef06a8b95a48856cb61065a37f6eea8a6e
2021-11-06 19:51:10	d7223ebba63ac05d33ea06fbf95479f39971ec6c5c6ef93b9d96a7c2fb2cd23d