ThreatFox IOC Database

You are viewing the ThreatFox database entry for ip:port 79.134.225.17:2050.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:8772
IOC: 79.134.225.17:2050
IOC Type :ip:port
Threat Type :botnet_cc
Malware: Remcos
Malware alias:RemcosRAT, Remvio, Socmer
Confidence Level : Confidence level is elevated (75%)
ASN:AS6775 FINK-TELECOM-SERVICES
Country:- CH
First seen:2021-04-16 14:50:36 UTC
Last seen:2023-09-27 18:37:52 UTC
UUID:1a683178-9ec3-11eb-a134-42010aa4000a
Reporter abuse_ch
Reward 5 credits from ThreatFox
Tags:remcos
Reference: https://bazaar.abuse.ch/sample/3f968649c02fd5ee3f14e1d30803512bebc391ceac8005e76d3be87276df10ea/

Avatar
abuse_ch
remcos (aka RemcosRAT,Remvio,Socmer) botnet C2

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2021-05-19 10:05:42 74d5a7052ca7168700158a9f7c8c15f37c99355e1b84dc5a73724d605bd35604
2021-05-12 10:00:44 47fcfe4b9687b8ddc8ce16c961d78a9941fa483400898e43cb4b2b8f3863f6d5
2021-05-11 15:10:26 5e92e39b866d490cdeb534eb04a5cb2ffc34231c29881af7921aad42965afd10
2021-05-11 10:11:12 00b6b610ff7d07af06a0888ac2095085de70aae5238bb1e876128ed0ede3fb3e