TF-1812072 — APEX

Threats › TF-1812072

Category: VShell Published: 2026-05-14 Source updated: 2026-05-14 First seen: 2026-05-14 04:28 UTC Last updated: 2026-05-14 09:49 UTC Source: Threatfox IOCs/Threats

Description

Indicator that identifies a botnet command&control server (C&C). IOC type: ip:port combination that is used for botnet Command&control (C&C). Attributed malware: VShell. Confidence: 100. Observed port: 9200. First seen: 2026-05-14 04:00:16 UTC. Reporter: anonymous. Tags: Vshell.

Remediations (4)

Malware, Viruses and Botnets - National Cybersecurity Alliance

web:staysafeonline.org

Your computer can get infected with malware and become part of a botnet , and you would probably not even know it until its too late. As part of the botnet , your device communicates and receives instructions from "command and control" computers, which can be located anywhere around the globe.

2026-05-14 04:28 UTC
PDF www-users.cs.umn.edu

web:www-users.cs.umn.edu

We would like to show you a description here but the site won't allow us.

2026-05-14 04:28 UTC
www.akamai.com

web:www.akamai.com

We would like to show you a description here but the site won't allow us.

2026-05-14 04:28 UTC
What are bots, botnets and zombies? - Webroot

web:www.webroot.com

Learn what bots, botnets , and zombie devices are, how cybercriminals use them, and what steps you can take to protect your systems.

2026-05-14 04:28 UTC

Indicators of Compromise (1)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

ipv4 155.138.193.22 VT 3 / 91

IOC database

Type: ipv4
Value: 155.138.193.22
First seen: 2026-05-14 02:38 UTC
Last seen: 2026-06-07 11:55 UTC
Attached to this threat: 2026-05-14 04:28 UTC
Appears in: 3 threats
Description: ip:port combination that is used for botnet Command&control (C&C) attributed to VShell

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Flagged by 3 of 91 VirusTotal vendors

Vendor	Verdict	Detection
CRDF	malicious	`malicious`
MalwareURL	malicious	`malware`
SOCRadar	malicious	`malware`

Details From VirusTotal

Basic Properties

Network	`155.138.128.0/17`
Country	`US`
AS owner	`The Constant Company, LLC`
ASN	`20473`
Regional registry	`ARIN`

History

Last analysis	2026-05-14 08:15 UTC
Last modified on VirusTotal	2026-06-11 08:18 UTC
WHOIS record date	2026-05-14 04:46 UTC

References (2)

Malpedia profile Threatfox IOCs/Threats
ThreatFox IOC page Threatfox IOCs/Threats
Indicator that identifies a botnet command&control server (C&C). IOC type: ip:port combination that is used for botnet Command&control (C&C). Attributed malware: VShell. Confidence: 100. Observed port: 9200. First seen: 2026-05-14 04:00:16 UTC. Reporter: anonymous. Tags: Vshell.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.

`TF-1812072` high

VShell: ip:port combination that is used for botnet Command&control (C&C) 155.138.193.22:9200

Description

Remediations (4)

Indicators of Compromise (1)

IOC database

Threat Hunt — feed corroboration

Flagged by 3 of 91 VirusTotal vendors

Details From VirusTotal

Basic Properties

History

References (2)

AI Forensic Analysis

TF-1812072 high

VShell: ip:port combination that is used for botnet Command&control (C&C) 155.138.193.22:9200

Description

Remediations (4)

Indicators of Compromise (1)

IOC database

Threat Hunt — feed corroboration

Flagged by 3 of 91 VirusTotal vendors

Details From VirusTotal

Basic Properties

History

References (2)

AI Forensic Analysis

`TF-1812072` high