# IOClist - ip-dst # # Use these IOCs at your own risk. # # See : http://www.botvrij.eu # 146.70.149.61 # ip-dst - MuddyWater eN-Able spear-phishing with new TTPs (376) 146.70.124.102 # ip-dst - MuddyWater eN-Able spear-phishing with new TTPs (376) 37.120.237.204 # ip-dst - MuddyWater eN-Able spear-phishing with new TTPs (376) 37.120.237.248 # ip-dst - MuddyWater eN-Able spear-phishing with new TTPs (376) 45.89.106.147 # ip-dst - The attack against Danish critical infrastructure (377) 145.239.54.169 # ip-dst - The attack against Danish critical infrastructure (377) 176.124.32.84 # ip-dst - The attack against Danish critical infrastructure (377) 185.180.223.48 # ip-dst - The attack against Danish critical infrastructure (377) 91.235.234.81 # ip-dst - The attack against Danish critical infrastructure (377) 205.147.101.170 # ip-dst - The attack against Danish critical infrastructure (377) 45.128.232.143 # ip-dst - The attack against Danish critical infrastructure (377) 91.235.234.251 # ip-dst - The attack against Danish critical infrastructure (377) 46.8.198.196 # ip-dst - The attack against Danish critical infrastructure (377) 156.241.86.2 # ip-dst - The attack against Danish critical infrastructure (377) 63.79.171.112 # ip-dst - The attack against Danish critical infrastructure (377) 217.57.80.18 # ip-dst - The attack against Danish critical infrastructure (377) 70.62.153.174 # ip-dst - The attack against Danish critical infrastructure (377) 185.44.81.147 # ip-dst - The attack against Danish critical infrastructure (377) 82.180.150.197 # ip-dst - Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (378) 176.119.195.113 # ip-dst - Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (378) 176.119.195.115 # ip-dst - Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (378) 185.220.101.58 # ip-dst - Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (378) 190.2.145.24 # ip-dst - Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (378) 23.224.99.242 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 23.224.99.243 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 23.224.99.244 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 23.224.99.245 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 23.224.99.246 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 23.225.35.234 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 23.225.35.235 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 23.225.35.236 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 23.225.35.237 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 23.225.35.238 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 107.148.41.146 # ip-dst - Barracuda Email Security Gateway Appliance (ESG) Vulnerability (379) 94.131.109.65 # ip-dst - Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (381) 95.164.38.99 # ip-dst - Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (381) 45.67.230.91 # ip-dst - Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (381) 95.164.46.199 # ip-dst - Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (381) 94.131.98.14 # ip-dst - Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (381) 94.131.3.160 # ip-dst - Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (381) 103.76.128.34 # ip-dst - AA23-347A Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (382) 65.21.51.58 # ip-dst - AA23-347A Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (382) 65.20.97.203 # ip-dst - AA23-347A Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (382) 104.193.88.123 # ip-dst - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) 183.134.93.171 # ip-dst - NSPX30: A sophisticated AitM-enabled implant evolving since 2005 (387) 20.237.166.161 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 20.120.249.43 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 52.161.154.239 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 167.114.138.249 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 66.70.160.251 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 167.114.4.175 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 18.215.238.53 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 54.219.169.167 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 3.144.135.247 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 77.246.96.204 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 185.228.72.38 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 62.84.100.225 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 20.151.89.252 # ip-dst - ESET takes part in global operation to disrupt the Grandoreiro banking trojan (388) 82.102.19.88 # ip-dst - Turkish espionage campaigns in the Netherlands (389) 62.115.255.163 # ip-dst - Turkish espionage campaigns in the Netherlands (389) 193.34.167.245 # ip-dst - Turkish espionage campaigns in the Netherlands (389) 93.115.22.212 # ip-dst - Turkish espionage campaigns in the Netherlands (389) 95.179.176.250 # ip-dst - Turkish espionage campaigns in the Netherlands (389) 45.9.148.193 # ip-dst - The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker (391) 103.127.43.208 # ip-dst - The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker (391) 193.142.58.126 # ip-dst - Thanksgiving 2023 security incident (393) 198.244.174.214 # ip-dst - Thanksgiving 2023 security incident (393) 192.243.59.20 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 192.243.59.13 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 192.243.59.12 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 192.243.61.227 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 192.243.61.225 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 173.233.139.164 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 173.233.137.60 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 173.233.137.52 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 173.233.137.44 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 173.233.137.36 # ip-dst - ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (400) 162.62.225.65 # ip-dst - PAPERWALL Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content (401) 43.163.221.160 # ip-dst - PAPERWALL Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content (401) 43.155.173.104 # ip-dst - PAPERWALL Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content (401) 43.153.75.48 # ip-dst - PAPERWALL Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content (401) 49.51.49.54 # ip-dst - PAPERWALL Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content (401) 43.157.63.199 # ip-dst - PAPERWALL Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content (401) 170.106.196.76 # ip-dst - PAPERWALL Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content (401) 43.157.58.203 # ip-dst - PAPERWALL Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content (401) 43.153.106.236 # ip-dst - PAPERWALL Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content (401) 203.95.8.98 # ip-dst - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (402) 203.95.9.54 # ip-dst - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure (402) 178.21.13.3 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.13.32 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.13.33 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.13.34 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.13.35 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.14.92 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.14.93 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.15.204 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 176.99.6.152 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.15.41 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.15.42 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.15.183 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 178.21.15.85 # ip-dst - PORTAL KOMBAT A structured and coordinated pro-Russian propaganda network (403) 107.172.79.5 # ip-dst - Zip uploaded from Iran exploiting cve-2023-38831 (404) 178.162.227.180 # ip-dst - AA23-335A: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (405) 185.162.235.206 # ip-dst - AA23-335A: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (405) 38.180.2.23 # ip-dst - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (406) 38.180.3.57 # ip-dst - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (406) 38.180.76.31 # ip-dst - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (406) 86.105.18.113 # ip-dst - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (406) 176.97.66.57 # ip-dst - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (406) 176.97.76.118 # ip-dst - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (406) 176.97.76.129 # ip-dst - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (406) 198.50.170.72 # ip-dst - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (406) 104.129.55.103|2224 # ip-dst - The (D)Evolution of Pikabot (407) 178.18.246.136|2078 # ip-dst - The (D)Evolution of Pikabot (407) 158.220.80.167|2967 # ip-dst - The (D)Evolution of Pikabot (407) 104.129.55.104|2223 # ip-dst - The (D)Evolution of Pikabot (407) 23.226.138.161|5242 # ip-dst - The (D)Evolution of Pikabot (407) 37.60.242.85|9785 # ip-dst - The (D)Evolution of Pikabot (407) 23.226.138.143|2083 # ip-dst - The (D)Evolution of Pikabot (407) 37.60.242.86|2967 # ip-dst - The (D)Evolution of Pikabot (407) 85.239.243.155|5000 # ip-dst - The (D)Evolution of Pikabot (407) 158.220.80.157|9785 # ip-dst - The (D)Evolution of Pikabot (407) 65.20.66.218|5938 # ip-dst - The (D)Evolution of Pikabot (407) 95.179.191.137|5938 # ip-dst - The (D)Evolution of Pikabot (407) 139.84.237.229|2967 # ip-dst - The (D)Evolution of Pikabot (407) 84.32.189.74 # ip-dst - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) 179.43.172.127 # ip-dst - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) 179.43.172.191 # ip-dst - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) 64.31.63.70 # ip-dst - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) 64.31.63.194 # ip-dst - CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day (408) 103.107.104.37|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 149.104.12.64|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 185.82.216.184|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 195.211.96.99|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 195.123.246.26|22 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 45.83.236.105|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 45.131.179.179|22 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 45.131.179.179|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 45.131.179.179|5938 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 103.192.226.46|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 154.204.27.181|80 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 154.204.27.181|110 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 103.56.53.120|80 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 103.56.53.120|8080 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 176.113.69.91|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 45.251.240.55|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 45.251.240.55|8080 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 149.104.11.29|443 # ip-dst - Earth Preta Campaign Uses DOPLUGS to Target Asia (409) 1.92.240.113 # ip-dst - Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities (412) 45.9.149.215 # ip-dst - Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities (412) 94.156.71.115 # ip-dst - Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities (412) 172.86.66.165 # ip-dst - Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities (412) 45.153.240.73 # ip-dst - Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities (412) 34.135.1.100 # ip-dst - Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns (416) 172.114.170.18|55155 # ip-dst - Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns (418) 194.126.178.8|55555 # ip-dst - Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns (418) 148.252.42.42|54467 # ip-dst - Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns (418) 74.124.219.71 # ip-dst - Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns (418) 37.139.129.145 # ip-dst - Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled (420) 195.10.205.23 # ip-dst - Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled (420) 172.105.124.34 # ip-dst - Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled (420) 134.122.197.80 # ip-dst - Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled (420) 91.92.254.31 # ip-dst - Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled (420) 91.92.247.212 # ip-dst - Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled (420) 185.241.208.83 # ip-dst - Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled (420) 185.241.208.104 # ip-dst - Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled (420)