103.224.212.222 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 103.224.212.222 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🔴 High Risk — 80/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: Australia
• Noticed: 50 times
• Protocols Attacked: SSH
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Czechia, Denmark, Estonia, France, Georgia, Germany, Guatemala, Japan, Latvia, Lithuania, Mexico, Netherlands, Norway, Panama, Philippines, Poland, Romania, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Tor Node: No
• Associated Malware Samples: 3061

Tags

• 103.129.252.44
• 103.224.212.222
• 103.28.36.182
• 162.0.215.111
• 1663014711
• 411260982
• 443 ma2592000
• a7i string
• aaaa
• abuse
• abuse contact
• ac32a
• accept
• access
• access ta0001
• acint
• active
• active related
• active threat
• activity dns
• acurix networks
• adaptivebee
• adblock pro
• added active
• address
• address as
• addtopayload
• adid
• a div
• adload
• admin country
• adobe portable
• a domains
• adversaries
• adware
• aes128gcm
• aes256gcm
• agent
• agent tesla
• Agent Tesla
• agreement
• aig
• akamai
• akamaias
• akamaiasn1
• alerts
• alexa
• alexa top
• alf features
• algorithm
• a li
• alina
• all octoseek
• all scoreblue
• all search
• amadey bot
• amazing girls
• amazon 02
• amazon02
• amazonaes
• analyze
• analyzer
• analyzer paste
• analyzer threat
• android
• andromeda
• anomalous file
• anonymizer
• anti-detection
• antigua
• a nxdomain
• apache
• api blog
• a poster
• aposter
• appdata
• apple
• Apple
• apple-access.com
• apple attack
• apple control
• apple data collection
• apple engineering
• apple id
• appleid
• apple inc
• apple ios
• applenoc
• apple notepad
• apple phone
• application
• applicunwnt
• april
• arizona
• artemis
• artro
• as11042
• as12768
• as13335
• as133618
• as133775 xiamen
• as14061
• as15169
• as15169 google
• as16276
• as16509
• as16625
• as174 cogent
• as19527 google
• as197695 domain
• as19905
• as201682 liquid
• as206834 team
• as208722 yandex
• as20940
• as22612
• as24940 hetzner
• as29873
• as30943
• as31483
• as32244
• as32244 liquid
• as3359
• as34788
• as36647 oath
• as393245 oath
• as397240
• as4134 chinanet
• as44273 host
• as46606
• as49305 map
• as49505
• as49870 alsycon
• as49870 city
• as50295 triple
• as54994 quantil
• as58061 scalaxy
• as58110 ip
• as61969 team
• as62597
• as63949 linode
• as714
• as8068
• as8075
• as852
• as8560
• as autonomous
• ascii text
• asn13335
• asn15169
• asn16509
• asn20940
• asn213250
• asn as13335
• asn as22612
• asn as63949
• asnone
• asnone united
• asn owner
• asyncrat
• a td
• a th
• athena
• attack
• attention
• august
• auslogics
• authentication
• author avatar
• authority
• avast avg
• ave maria
• awful
• azorult
• azure tls
• baaa
• back
• backdoor
• bahamut
• bambernek
• bambernek gen
• bambernek simda
• banco
• bandit stealer
• bandoo
• bank
• banker
• banking
• barbuda
• barbuda unknown
• bashlite
• basic
• b body
• beach research
• behav
• beijing baidu
• bell south
• bellsouth
• ben c
• benjamin
• best targets
• betabot
• bidid
• b image
• binder
• binrm
• bios
• bitrat
• black
• black basta
• blacklist
• blacklist http
• blacklist https
• blocklist
• bnr
• bodis
• body
• body doctype
• body length
• bookmarks
• boolean
• boot
• bot
• botnet
• botnet command and control
• bot network
• Bot Networks
• boundsstr
• bq feb
• bq mar
• bradesco
• Bradesco
• brashears
• breached
• breadcrumbs
• brent kimball
• brian
• briannsabey breadcrumbs
• brian sabey
• briansabey
• brontok
• browse scan
• browsing
• brute force passwords
• b script
• bugs
• bundled
• businessman
• busty brunette
• C2
• ca
• caaa
• caca
• caca4baaa
• cacf
• caea
• ca id
• ca issuers
• ca limited
• canada unknown
• canvas
• capture
• catalog tree
• cellbrite
• centerchecks
• centos
• certificate
• chameleon
• change
• chaos
• checkbox
• checkin
• Cherry Creek Colorado
• china
• china unknown
• chrome
• cidr
• cins active
• cisco
• cisco umbrella
• citadel
• city
• ck id
• ck matrix
• claims
• class
• classname
• cleaner
• click
• clickjacking
• clipper dos
• close
• cloudflar
• cloudflare
• cloudflarenet
• cloud host
• cmd
• cname
• cnc feodo
• cncomodo ecc
• cnc server
• cnisrg root
• cnlet
• cnwe1 validity
• cnwotrus dv
• coalition et
• cobalt
• cobalt strike
• Cobalt Strike
• coco
• code
• coinminer
• collection
• collections
• collections wow
• comcast tmobile
• com laude
• command
• command_and_control
• command decode
• commerce
• communicating
• comodo
• company limited
• compiler
• computer
• comspec
• conduit
• config
• connect azurepc
• connect facebook
• connection
• contact
• contacted
• contacted hosts
• contacted urls
• contained
• content
• contentencoding
• content type
• contextualizing
• cookie
• cookies
• copy
• copyright
• core
• count blacklist
• country
• covid19
• cowardly lion group
• cp
• crack
• cracked
• create
• create c
• created
• create new
• creation date
• criminal gang
• criteria id
• critical
• critical risk
• crl cache
• crlcachedir
• cronup threat
• cryp
• crypto
• csam
• csc corporate
• cuba
• cus cnmicrosoft
• cus cnr3
• cus ogoogle
• cust exe
• customer client
• cutwail
• cve201711882
• cyber
• cyber attack
• cybercrime
• cyber security
• cyber stalking
• cyberstalking
• cyber threat
• dan.com
• dangerous
• dangeroussig
• dark
• dark consultants
• darkgate
• darklivity
• dark power
• dashboard
• database
• date
• date hash
• date mon
• dbatloader
• dch v
• dcom port
• debug
• debugger evasion
• december
• deepscan
• default
• defense evasion
• def function
• de indicators
• delete
• delete c
• depot tech
• design
• desktop
• de summary
• detection list
• detections file
• detections type
• devoted high
• dexter
• diamondfox
• diat
• digicert https
• digitaloceanasn
• directory
• discovery
• displays
• div div
• div h3
• djcodychase.com
• djvu
• dll sideloading
• dns
• dns intel
• dnsname
• dnspionage
• DNSPIONAGE
• dns replication
• dns resolutions
• dnssec
• dock
• docs pricing
• document
• document file
• document format
• dofoil
• domain
• domain address
• domain entries
• domain http
• domain name
• domainpath name
• domain related
• domain robot
• domains
• domains dropped
• domain xn
• domaiq
• dos com
• downer
• downldr
• download
• downloader
• download json
• downloadmr
• dridex
• drivertalent
• dropped
• dropper
• drweb
• dstroot
• dynadot inc
• dynadot llc
• dynamic
• dynamicloader
• e0b function
• e1082 impact
• e1203 data
• e1564 discovery
• e4609l
• ecdheecdsa
• egregor
• el0kpmhlfz
• elf collection
• elf wgetboat
• elsa jean
• email
• emailaddress
• email collection
• email document
• emails
• emotet
• Emotet
• emotet ip
• encrypt
• endpoints all
• engineering
• enigmaprotector
• entity
• entries
• equiv cache
• erase
• error
• et
• et cins
• etisalat misr
• etpro malware
• et tor
• et trojan
• europeberlin
• evasion ob0006
• evasive
• evil
• evil c
• ev server
• excel
• exe32
• executable
• execution
• exit
• expiration
• expiration date
• expired
• expires thu
• exploit
• exploitation
• exploit domain
• express
• external
• fabookie
• facebook
• facebook url
• factory
• fakealert
• fakedout threat
• falcon
• falcon sandbox
• false
• family
• fareit
• fastly
• fear
• fear factor
• february
• federation asn
• feodo
• file
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• filerepmetagen
• files
• file samples
• files domain
• files ip
• file size
• files matching
• files related
• filetour
• file type
• final
• final url
• final url summary
• find
• findwindowa
• firehol
• firehol proxy
• first
• flag
• florence co
• florida
• flow t1574
• floxif
• flubot
• follow
• font format
• footer
• forbidden
• form
• formbook
• formbook cnc
• for privacy
• found
• foundation
• frame
• framing
• france unknown
• frankfurt
• fuery
• full url
• fusioncore
• gamehack
• GameHack
• gamers
• gandi sas
• gang breached
• gecko
• general
• general full
• generator
• generic
• generic malware
• generic windos
• genkryptik
• genpack
• geoip
• germany
• germany unknown
• get h2
• get http
• getprocaddress
• get response
• ghost
• Ghost RAT
• glelexoputyh
• global domains
• gmbh version
• gmt cache
• gmtn
• gmt server
• gnu linker
• go daddy
• gone
• google
• google https
• google safe
• google url
• gpt analyzer
• graph
• graph community
• graph summary
• greater
• green
• group
• grum
• gts ca
• guard
• gui32
• hacked by phone call
• hackers
• hacking tools
• hacktool
• hallgrand
• HallGrand
• hallrender
• hash
• hashes
• hashes files
• hawkeye
• head body
• header intel
• headers
• headers date
• headers nel
• hell
• heur
• hidden cobra
• hide artifacts
• high
• high level
• highly targeted
• high process
• high security
• hijacker
• historical
• historical ssl
• history
• history killer
• hit
• hitmen
• honeypot ips
• host
• host interaction
• hostname
• hostnames
• host sinkhole
• hour ago
• hours ago
• hr rtd
• html
• html info
• html public
• http
• http attacker
• http method
• http requests
• http response
• https
• http scans
• https://otx.alienvault.com/pulse/65acace20c18a7d6c5da2e27
• http spammer
• hunting macro
• hybrid
• iana
• iana id
• iana ref
• iana special
• icedid
• icefog
• icloud
• icmp traffic
• icons library
• id
• identifier
• identity search
• ietfdtd html
• iframe
• illegal activities
• import
• impressum
• indicator
• indicator role
• indonesia
• industry_and_commerce
• info
• info compiler
• info header
• infor
• information
• infostealer
• infy
• injection
• injection t1055
• inject-x64.exe
• inmortal
• InMortal
• install
• installation
• InstallBrain
• installcore
• InstallCore
• installer
• installing
• installpack
• installs
• intel
• intellectual property theft
• intel mac
• intel malware
• interfacing
• internal
• internapblk4
• international
• internet
• internet storm
• iobit
• ioc
• iocs
• ioc search
• iocs kb
• ip address
• ip detections
• ip https
• ip related
• ip reputation
• ips collection
• ip security
• ip summary
• ip tcp
• ip traffic
• ipv4
• ipv4address
• ipv6
• issuing ca
• it consultant
• itpsolutions
• it's back
• jackpos
• january
• japan national police agency
• javascript
• jeffrey reimer
• jekyll
• json data
• js user
• jul jan
• july
• june
• katrina jade
• kb body
• kb file
• kb image
• kb script
• keitaro
• key algorithm
• keychainssrc
• keygen
• key identifier
• key info
• keylogger
• keysystems gmbh
• key usage
• kgs0
• khtml
• kimsuky
• kit exploit
• kls0
• known tor
• kraken
• labs pulses
• language
• laplasclipper
• launcher
• lazarus
• legal
• less see
• lets
• level3
• license
• life
• limited
• line
• link
• linker
• linkid252669
• linkid69157 url
• link library
• liquidweb
• litespeed
• litespeed x
• llc name
• loader
• local
• localappdata
• location united
• location virgin
• lockbit
• log id
• login
• logon autostart
• log operator
• loki
• lolkek
• look
• lookup wannacry
• los angeles
• love
• lowfi
• low software
• lsalford
• ltd dba
• lumma
• lumma stealer
• macintosh
• macros ursnif
• mailrubar
• mail spammer
• main
• major
• makefile
• makop
• malicious
• malicious host
• malicious site
• malicious url
• maltiverse
• malvertizing
• malware
• malware beacon
• malware dns
• malware hosting
• malware site
• malware spreading
• man
• manjusaka
• march
• masquerading
• matches rule
• matsnu
• maze
• media
• media center
• mediaget
• mediamagnet
• medium
• memcommit
• memory
• memory pattern
• memory scanning
• memreserve
• men
• meta
• meta http
• meta tags
• metro
• mexico
• microsoft
• migrate
• miles it
• million
• mimikatz
• mini
• mirai
• mirai 03042024
• mirai malware
• misc attack
• mitre
• Mitre
• mitre att
• mitre attack
• mitre attk
• model
• modernizr
• modify system
• mohammed zourob
• mommy
• monitoring
• mon jul
• moved
• mozilla
• mr windows
• msie
• ms visual
• ms windows
• ms word
• mtb may
• mtb sep
• mtb showing
• mtsub26293293
• mumblehard
• murderers
• mutex
• my boy dan
• name
• namecheap
• namecheap inc
• name md5
• name server
• name servers
• name size
• name value
• name verdict
• nanocore
• nanocore rat
• Nanocore RAT
• national police agency japan
• ndicator role
• net108
• net1080000
• nethandle
• netlify
• netlify edge
• netrange
• netwire
• network
• network ascii text
• network capture
• network hijacks
• network_icmp
• network pty
• networm
• Networm
• neutrino
• new ioc
• next
• Nextray
• nginx
• nib files
• nircmd
• nivdort
• njrat
• no data
• node tcp
• node traffic
• no expiration
• nokoyawa
• no na
• no no
• november
• nuance
• nubile cowgirl
• null
• number
• nxdomain
• nymaim
• ob0005 defense
• ob0007 system
• ob0012 hide
• observed dns
• observed email
• oc0008
• occamy
• Occamy
• ocomodo ca
• ocsp
• october
• octoseek
• octoseek report
• office depot
• olet
• ollydbg
• open
• opencandy
• open path
• orgabusehandle
• orgabusephone
• orgabuseref
• organization
• orgdnshandle
• orgdnsref
• org domains
• orgid
• orgtechhandle
• orgtechref
• os2 executable
• os x
• otx octoseek
• outbreak
• overlay
• override
• overview domain
• ovh sas
• owner exploit
• owotrus ca
• p2404
• packet
• packing t1045
• panama
• panda
• param
• parameters
• parent
• parent domain
• parking payload
• passive dns
• password
• Password
• password bypass
• paste
• patcher
• path
• pattern
• pattern domains
• pattern match
• pattern url
• pattern urls
• payload
• payment
• pbiptbmvd0k4
• pcap
• pcidump rasman
• pdb path
• pdf document
• pdf report
• pe32
• pe32 compiler
• pe32 linker
• pe32 packer
• pegasus
• pe resource
• persistence
• pe section
• phase
• phi
• phish
• phishing
• phishing site
• phishtank
• phone hacking
• phonenumber
• php logo
• pii
• piiexposure
• piracy
• pjp3sltkz
• plasma
• playgame
• play ransomware
• please
• poison
• policy
• ponmocup
• pony
• poor reputation
• porkbun llc
• porn
• possible
• post
• post http
• postitem
• powershell
• pragma
• precondition
• prefetch1
• prefetch8
• premium
• presenoker
• privacy
• privacy admin
• privacy billing
• privacy service
• privacy tech
• probe
• process details
• processes tree
• process t1543
• products id
• program
• protocol h2
• proton
• proxy
• psexec
• psiusa
• pte ltd
• pt mora
• pty ltd
• public url
• puffy nipples
• pulse
• pulse pulses
• pulses
• pulses hostname
• pulses http
• pulses otx
• pulse submit
• pulses url
• pulse use
• push
• pykspa
• Pyscpa
• python
• python connection
• python software
• q0gpyr1balpdgpo
• qakbot
• qbot
• qdkxgr24yz
• qtsas
• quasar
• quasar rat
• quasi
• query
• raccoonstealer
• ramnit
• ransom
• ransomexx
• ransomware
• ransomware gang
• raspberry robin
• rat
• raven
• react app
• read
• read c
• record type
• record value
• redacted for
• redirect
• redirect chain
• redirme
• redline
• redline stealer
• redlinestealer
• RedlineStealer
• redrum
• red team
• referer
• referrer
• refresh
• regbinary
• regdword
• region create
• region update
• registrant name
• registrar
• registrar abuse
• registrar iana
• registry admin
• registry keys
• regsetvalueexa
• reinsurance
• relacion
• relacionada
• related pulses
• related tags
• relay
• relayrouter
• relic
• remcos
• remcosrat
• remote
• remote attackers
• remote cnc
• remote system
• renos
• replacement
• replication
• report spam
• reputation ip
• request
• request chain
• research group
• resolutions
• resource
• resource hash
• resource path
• response
• restart
• restrict
• Retail
• retaliation
• reverse dns
• review
• rexxfield
• ripe ncc
• ripe network
• riskware
• river.rocks
• role title
• root
• root ca
• rostpay
• roundup
• rows
• r processes
• ruby logo
• runescape
• runtime process
• russia unknown
• rust
• ryuk ransomware
• sabey
• sabey data centers
• sabey tooth group
• sabey type
• safebae
• safe site
• sakula rat
• sale
• salford
• sality
• sample
• samplepath
• samples
• sandbox
• san francisco
• sat jul
• sav.com
• scalaxy
• scan endpoints
• scottsdale
• script
• script endif
• script script
• script urls
• sdhyzbh7v
• sdhyzbh7v http
• search
• search live
• secrets llc
• secrisk
• sectigo https
• secure server
• security tls
• september
• server
• server ca
• servers
• service
• service company
• service privacy
• services
• serving ip
• seznam
• sha1
• sha256
• shell
• shell code
• shell commands
• shelltraywnd
• show
• showing
• show process
• show technique
• show technique span
• siblings
• side3studios
• sides with
• silly
• simda
• simple
• singlehopllc
• site
• sites
• site safe
• site top
• size
• skynet
• slavegirl
• slcc2
• slingshot
• small
• smartfolder
• smithtech
• smoke loader
• smsspy
• snatch
• sneaky server
• sniffs
• software
• software caddy
• source browser
• source file
• source level
• spam https
• spammer
• span
• span div
• span svg
• spawns
• speakez securus
• speed
• spitmo
• splitcount
• spotify artist
• spyder
• spyeye
• spyware
• sqli dumper
• squarespace
• srcroot
• sreredrum
• ssh on server
• ssl certificate
• sslcertificate
• ssl hostname
• stack
• startpage
• start service
• state
• status
• status code
• status codes
• status page
• stealer
• Stealer
• stealthyness
• steam
• steganography
• stix
• stop service
• stream
• strings
• subdomains
• subid
• subject
• subject public
• submit
• submit quasar
• submitters
• suite
• summary
• summary iocs
• summary leaf
• suppobox
• SuppoBox
• suricata ipv4
• susp
• suspicious
• suspicous ip
• swrort
• system
• systemid object
• systweak
• t1063
• t1189 found
• T1622 - Debugger Evasion
• ta0004 process
• tag count
• tagging
• tag manager
• tags
• tag tag
• targetdisk
• targeting
• targets
• td td
• team
• team alexa
• team internet
• team phishing
• teams
• teams api
• team top
• tech
• tech country
• tech email
• technical city
• technology
• teen porn
• telecom
• telefonica co
• telegram strong
• temp
• theft
• the site
• this site
• threat
• threat analyzer
• threat report
• threat roundup
• threats
• threats et
• thu apr
• tiggre
• timestamp entry
• tinba
• title
• title added
• title error
• tld count
• tls sni
• tls web
• t matrix
• tmobile
• tofsee
• Tofsee
• tools
• top destination
• top source
• tor known
• tor relayrouter
• tour
• trace
• tracker
• tracking
• traffic
• trang ch
• tree
• trickbot
• trim
• triple mirrors
• trojan
• Trojan
• trojanclicker
• trojan features
• trojanspy
• TrojanSpy
• trojanx
• tr tr
• trust
• tsara brashears
• ttl value
• tucows
• tulach
• twitter
• type
• type data
• type indicator
• type mimetype
• type name
• typeof e
• uaaa
• UAlberta
• ubuntu
• UK
• uk collection
• ukraine
• ul div
• umbrella rank
• unauthorized
• unicode text
• union
• united
• united kingdom
• United states
• univjos
• unknown
• unknown urls
• unknown win
• unlocker
• unruy
• unsafe
• updater
• url
• url analysis
• url http
• url https
• urls
• urlshortner dec
• urlshortner sep
• urls http
• urls https
• url summary
• urls url
• url text
• ursnif
• usbank
• usd twitter
• user
• user agent
• userrecovery
• utc google
• utc gtmsxrf
• utc submissions
• v2 document
• v3 serial
• v4us
• v51845481
• valid
• value
• variables
• vawtrak
• verdict
• verify
• verizon feed
• veryhigh
• videosdewebcams
• vipre
• virgin islands
• virtool
• virus network
• virustotal
• virut
• visit
• vs2003
• vskimmer
• vt graph
• vt report
• waaa
• wacatac
• warbot
• webico company
• web open
• webp
• webshell
• webtoolbar
• WebToolbar
• webzilla
• weeks ago
• westlaw
• whitelisted
• whois
• whois file
• whois lookup
• whois lookups
• whois record
• whois registrar
• whois sslcert
• whois whois
• who's driving
• widget
• win16 ne
• win32
• win32 dynamic
• win32 exe
• win32mydoom sep
• win32pcmega jan
• win32upatre may
• win64
• windir
• window
• windows
• windows nt
• windows service
• windows startup
• wiper
• withheld
• workaposter
• workers compensation
• worm
• worn
• wow64
• write
• write c
• writes a pe file header to disc
• writes data to a remote process
• x509v3 subject
• x8bxe5
• x8i string
• xobo
• xor ddos
• xorddos
• xport
• xrat
• xserver
• xtrat
• xtreme
• xvideos
• y3i string
• yaaa
• yara detections
• yara rule
• yoa https
• youth
• z6s3i
• z6s3i string
• z6s3i y3i
• zbot
• zeus
• zeus gameover
• zfglddkl58a url
• zpevdo

MITRE ATT&CK TTPs

• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1010 - Application Window Discovery
• T1012 - Query Registry
• T1014 - Rootkit
• T1018 - Remote System Discovery
• T1023 - Shortcut Modification
• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1033 - System Owner/User Discovery
• T1035 - Service Execution
• T1036.004 - Masquerade Task or Service
• T1036 - Masquerading
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1045 - Software Packing
• T1047 - Windows Management Instrumentation
• T1049 - System Network Connections Discovery
• T1053 - Scheduled Task/Job
• T1055.012 - Process Hollowing
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.003 - Windows Command Shell
• T1059.005 - Visual Basic
• T1059.006 - Python
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1063 - Security Software Discovery
• T1065 - Uncommonly Used Port
• T1068 - Exploitation for Privilege Escalation
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.002 - File Transfer Protocols
• T1071.003 - Mail Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1090 - Proxy
• T1095 - Non-Application Layer Protocol
• T1096 - NTFS File Attributes
• T1100 - Web Shell
• T1102 - Web Service
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1107 - File Deletion
• T1110.002 - Password Cracking
• T1110 - Brute Force
• T1111 - Two-Factor Authentication Interception
• T1112 - Modify Registry
• T1113 - Screen Capture
• T1114.002 - Remote Email Collection
• T1114 - Email Collection
• T1119 - Automated Collection
• T1122 - Component Object Model Hijacking
• T1125 - Video Capture
• T1129 - Shared Modules
• T1132 - Data Encoding
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1155 - AppleScript
• T1156 - Malicious Shell Modification
• T1176 - Browser Extensions
• T1179 - Hooking
• T1189 - Drive-by Compromise
• T1199 - Trusted Relationship
• T1203 - Exploitation for Client Execution
• T1204 - User Execution
• T1210 - Exploitation of Remote Services
• T1213 - Data from Information Repositories
• T1218 - Signed Binary Proxy Execution
• T1222 - File and Directory Permissions Modification
• T1408 - Disguise Root/Jailbreak Indicators
• T1421 - System Network Connections Discovery
• T1422 - System Network Configuration Discovery
• T1427 - Attack PC via USB Connection
• T1428 - Exploit Enterprise Resources
• T1429 - Capture Audio
• T1444 - Masquerade as Legitimate Application
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1485 - Data Destruction
• T1491 - Defacement
• T1496 - Resource Hijacking
• T1497.001 - System Checks
• T1497 - Virtualization/Sandbox Evasion
• T1518.001 - Security Software Discovery
• T1518 - Software Discovery
• T1543 - Create or Modify System Process
• T1546 - Event Triggered Execution
• T1547.001 - Registry Run Keys / Startup Folder
• T1547 - Boot or Logon Autostart Execution
• T1552.001 - Credentials In Files
• T1552 - Unsecured Credentials
• T1553.002 - Code Signing
• T1553 - Subvert Trust Controls
• T1555.003 - Credentials from Web Browsers
• T1555 - Credentials from Password Stores
• T1560 - Archive Collected Data
• T1562 - Impair Defenses
• T1563 - Remote Service Session Hijacking
• T1564 - Hide Artifacts
• T1566 - Phishing
• T1568.002 - Domain Generation Algorithms
• T1568 - Dynamic Resolution
• T1569 - System Services
• T1573 - Encrypted Channel
• T1574.006 - Dynamic Linker Hijacking
• T1574 - Hijack Execution Flow
• T1583.001 - Domains
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1598 - Phishing for Information
• T1600 - Weaken Encryption
• T1602.002 - Network Device Configuration Dump
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0009 - Collection
• TA0011 - Command and Control
• TA0030 - Defense Evasion
• TA0034 - Impact
• TA0037 - Command and Control
• TA0040 - Impact

Passive DNS

• csccgamingwebsite.link

Attack Log References

Whois Information