104.18.98.194 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.18.98.194 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Noticed: 50 times
• Protocols Attacked: Anonymous Proxy
• Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, France, Georgia, Germany, Guatemala, Indonesia, Japan, Mexico, Netherlands, Panama, Philippines, Poland, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Tanzania United Republic of, Trinidad and Tobago, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Open Ports: 2053, 2082, 2083, 2086, 2087, 2096, 80, 8080, 8443, 8880
• Tor Node: No
• Associated Malware Samples: 5

Tags

• 103 read
• 114.114.114.114
• 1996
• 443 ma2592000
• aaaa
• accept
• accept ch
• access
• access ta0006
• acint
• active threats
• activity
• activity mirai
• adaptivebee
• address
• address domain
• address virtual
• adload
• admin country
• adobe help
• a domains
• adult content
• adversaries
• advocates ensure the rights of others
• adware
• adware affiliate
• aes256gcm
• af81 http
• age flash
• agent
• agent tesla
• agenttesla
• aig
• airpods tv
• akamaias
• akamaiasn1
• Alberta
• Alberta Doctors
• Alberta Health Services
• Alberta Medical Association
• Alberta NDP
• Alberta UCP
• albert harrill
• alerts
• alexa
• alexa top
• algorithm
• a li
• alibaba cloud
• alienvault
• alienvault results removed from search results
• all octoseek
• all scoreblue
• all search
• amazon02
• amazonaes
• america?
• america asn
• analysis date
• analysis no
• analytics na
• analyze
• analyzer threat
• anchor hrefs
• android
• android overlay
• anti-detection
• a nxdomain
• anyxxxtube
• apache
• apostle
• appdata
• apple
• apple card
• apple id
• appleid
• apple ios
• apple og
• apple phone
• apple private
• apple store
• apple trade
• apple tv
• apple watch
• april
• argon data
• arizona
• army
• artemis
• artro
• as11042
• as131392
• as133618
• as13768 aptum
• as13789
• as14061
• as14315
• as14576
• as15169
• as15169 google
• as16276
• as16509
• as16625 akamai
• as1921
• as19237 omnis
• as20068 hawk
• as20546 soprado
• as206834 team
• as20940
• as212913 fop
• as22075
• as22169 omnis
• as22489
• as3209 vodafone
• as3359
• as38731 vietel
• as397240
• as397241
• as43350 nforce
• as44273 host
• as45102 alibaba
• as47846
• as49453
• as54113
• as54455 madeit
• as55286
• as55688 pt
• as60558 phoenix
• as61969 team
• as62597 nsone
• as63949 linode
• as6724 strato
• as7018 att
• as7552
• as7552 viettel
• as797 att
• as8075
• as852
• ascii text
• ascio
• asn as55688
• asnone
• asnone united
• assaulted by man demanding phone
• assign function
• asyncrat
• attack
• attacker
• attorney
• august
• australia
• austria unknown
• auth
• authentihash
• authority
• autoit
• autoit windows
• automation tool
• autorun
• available from
• avast avg
• av detection
• av detections
• awful
• azorult
• azorult cnc
• azure tls
• baaa
• babelpolyfill
• back
• backdoor
• bandit stealer
• bandoo
• bank
• banker
• banking
• bashlite
• basic
• b body
• behav
• behavior tags
• beijing
• benjamin
• b file
• bill
• binary
• binary data
• binder
• bing ads
• bitrat
• bitrep
• black
• blackbag
• blackievirus.com
• blacklist
• blacklist http
• bladabindi
• blister
• blood
• body
• body length
• boolean
• boomrapikey
• boomr function
• boomrmq string
• boost mobile
• borland delphi
• botnet
• Botnet
• botnet command and control
• bot networks
• br
• bradesco
• brashears
• brashears blacklisted
• brashears bullied to return to PT due to workers compensation ru
• brashears cannot digest food
• brashears can't toilet
• brashears denied disability benefits for years
• brashears denied vocational rehab twice
• brashears family identity theft
• brashears further injured
• brashears given less than $10000 by Brian sabey
• brashears stalked
• brashears tagged in adult content - not removed
• brashears unable to properly articulate
• brashears unhirable due to online profile
• breast cancer
• brian
• brian sabey
• Brian sabey brings case to silence brashears
• brian sabey constant contact ) threats
• brontok
• bryan counts made aware of recordings
• bundled
• burg simpson corruption
• buy apple
• bv6fet56ww
• c++
• C2
• caaa
• cab
• caca
• caca4baaa
• cacf
• caea
• callback function
• canada unknown
• cancel anytime
• cape
• car hacking
• cbe cnalphassl
• cc linker
• cellbrite
• center
• certificate
• chaos
• chase personal
• checkbox
• chi2
• child pornographer
• china as37963
• china as4134
• china cobalt
• china education
• china telecom
• china unicom
• chrome
• cisco umbrella
• City of Edmonton
• ck id
• ck matrix
• class
• cleaner
• click
• close
• cloudflare
• cloudflarenet
• clsid read
• cname
• cnc
• CNC
• cnc feodo
• cnc server
• cnus
• co
• cobalt strike
• cobaltstrike
• code
• code signing
• coinminer
• collection
• colorado
• comcast tmobile
• com laude
• command
• command and control
• communicating
• communication
• community score
• comodo security
• company limited
• compiler
• computer
• computing
• conduit
• cong ty
• conhost
• Connect Care
• connection
• constant car bomb threats
• contact
• contacted
• contacted urls
• contained
• content
• content type
• contextualizing
• control server
• control ta0011
• cookie
• copy
• copy md5
• copyright c
• copy sha1
• copy sha256
• core
• corruption
• country
• Covenent Health
• covid19
• covid19 scam
• cp cyber
• crack
• create
• create c
• created
• create new
• create process
• creation date
• critical
• critical risk
• cryp
• crypt
• crypto
• csc corporate
• ctsu
• cuba
• cus cndigicert
• cus cnmicrosoft
• cus olet
• cus subject
• customer
• cutwail
• cve202322518
• cyber crime
• cybercrime
• cyber defense
• cyber espionage
• cyber harassment
• cybersecurity
• cyber stalking
• cyberstalking
• cyber threat
• cyber warfare
• cymulate
• czech
• daddy
• da informs brashears no statute
• daisy
• daisy coleman
• danger
• dark
• darkgate
• dark power
• data
• data collection
• data redacted
• date
• date hash
• date read
• date sat
• date thu
• dat ngoc
• dau tu
• death threats
• debugger evasion
• december
• decode
• deep malware
• defacement
• default
• default page
• defense
• defense evasion
• de indicators
• delaware
• delete
• delete c
• delete registry
• delnoderundll32
• delphi
• delphi generic
• delphi programming
• denied healthcare
• denied trackers
• denver
• Denver trial attorneys tell brashears statute is 6 years in colo
• description
• desktop
• detection list
• detections file
• detections type
• detplock
• deuteronomy 28:7
• dev
• developer
• DGA
• diamondfox
• digitaloceanasn
• disability
• discovery
• discrimination
• djvu
• dlls
• dns
• dns lookup
• dnspionage
• dns replication
• dns resolutions
• dnssec
• dock
• doctype
• document
• document file
• dofoil
• domain
• domain abuse
• domain check
• domain name
• domain related
• domain robot
• domains
• domain scam
• domains domain
• domains domains
• domains dropped
• domains files
• domainsite
• dos borland
• dos exe
• dos executable
• dostawa
• downer
• downldr
• download
• download csv
• downloader
• download json
• dridex
• dropbox
• dropped
• dropper
• duck duck
• dumping t1003
• duo insight
• dynadot
• dynadot inc
• dynadot llc
• dynamic expires
• dynamicloader
• echobot
• echobot malware
• Edmonton Police Services
• EduRoam
• efq78c
• egw7od
• el0kpmhlfz
• elderly
• elevated exposure
• elf64 data
• elf collection
• elf executable
• elf info
• elf wgetboat
• email
• emails
• emotet
• employer rightfully consider brashears attack a risk to others
• empty hash
• @emreimer
• en3i8d
• encodedpixel
• encrypt
• encrypt cnr10
• engineering
• english
• enjoy
• entity
• entries
• enumerate
• enumerates
• error
• etag
• eternalblue
• etpro malware
• eurodns sa
• europeberlin
• evader
• evasion ob0006
• evasive
• excel
• exec
• executable
• executable file
• executed by usa
• execution
• expiration
• expiration date
• expiressat
• expl
• exploit
• exploit source
• extended key
• external-resources
• facebook
• factory
• fakealert
• falcon sandbox
• false
• false criminal records created about brashears
• false file
• falsified medical records
• fareit
• february
• file
• file execution
• filehash
• filehashmd5
• filehashsha1
• filehashsha256
• files
• file score
• files domain
• files files
• file sharing
• files ip
• files referring
• files related
• file system
• filetour
• file type
• final
• final url
• find
• first
• fjlsedauv
• flag
• flags
• flash player
• floxif
• flubot
• footer
• forbidden
• formbook
• for privacy
• found
• framing
• france unknown
• frankfurt
• fraud apple support chats
• fraud service
• fraud services
• fraud urls
• free
• fri mar
• from
• full name
• fusioncore
• g2 oglobalsign
• gandcrab
• gandcrab dns
• gandi sas
• gecko
• gecko response
• general
• general full
• generator
• generic
• generic malware
• generic windos
• genkryptik
• geoip
• germany
• germany unknown
• get autoit
• get dns
• get hello
• get http
• get https
• getprocaddress
• ghost
• ghost rat
• gifts
• gmbh version
• gmt connection
• gmt contenttype
• gmt server
• gmt setcookie
• gmt vary
• goldfinder
• gone
• google
• google tag
• google update
• gootloader
• gopher
• grandoreiro
• graph
• graph community
• graph summary
• greatcall
• green
• group
• group hacked esurance
• group hacked intermountain healthcare
• group hacked uchealth colorado
• grum
• hacked by phone call
• hackers
• hackers for hire
• hacking
• hacktool
• hallrender
• hall render denver
• hash
• hashes
• head body
• header class
• header intel
• headers
• headers nel
• header target
• header version
• healthone
• health phone
• hello
• heodo
• heur
• hidden
• hidden privacy
• high
• highest
• highest c
• high level
• highly targeted
• hijacker
• historical
• historical ssl
• hitmen
• home pg
• hong kong
• hostile
• hostname
• hostnames
• hourly rl
• hrefs
• hr rtd
• hsbc
• html
• html document
• html info
• html internet
• html iu3
• http
• http header
• http method
• httponly
• http request
• http requests
• http response
• https
• hunk
• hybrid
• hydrocephalus not disclosed
• i6ydgd
• iana id
• icloud
• ico mainicon
• icons library
• ico rtgroupicon
• id
• identifier
• identity theft
• ids detections
• iextract2
• iframe
• iframes
• ii llc
• imphash
• import
• impressum
• inbound
• inc hash
• indextab og
• indian mix brashears physically attacked often followed
• indicator
• indonesia
• industry and commerce
• info
• info access
• info compiler
• infor
• information
• informative
• info sections
• infrastructure
• initial access
• injector
• inmortal
• insight tag
• installation
• installcore
• installer
• installing
• installpack
• intel
• internal
• internal name
• Internet Explorer
• iobit
• iocs
• ioc search
• ios
• ip address
• ip addresses
• ip detections
• iphone unlocker
• ip reputaion
• ip summary
• ip traffic
• ipv4
• ireland unknown
• issuer
• issuer urls
• issuing ca
• iz1fbc
• izt63
• ja3s
• january
• japan
• javascript
• javascript jac
• jaws webserver
• jeffrey reimer dpt 'reported' assaulter
• jeffrey reimer pt
• jeffrey reimer was reported early
• jekyll
• jfif standard
• jpeg image
• json sample
• judge sided with brashears
• july
• june
• just
• k0pmbc
• kangen
• karen
• kb body
• kb file
• kde
• key algorithm
• keygen
• key identifier
• key info
• keylogger
• kgs0
• khtml
• kidney cancer
• kls0
• konqueror
• kratona
• kum7z
• kyriazhs1975
• language
• larimer st
• latest
• law
• layer protocol
• lazarus
• lcc linker
• lcid1033
• learn
• legacy
• legal
• length
• lenovo
• level
• level3
• life
• limited
• link
• linker
• link library
• linux
• lively
• liver cancer
• llc name
• loader
• local
• localappdata
• local law enforcement
• location lao
• location viet
• loccel1
• lockbit
• logistics
• logo analysis
• look
• lookup
• lookups
• love
• lowfi
• ltcgc
• ltd dba
• luke
• lumma stealer
• lung cancer
• m
• machine intel
• magic elf
• magic msdos
• magic pe32
• main
• major
• make others aware
• makop
• malice
• maliciosa
• malicious
• malicious site
• malicious url
• maltiverse
• malvertizing
• malware
• malwarebazaar
• malware beacon
• malware generic
• malware host
• malware hosting
• malware ransom trojan evader rat
• malware site
• malware spreading evader
• march
• mark brian sabey
• markmonitor
• masquerade
• matches rule
• matsnu
• maxage31536000
• maze
• mb opera
• md5 chi2
• mdm hacking
• media
• media center
• mediaget
• mediamagnet
• medical center
• medium
• memcommit
• memory pattern
• merkd1904
• meta
• meta tags
• meterpreter
• metro
• metro t-mobile
• mexico
• microsoft
• microsoft root
• microsoft stuff
• mile high media
• milehighmedia
• million
• mime
• mimikatz
• mind
• miner
• mini
• Ministry of Advanced Education
• Ministry of Health
• Ministry of Tech & Innovation
• mirai
• mirai 04022024
• mirai malware
• mirai variant
• missouri
• mitre
• mitre att
• model
• modify access
• module load
• monitoring
• montano threatened brashears with breaking the law if not return
• most viewed
• move
• moved
• mpgph131 hr
• mpgph131 lg
• msclkidn
• msie
• msil
• ms visual
• ms windows
• ms word
• mtb dec
• mtb jan
• mtb may
• mvpower dvr
• name
• name md5
• name microsoft
• name server
• name servers
• name tactics
• name verdict
• name virtual
• nanocore
• nanocore rat
• nciipc
• neill positively identified - no charges
• netherlands
• netlify
• netlify edge
• netsupport rat
• network
• network ascii text
• network rats
• networm
• neutral
• new ioc
• next
• nginx
• nircmd
• njrat
• nobits
• no charges
• no data
• no expiration
• nokoyawa
• noname057
• non stop harassment
• no problems
• nothing new
• null
• number
• nxdomain
• nymaim
• ob0002 defense
• obz4usfn0 http
• oc0001 process
• oc0003 data
• occamy
• ocsp urls
• october
• odigicert inc
• office open
• offset size
• onlogon rl
• open
• opencandy
• orkut
• orsam
• os2 executable
• os abi
• os credential
• otx
• otx scoreblue
• otx telemetry
• outbound
• outbreak
• overlay
• overly large campaign
• override
• overview dns
• pa
• panda
• parent domain
• parent referrer
• parking crew
• passive dns
• password
• password bypass
• paste
• patcher
• path
• pattern ips
• pattern match
• paul
• payment
• paypal
• pcap
• pdf community
• pdf report
• pe32
• pe32 compiler
• pe32 executable
• pe32 linker
• pe32 packer
• pe64 compiler
• peexe c
• pegasus
• pegasus attackers do kill
• pegasus attackers make in person contact
• pegasus involves malicious actions by humans
• pegasus technology disallows victim to report to regulatory boar
• pe resource
• performs dns
• permanent damage
• persistence
• personal data
• petite
• phi
• phishing
• phishing chase
• phishing google
• phishing site
• phishtank
• phone hacking
• phonenumber
• pii
• play
• player
• playgame
• please
• plesk
• plesk a
• plugins
• plugx
• pony
• porkbun llc
• porn
• pornhub
• porn videos
• portugal
• possible
• postal code
• post http
• powershell
• pragma
• prefetch1
• prefetch8
• presbyterianst
• presenoker
• privacy
• privacy create
• privacy inc
• privacy update
• private investigators tailed stalkers. became afraid when learni
• privilege escalation
• probe
• problem
• problems
• process
• process32nextw
• processes tree
• productname
• products
• products id
• progbits
• Program Files
• project
• prostate cancer
• protect
• protocol h2
• protocol t1071
• protocol t1095
• proton
• proxy
• psexec
• psiusa
• pty ltd
• public key
• public url
• pulse pulses
• pulse submit
• pulse use
• push
• python connection
• q0gpyr1balpdgpo
• qakbot
• qbot
• qdkxgr24yz
• quasar
• quasi case
• query
• raccoonstealer
• radar ineractive
• ramnit
• ransom
• ransomexx
• ransomware
• Ransomware
• rat
• rat trojan
• read c
• recon
• recordings demanded
• recordings retrieved by bgp
• recordings storedonline
• record type
• record value
• redacted
• redacted for
• redline
• redline stealer
• redlinestealer
• red team
• referer https
• referrer
• refresh
• regdword
• registrant fax
• registrant name
• registrar
• registrar abuse
• registry
• registrya
• registry keys
• regopenkeyexw
• regsetvalueexa
• regsz
• reimer promoted
• reimer protected and hidden
• reimer recorded
• relacionada
• relacionada con
• related
• related pulses
• relations apple
• relic
• remcos
• remember george floyd? brashears survived that injury
• remote
• remote access trojan
• remote attack
• remote cnc
• replacement
• request
• requests domain
• resolutions
• resolved ips
• resource hash
• resources cyber
• restart
• retaliation
• reverse dns
• rich pe
• risk assessment
• riskware
• river.rocks
• rms
• rob neill drives brashears off road
• Rogers
• root ca
• rostpay
• round
• roundup
• rsa public
• rsa sha256
• rstunf
• rticon english
• rticon neutral
• runescape
• runtime modules
• runtime process
• russia unknown
• rust
• rwi dtools
• sabey
• sabey data centers
• sabey motions dismissed
• safebae
• safebae.org
• safe site
• sality
• sameorigin
• samesite=none
• samesitenone
• sample
• samplepath
• samples
• sarcoma
• scammer
• scan analysis
• scan endpoints
• scanning host
• score
• score clean
• script
• scripts
• scriptsrcelem
• script urls
• sdn bhd
• search
• secrisk
• security
• security center
• security tls
• self
• september
• serial number
• server
• server apple
• server auth
• server ca
• servers
• service
• service privacy
• services
• serving ip
• set file
• setup
• sex_phot.jpg.exe
• seznam
• sha1
• sha256
• sha256 code
• sha256 file
• sha2 secure
• sharecare
• shell
• shell code
• shell commands
• shell folders
• shell uce
• shinjiru msc
• shit
• show
• showing
• show process
• show technique
• show technique span
• shutdown system
• siblings
• siblings domain
• sibot
• siem compliance
• signing ca
• silly
• simda
• simplified
• sim unlock
• singapore
• sinkhole
• site
• size
• size426kib type
• size45b type
• size entropy
• size raw
• skin cancer
• skip
• skynet
• slcc2
• smlen
• smoke loader
• smokeloader
• snatch
• sneaky server
• soa nxdomain
• soc http
• soc https
• social engineering
• software
• solutions
• sp1 build
• spammer
• span
• spawns
• spn647
• spoof
• spsfsb
• spyware
• squirrelwaffle
• ssdeep
• ssdp
• ssl cert
• ssl certificate
• st201601152
• staged data
• stalker
• stalkers
• stamping
• startpage
• state and governments cover white offender jeffrey reimer
• status
• status code
• status page
• stealer
• stealthy
• stealthyness
• steam route
• strike
• strings
• strong
• strtab
• stus
• stwa lredmond
• style
• subdomains
• subid
• subject
• subject key
• subject public
• submitters
• suite
• summary
• summary iocs
• suppobox
• survivor
• suspicious
• suspicious c2
• suss
• switch dns
• swrort
• symantec sha256
• symantec time
• system
• system46606
• system oc0008
• systemroot
• systweak
• sysv
• t1046 sends
• t1082
• t1129
• ta0007 network
• ta0008 command
• tad436770
• tag count
• tag manager
• taobao network
• targeting
• targeting tsara brashears
• targets
• targets sa
• tcp traffic
• team
• team phishing
• teams
• teams api
• tech email
• telecom
• telefonica
• telefonica co
• Telus
• temp
• text
• text c
• text/html
• thor
• threat
• threat analyzer
• threat network
• threat report
• threat round
• threat roundup
• threats
• threat score
• threats et
• through the nights
• thu apr
• thumbprint
• tiggre
• title
• title access
• title apple
• tls sni
• tlsv1 apr
• t-mobile
• tmobileas21928
• tnhh quan
• tofsee
• tool
• tools
• top rated
• tracker
• tracker malware
• trackers
• tracking
• treats
• Treaty 6
• Treaty 7
• Treaty 8
• trid dos
• trid elf
• trim
• trojan
• trojandropper
• trojanspy
• trojanx
• TrojanX
• true defense
• tsara
• tsara brashears
• ttl value
• tucows
• tue dec
• tulach
• tulach.cc
• t whois
• twitter
• type
• type address
• type data
• type rtrcdata
• uaaa
• UAlberta
• ukraine
• unauthorized
• unclejohn
• unicode text
• unified layer
• united
• united kingdom
• United Nurses of Alberta
• University of Calgary
• unix
• unknown
• unlocker
• unruy
• unsafe
• #unsigned
• updater
• upgrade
• url
• url analysis
• url collection
• url http
• url https
• urls
• url scan
• urls http
• urls https
• urls latest
• url summary
• urls url
• ursnif
• usa
• usage
• us autonomous
• us bundled
• use collection
• useragent
• userprofile
• utc entry
• utc gcfezl5ynvb
• utc google
• utc linkedin
• utc na
• utc submissions
• utf8 text
• v2 document
• v3 serial
• valid from
• validity
• value
• variables
• variant sides
• vault
• ver2
• verified
• verify
• verisign time
• version
• vhash
• vidar
• videos
• vids1
• viet nam
• vietnam
• vietnam unknown
• viewer file
• views
• virtool
• virustotal
• virut
• v object
• vs2003
• vs2005
• vs2008
• vs98
• vt graph
• vt report
• waaa
• wacatac
• watch
• watch vision
• webshell
• webtoolbar
• wed jan
• westlaw
• #wextract
• wextract
• whitelisted
• who else is unheard.
• whois
• whois record
• whois sslcert
• whois whois
• who's driving
• wide
• widget
• win16 ne
• win32
• win32 dll
• win32 dynamic
• win32 exe
• win32sfone jul
• win64
• window
• windows
• windows get
• windows module
• windows nt
• Windows NT
• windows policy
• windows read
• wiper
• with russia
• worm
• worn
• wow64
• write
• write c
• writeconsolea
• writes a pe file header to disc
• writes data to a remote process
• written c
• wTJh.exe
• x509v3 key
• xml c
• xml spreadsheet
• xml title
• xobo
• xport
• xtrat
• yaaa
• yara detections
• yara rule
• yixun
• zbot
• zfglddkl58a url
• zip c
• zombie
• zpevdo

MITRE ATT&CK TTPs

• T1003.007 - Proc Filesystem
• T1003.008 - /etc/passwd and /etc/shadow
• T1003 - OS Credential Dumping
• T1005 - Data from Local System
• T1010 - Application Window Discovery
• T1012 - Query Registry
• T1027 - Obfuscated Files or Information
• T1029 - Scheduled Transfer
• T1031 - Modify Existing Service
• T1033 - System Owner/User Discovery
• T1035 - Service Execution
• T1036.004 - Masquerade Task or Service
• T1040 - Network Sniffing
• T1041 - Exfiltration Over C2 Channel
• T1042 - Change Default File Association
• T1043 - Commonly Used Port
• T1045 - Software Packing
• T1046 - Network Service Scanning
• T1047 - Windows Management Instrumentation
• T1053 - Scheduled Task/Job
• T1055.012 - Process Hollowing
• T1055 - Process Injection
• T1056.001 - Keylogging
• T1056 - Input Capture
• T1057 - Process Discovery
• T1059.005 - Visual Basic
• T1059.006 - Python
• T1059.007 - JavaScript
• T1059 - Command and Scripting Interpreter
• T1060 - Registry Run Keys / Startup Folder
• T1065 - Uncommonly Used Port
• T1068 - Exploitation for Privilege Escalation
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.002 - File Transfer Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1074 - Data Staged
• T1081 - Credentials in Files
• T1082 - System Information Discovery
• T1083 - File and Directory Discovery
• T1088 - Bypass User Account Control
• T1095 - Non-Application Layer Protocol
• T1100 - Web Shell
• T1105 - Ingress Tool Transfer
• T1106 - Native API
• T1110.002 - Password Cracking
• T1110 - Brute Force
• T1111 - Two-Factor Authentication Interception
• T1112 - Modify Registry
• T1114.002 - Remote Email Collection
• T1114 - Email Collection
• T1119 - Automated Collection
• T1122 - Component Object Model Hijacking
• T1129 - Shared Modules
• T1132 - Data Encoding
• T1134.004 - Parent PID Spoofing
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1158 - Hidden Files and Directories
• T1176 - Browser Extensions
• T1179 - Hooking
• T1183 - Image File Execution Options Injection
• T1184 - SSH Hijacking
• T1204 - User Execution
• T1210 - Exploitation of Remote Services
• T1213 - Data from Information Repositories
• T1218 - Signed Binary Proxy Execution
• T1408 - Disguise Root/Jailbreak Indicators
• T1415 - URL Scheme Hijacking
• T1416 - URI Hijacking
• T1421 - System Network Connections Discovery
• T1422 - System Network Configuration Discovery
• T1427 - Attack PC via USB Connection
• T1428 - Exploit Enterprise Resources
• T1429 - Capture Audio
• T1449 - Exploit SS7 to Redirect Phone Calls/SMS
• T1460 - Biometric Spoofing
• T1472 - Generate Fraudulent Advertising Revenue
• T1480 - Execution Guardrails
• T1491 - Defacement
• T1496 - Resource Hijacking
• T1497.001 - System Checks
• T1497 - Virtualization/Sandbox Evasion
• T1518 - Software Discovery
• T1528 - Steal Application Access Token
• T1539 - Steal Web Session Cookie
• T1543 - Create or Modify System Process
• T1546 - Event Triggered Execution
• T1547.001 - Registry Run Keys / Startup Folder
• T1552.001 - Credentials In Files
• T1553 - Subvert Trust Controls
• T1555.003 - Credentials from Web Browsers
• T1560 - Archive Collected Data
• T1566 - Phishing
• T1568 - Dynamic Resolution
• T1571 - Non-Standard Port
• T1573 - Encrypted Channel
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1588 - Obtain Capabilities
• T1598 - Phishing for Information
• TA0001 - Initial Access
• TA0002 - Execution
• TA0003 - Persistence
• TA0004 - Privilege Escalation
• TA0005 - Defense Evasion
• TA0006 - Credential Access
• TA0007 - Discovery
• TA0008 - Lateral Movement
• TA0009 - Collection
• TA0010 - Exfiltration
• TA0011 - Command and Control
• TA0030 - Defense Evasion
• TA0034 - Impact
• TA0037 - Command and Control
• TA0040 - Impact

Passive DNS

• www.lyst.de

Attack Log References

• anonymous-proxy-ip-list-2025-07-20

Whois Information