193.106.191.146 Threat Intelligence and Host Information
General
This page contains threat intelligence information for the IPv4 address 193.106.191.146 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
Likely Malicious Host 🟠 60/100
Host and Network Information
-
Mitre ATT&CK IDs: T1005 - Data from Local System, T1007 - System Service Discovery, T1012 - Query Registry, T1020 - Automated Exfiltration, T1027 - Obfuscated Files or Information, T1030 - Data Transfer Size Limits, T1041 - Exfiltration Over C2 Channel, T1055 - Process Injection, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1104 - Multi-Stage Channels, T1105 - Ingress Tool Transfer, T1106 - Native API, T1113 - Screen Capture, T1119 - Automated Collection, T1124 - System Time Discovery, T1134 - Access Token Manipulation, T1140 - Deobfuscate/Decode Files or Information, T1176 - Browser Extensions, T1201 - Password Policy Discovery, T1204 - User Execution, T1407 - Download New Code at Runtime, T1496 - Resource Hijacking, T1518 - Software Discovery, T1528 - Steal Application Access Token, T1539 - Steal Web Session Cookie, T1546 - Event Triggered Execution, T1547 - Boot or Logon Autostart Execution, T1555 - Credentials from Password Stores, T1559 - Inter-Process Communication, T1560 - Archive Collected Data, T1589 - Gather Victim Identity Information, T1592 - Gather Victim Host Information, T1614 - System Location Discovery
-
Tags: anna paula, api raccoon, april, associated, atomic, back, browsers raccoon, c2 server, capture raccoon, channel raccoon, chat, chromium, code issues, collection raccoon, community, contact, cookie raccoon, currc3adculo, discord, discover, discovery raccoon, dlls, download, exodus, figure, first, from email, function, get na, github, github sponsors, hash, headers, http, https, information raccoon, injection raccoon, intelligence, jump, june, locale, malicious, malspam email, malware, malware-as-a-service, mars, mars stealer, model raccoon, mozilla, msi file, open, packing raccoon, procrackerz, protocols raccoon, pull, raccoon, Raccoon, raccoon stealer, raccoonstealer, rc4 key, recordbreaker, registry raccoon, runtime raccoon, screen, sha1, sha256, sign, size limits, star, stealer, Stealer, stealer v2, strong, system raccoon, telegram, transfer raccoon, tuesday, twitter, ukraine, urls, utf8, variable raccoon, view, virustotal, wiki security, winapi, zip archive
-
View other sources: Spamhaus VirusTotal
- Country: Russia
- Network: AS59940 kanzas llc
- Noticed: 17 times
- Protocols Attacked: SSH
Malware Detected on Host
Count: 7 ae0907b53b31315aee54612fc451b914f6decb0795f8955a1f4a35aeccbf2c5a ce79cce6a2b5bfeece99a073f8da768e14b577a9feea0d3d9342aef9cb3ae3be d81620ec69feb5e745b23dacc25b874cef4db7b0daeaefbdb739300838f4d343 5154cd7e81ce87e3f5522358854b1d5de0518bb47932449f4733c4974e2f55d4 d75d7b0534ff648f16f5751be79a2c23158b6412a780180aec78c77c7e95071d 28455b1a0b29240e95877cff96528b3a196f0cf3a63d9980dc70349cdc0e1e74 79103532395036c14b755d90f9cacfdec6b588f1b031a7cba936c1b9d2ef3b51