193.106.191.146 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 193.106.191.146 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: Russia
  • Network: AS59940 kanzas llc
  • Noticed: 17 times
  • Protocols Attacked: SSH
  • Tor Node: No
  • Associated Malware Samples: 7

Tags

  • anna paula
  • api raccoon
  • april
  • associated
  • atomic
  • back
  • browsers raccoon
  • c2 server
  • capture raccoon
  • channel raccoon
  • chat
  • chromium
  • code issues
  • collection raccoon
  • community
  • contact
  • cookie raccoon
  • currc3adculo
  • discord
  • discover
  • discovery raccoon
  • dlls
  • download
  • exodus
  • figure
  • first
  • from email
  • function
  • get na
  • github
  • github sponsors
  • hash
  • headers
  • http
  • https
  • information raccoon
  • injection raccoon
  • intelligence
  • jump
  • june
  • locale
  • malicious
  • malspam email
  • malware
  • malware-as-a-service
  • mars
  • mars stealer
  • model raccoon
  • mozilla
  • msi file
  • open
  • packing raccoon
  • procrackerz
  • protocols raccoon
  • pull
  • raccoon
  • Raccoon
  • raccoon stealer
  • raccoonstealer
  • rc4 key
  • recordbreaker
  • registry raccoon
  • runtime raccoon
  • screen
  • sha1
  • sha256
  • sign
  • size limits
  • star
  • stealer
  • Stealer
  • stealer v2
  • strong
  • system raccoon
  • telegram
  • transfer raccoon
  • tuesday
  • twitter
  • ukraine
  • urls
  • utf8
  • variable raccoon
  • view
  • virustotal
  • wiki security
  • winapi
  • zip archive

MITRE ATT&CK TTPs

  • T1005 - Data from Local System
  • T1007 - System Service Discovery
  • T1012 - Query Registry
  • T1020 - Automated Exfiltration
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1041 - Exfiltration Over C2 Channel
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1059 - Command and Scripting Interpreter
  • T1070 - Indicator Removal on Host
  • T1071 - Application Layer Protocol
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1104 - Multi-Stage Channels
  • T1105 - Ingress Tool Transfer
  • T1106 - Native API
  • T1113 - Screen Capture
  • T1119 - Automated Collection
  • T1124 - System Time Discovery
  • T1134 - Access Token Manipulation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1176 - Browser Extensions
  • T1201 - Password Policy Discovery
  • T1204 - User Execution
  • T1407 - Download New Code at Runtime
  • T1496 - Resource Hijacking
  • T1518 - Software Discovery
  • T1528 - Steal Application Access Token
  • T1539 - Steal Web Session Cookie
  • T1546 - Event Triggered Execution
  • T1547 - Boot or Logon Autostart Execution
  • T1555 - Credentials from Password Stores
  • T1559 - Inter-Process Communication
  • T1560 - Archive Collected Data
  • T1589 - Gather Victim Identity Information
  • T1592 - Gather Victim Host Information
  • T1614 - System Location Discovery

Attack Log References