194.67.109.164 Threat Intelligence and Host Information

Jan 10, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 194.67.109.164 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1067 - Bootkit, T1090 - Proxy, T1102 - Web Service, T1104 - Multi-Stage Channels, T1110 - Brute Force, T1112 - Modify Registry, T1113 - Screen Capture, T1140 - Deobfuscate/Decode Files or Information, T1199 - Trusted Relationship, T1218 - Signed Binary Proxy Execution, T1219 - Remote Access Software, T1484 - Domain Policy Modification, T1485 - Data Destruction, T1490 - Inhibit System Recovery, T1497 - Virtualization/Sandbox Evasion, T1547 - Boot or Logon Autostart Execution, T1553 - Subvert Trust Controls, T1561 - Disk Wipe, T1564 - Hide Artifacts, T1566 - Phishing

  • Tags: 2022, actinium, alertinfo, alliance, appdata, APT, armageddon, asyncrat, august, august stealer, body, button, cluster, code, contact, copy, crackmapexec, c server, Cyclops, cyclopsblink c, ddos, defender, desktop, deviceid, domain, dword, enterprise, explore, explorer, filehashmd5, footer, form, formbook, g0047, gafgyt, Gamardeon, gamaredon, gamaredon group, geopolitical conflict, ghostwriter, github, header dropdown, HermeticWiper, install, iocs, iocs cluster, ip address, ip addresses, IsaacWiper, june, kernel32, later, lazagne, link, main, malware, meta, microsoft, mimikatz, mirai, mori backdoor, mstic, muddywater, open, palo alto, PartyTicket, path, poshc2, powerpunch, powershell, powersploit, powerstats, powgoop, primitive bear, primitivebear, Primitive Bear, pteranodon, pterodo, pupy, pupyrat, qakbot, quietsieve, raccoon, ransomware, razy, redrum, reload, remcom, repository, runprogram, russia, s0147, samples, sc minute, script, service, sha256, shuckworm, slapstick, span, star, stealer, symantec, team, template, trickbot, tsunami, ukraine, unc1151, unit, userprofile, vbs, vbscript, vbscript b, vbs file, virustotal, vnc client, vnc domains, vnc samples, whispergate, WhisperGate, wildfire, wiper

  • View other sources: Spamhaus VirusTotal

  • Country: Russia
  • Network:
  • Noticed: 23 times
  • Protocols Attacked: SSH
  • Countries Attacked: Russian Federation, Ukraine, United States of America
  • Passive DNS Results: MiEEmMRgL.moolin.ru 1lEVnZEe.moolin.ru ZGSaBTlUkNPApo.moolin.ru ngXlREX.moolin.ru eukkx9CNSogIh.moolin.ru RynCM4Q.moolin.ru rpRsZzqep6hTj.moolin.ru 6HHBhqt.moolin.ru ml5gll.moolin.ru xfqfmo.moolin.ru g9lkosqfeq.moolin.ru dxr7fhmldd13gnltx1i.moolin.ru lvdar49kcr.moolin.ru aaaaaa.bokuwai.ru aaa.nonimak.ru ptvr5otdau.moolin.ru 2uvh.moolin.ru firasto.ru phymateus.ru nonimak.ru aaaaaa.nonimak.ru 0enhzs.moolin.ru megatos.ru 4MZu8X9avIMk.moolin.ru ThP8XrGsWFV8PbtH9S.moolin.ru a.nonimak.ru 0ivrlzyk.moolin.ru aaaa.nonimak.ru 0nxfri.moolin.ru aaa.bokuwai.ru gorigan.ru moolin.ru naniga.ru aaaaa.nonimak.ru bacilluse.ru firtabo.ru circulas.ru bokuwai.ru bilargo.ru myces.ru teroba.ru krashand.ru report.corsa.kz www.blizkco.online blizkco.online

Malware Detected on Host

Count: 18 6a64a8e2202db7f3a77d32b4852b71acf620f96580ca015e8bff8f5a09622032 2c3c78d5e8f4b07e7d52d28cb3d4e43f51ac605279b3048217870305b1a1b496 05ac54b8bf1cbeedec6e4892303b4a76d8725d7551a88cdf38a872596c23bfb9 bd64d14b13e29805d091f45fdfc5dce2591cd5123c25ce6afd3b0a856c842566 5c548ab1dc33b2af4e179ef88a4019b6fcfe78a0688ea2a87d85dc2a7a20ee60 29a60de230d00fe4fd50291af78476ad434f99b4df3a506961441ce4fd9a1212 c13aac9366d73604f978e547e2a42a0390758e21f5f8707dcafa96dc9a148296 96ce576f383584e0a62225a91bb50fc7fd8efa068443c4785373c86f51d2e3eb e4d309735f5326a193844772fc65b186fd673436efab7c6fed9eb7e3d01b6f19 a60df90504735f4e424ec0842e328181d7e93ac9ecd8193e892584871643bec7

Map

Links to attack logs

****** ****** ******

Share on: