JS-19-0045 - C2 Domain Activity Report


Recently reported activity. There just might be a pattern in play here...

IOC List:

107.174.20.105

172.104.86.207

185.164.72.143

185.164.72.160

195.128.124.159

195.128.124.189

195.128.126.241

195.128.126.243

195.128.127.237

195.128.127.254

23.106.122.201

45.67.14.164

45.67.14.168

45.79.66.44

5.56.133.198 7cda64311c7d4b6ed03ff0f942b91b00d5508e447a3cdda048e687edfb7fc39e b21e3d6a877ccba10222e240df8fa625a715d3315516d7a677aed3664ff780a2 3732ee73200056718d1935424e13a1ea68624ac1e19b411145e7cedf86be33de 867c0df546d105ef73c3b70ecec28c2d6e9f176e4278a579b59a27be28d48f04 c2b06a6e1487c47e0a9faed8322c25395d4936618016a851179cb902564ac60b e95108ce27d9d9bdcc988b364645e1e0f38e43a71cbd396f1f9fb000f42ffe5d 85c3a8dfc4a8521c847367f36bdaa07e55527b3bfebb265978ffd5585180700e 211c4dd73e399891bf39576456ffa97767bcd5b3d7a1d1d47fe0a72254702677 0697127fb6fa77e80b44c53d2a551862709951969f594df311f10dcf2619c9d5 1f58f44128a0a8b186b0666452c36b063a446970f02f05e28c59c8a5190f05c6 be9af5d805291fc482bbde5a65cb4e4d6aa710de41be03f501b0722c41f1c5ce b1785560ad4f5f5e8c62df16385840b1248fe1be153edd0b1059db2308811048 e88bf3c2c6e84b1366ad20c4dec2c9e7982e57d57af4183a4ae5f253aab3e8e4 96fb5269cc4fca3668fd87764e8844aef48d97d3462a8b12f2dfe399def43b15 6180a1db3b1267eec5fba215be7696435bcb746a34b3b8692c99554e9edbe68b 1841efd54ec9379ae8015e69f14be491f459aa56ed32e6520097beaaedb7ad1d 439940c6fa3cb2df635d612e6f284b4391ce8b669afeecc3cdef7c1117da7012 3c67b76ab558d048e79a93e525f35dfe95d79824880eef0b0433e01e644f620b 2a18002d035891f82f8c4f1c22f78da91e4a4b304b6afa162853fb0ecde2fe33 364faa9f9bec15ad226a2b4a03869ec42ad5aa7f2d6c99c65690d4b1de48a0dc 9e4fbe58f54569b02dcdf90382a8c0dcf026cb074c6b7514864680b1bdad6b91 c7bf075897a26b2bf80f947eafa6c4f5f4187c6b2af84f21de290736e2d3257a 487e83ea3842c53274f5801ee41f0e09a4b040a15a695da4bca3c346bda455fb fad4491b444ab298cabb58a4e3fcd8e762cc1c456f88f7105b901eeba8e0360a dad19e59ea8578fb123bcd83795a540f250c482f134880b863d493689f69ff40 ae00becc971c5d1ae1bff04dd3cdc049f253d6b67efef342a9e110a25bb03cf9 1003ec9a9cbec9ae1402996efe973dedb5136d78fb18091ac56185813d74d22e d233335ee3810e1df0bcc768c283a122b2fbf7c322205098ccef1627be9b4e5d

80.82.70.234

185.164.72.131

45.67.14.164

195.128.124.189

195.128.127.237

45.67.14.168

195.128.126.241

http://fid.hognoob.se/hidregsvc.exe

http://fid.hognoob.se/wdisetection.exe

http://fid.hognoob.se/secloginler.exe

http://fid.hognoob.se/evensvc.exe

http://fid.hognoob.se/wercplshost.exe

http://fid.hognoob.se/download.exe 99aee2f5f0edded618c0c7395c08797529fa5c61fbdc65a92105b1a89b3bc28a 124450b4c83b3276c2a7d674c20ffe2174fec4896400825d51c5bb51479fa128 e0f59e4f8ce80004798a9db28645a675805120c17d46a5a206cce717c2126086 619368d4ea0afeca7d262e690d4901e18b3d1d963677e11415be4cf304645124 abfb6d7047a6513e317b007b73aba1e47354e56d1e46cfefe1e4ea76519a462c 98fd96abefec4b5c797a12d6f81012150a7b7b8da98c71abc0b1ed6e71cd1690 9161ff19760a9296027a0e7a3e5e1e6931a54f53cd9998bac35abe8db45143ea 4e28784d08a07f6f1ccb95bab8628b4b19e3bba4b200605309074634e1d70fa7 3af991ffccd3cc29313a88c478e5e3269f0f1d035c4cd2e853a455fc3e05b40d 9454939752a4c03ae4d7544ade4b3bc037912099ff01808cee0073c38f49600d d060be73f3c07161a87ba74d76d01ea6227212181223b66f963ed57d10656a7a 2bc1eb6c534f66c9176a2886482e5b76b7b36deee17e7067d12d67ada7284df6 1bc450f369e267b62c711a906ad2265dc62561bfb790795dcf96dbfe8cab1bef be0b599cc457131920ed53571856061407c9065a8f79143ed2369805c1a732c3

Find out how Jigsaw Security's DNS solutions deny hackers the ability to infect entire networks.


11 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2020 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business