JS-19-0045 - C2 Domain Activity Report


Recently reported activity. There just might be a pattern in play here...

IOC List:

107.174.20.105

172.104.86.207

185.164.72.143

185.164.72.160

195.128.124.159

195.128.124.189

195.128.126.241

195.128.126.243

195.128.127.237

195.128.127.254

23.106.122.201

45.67.14.164

45.67.14.168

45.79.66.44

5.56.133.198 7cda64311c7d4b6ed03ff0f942b91b00d5508e447a3cdda048e687edfb7fc39e b21e3d6a877ccba10222e240df8fa625a715d3315516d7a677aed3664ff780a2 3732ee73200056718d1935424e13a1ea68624ac1e19b411145e7cedf86be33de 867c0df546d105ef73c3b70ecec28c2d6e9f176e4278a579b59a27be28d48f04 c2b06a6e1487c47e0a9faed8322c25395d4936618016a851179cb902564ac60b e95108ce27d9d9bdcc988b364645e1e0f38e43a71cbd396f1f9fb000f42ffe5d 85c3a8dfc4a8521c847367f36bdaa07e55527b3bfebb265978ffd5585180700e 211c4dd73e399891bf39576456ffa97767bcd5b3d7a1d1d47fe0a72254702677 0697127fb6fa77e80b44c53d2a551862709951969f594df311f10dcf2619c9d5 1f58f44128a0a8b186b0666452c36b063a446970f02f05e28c59c8a5190f05c6 be9af5d805291fc482bbde5a65cb4e4d6aa710de41be03f501b0722c41f1c5ce b1785560ad4f5f5e8c62df16385840b1248fe1be153edd0b1059db2308811048 e88bf3c2c6e84b1366ad20c4dec2c9e7982e57d57af4183a4ae5f253aab3e8e4 96fb5269cc4fca3668fd87764e8844aef48d97d3462a8b12f2dfe399def43b15 6180a1db3b1267eec5fba215be7696435bcb746a34b3b8692c99554e9edbe68b 1841efd54ec9379ae8015e69f14be491f459aa56ed32e6520097beaaedb7ad1d 439940c6fa3cb2df635d612e6f284b4391ce8b669afeecc3cdef7c1117da7012 3c67b76ab558d048e79a93e525f35dfe95d79824880eef0b0433e01e644f620b 2a18002d035891f82f8c4f1c22f78da91e4a4b304b6afa162853fb0ecde2fe33 364faa9f9bec15ad226a2b4a03869ec42ad5aa7f2d6c99c65690d4b1de48a0dc 9e4fbe58f54569b02dcdf90382a8c0dcf026cb074c6b7514864680b1bdad6b91 c7bf075897a26b2bf80f947eafa6c4f5f4187c6b2af84f21de290736e2d3257a 487e83ea3842c53274f5801ee41f0e09a4b040a15a695da4bca3c346bda455fb fad4491b444ab298cabb58a4e3fcd8e762cc1c456f88f7105b901eeba8e0360a dad19e59ea8578fb123bcd83795a540f250c482f134880b863d493689f69ff40 ae00becc971c5d1ae1bff04dd3cdc049f253d6b67efef342a9e110a25bb03cf9 1003ec9a9cbec9ae1402996efe973dedb5136d78fb18091ac56185813d74d22e d233335ee3810e1df0bcc768c283a122b2fbf7c322205098ccef1627be9b4e5d

80.82.70.234

185.164.72.131

45.67.14.164

195.128.124.189

195.128.127.237

45.67.14.168

195.128.126.241

http://fid.hognoob.se/hidregsvc.exe

http://fid.hognoob.se/wdisetection.exe

http://fid.hognoob.se/secloginler.exe

http://fid.hognoob.se/evensvc.exe

http://fid.hognoob.se/wercplshost.exe

http://fid.hognoob.se/download.exe 99aee2f5f0edded618c0c7395c08797529fa5c61fbdc65a92105b1a89b3bc28a 124450b4c83b3276c2a7d674c20ffe2174fec4896400825d51c5bb51479fa128 e0f59e4f8ce80004798a9db28645a675805120c17d46a5a206cce717c2126086 619368d4ea0afeca7d262e690d4901e18b3d1d963677e11415be4cf304645124 abfb6d7047a6513e317b007b73aba1e47354e56d1e46cfefe1e4ea76519a462c 98fd96abefec4b5c797a12d6f81012150a7b7b8da98c71abc0b1ed6e71cd1690 9161ff19760a9296027a0e7a3e5e1e6931a54f53cd9998bac35abe8db45143ea 4e28784d08a07f6f1ccb95bab8628b4b19e3bba4b200605309074634e1d70fa7 3af991ffccd3cc29313a88c478e5e3269f0f1d035c4cd2e853a455fc3e05b40d 9454939752a4c03ae4d7544ade4b3bc037912099ff01808cee0073c38f49600d d060be73f3c07161a87ba74d76d01ea6227212181223b66f963ed57d10656a7a 2bc1eb6c534f66c9176a2886482e5b76b7b36deee17e7067d12d67ada7284df6 1bc450f369e267b62c711a906ad2265dc62561bfb790795dcf96dbfe8cab1bef be0b599cc457131920ed53571856061407c9065a8f79143ed2369805c1a732c3

Find out how Jigsaw Security's DNS solutions deny hackers the ability to infect entire networks.


0 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.