IOC Radar
IPMediumSignal 100/100

103.107.104.19

Location
Hong KongHong Kong
Shek Lei, Kwai Tsing District
ASN
AS135330
Vsnet
First Seen
Feb 28, 2022
Last Seen
May 1, 2026
Feb 28
First Seen
1578d ago
May 1
Last Seen
55d ago
12
Reports
source reports
99%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryHKHong Kong
RegionShek Lei, Kwai Tsing District
ASNAS135330
OrganizationVsnet

Feed Intelligence Summary

12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
a serviceabcdabuseacceptaccessaccountacidrainactive scanad environmentad groupadfindadministratoraes keyafghanistanafricaagentahnlabai securityaitbalbaniaalbanianalexalienvault_ransomwarealiveallegatoamadeyamsi telemetryanalyzeanchoranchordnsandroidanunakanydeskanydesk remoteapacheapache tomcatapi callapi hashapi hashingappdataappeappearanceaptapt 27apt groupapt19apt27apt29apt29 activityapt29 conductapt37 domainsapt41aquatic pandaarcanearmeniaartefactsfolderartemisascii valueascii85asec analysisasiaasyncratateraatera agentatomatomicattackattack overviewauroraautoitav evasionavastavosavoslockerazaz09azorultbackbackdoorbad rabbitbad reputationbankbasebase64base85basecampbatloaderbazaarbazaloaderbazarbazar c2bazar loaderbazarbackdoorbazarcallbazarloaderbazarloader dllbeaconbeacon dllbeacon payloadbeacon typebeacon versionbeaconloaderbeapybearbeatdropbeerbelarusbelowbeyondbitcoinbitsblackcatblackshadesblisterblobbluenoroffboatlaunchbodybokbotbookmark serverboommicbotnetbotnet activitybrazilbreachbridgebronze presidentbrowserbughatchbuildbumblebee c2bumblebee dllbypassc activityc serverc2 datac2 dropboxc2 profilec2 serverc2 trafficcaesarcampocampo loadercanadacanthroidcaploadercapturecarbon spidercashcec listcenterallcerbercertchachachamelgangchanitorchaprochatchimerachinachina chopperchinese-speaking cybercrimechiselchm filecisacisco securecisco taloscisco threatcivil servicesck techniqueclassclassloadercleanupclickclosecloudcnc servercnuserscobaltcobalt strikecobalt strike loadercobalt strikescobaltstrikecodecoinminercolor1cometcommandcommand & controlcommand and controlcommentcommercial bankingcommunication technologiescompilecomspecconceptconficonfigconfluence dataconsolecontcontactcontentconticonti affiliateconti gangconti groupcontributorscontrolcookiecookie valuecopycorecore impactcortex xdrcovewarecovid19cp1250credential harvestingcrowdstrikecrphcryptercryptocurrencycs loaderctrltcubacuba ransomwarecustomerloadercvsscybercyber espionagecyber espionage solutionscyber intelligencecyber threatcyber threat hunterscyber threatscybercrime hascybereason xdrcybersecurity architectcyclopsczechiadark cometdarkcometdarkgatedarkhoteldarkshelldarksidedat filedatadata centerdata encryptiondata exfiltrationdata riskdatopdatoploaderdaveshelldc serverdclocalddosdeadeyedecoydecoy filesdecryptdef condefenderspynetdefensedefense evasiondefraydefray777delivery urldelphidemodenis legezodesktopdetectdexterdfdownloaderdfir reportdfir teamdiavoldiceloaderdidier stevensdigital certificatesdircreatedirect systemdirectorydiscorddisplaynamedistributed attacksdkmcdkmc frameworkdll filedll librarydll payloaddll searchdll sideloadingdllentry ratdllsdnc hackdnc networkdns attackdoesndomaindonald trumpdonedonutdoormedoorme backdoordoppelpaymerdoradorkbotdos headerdownloaderdownragedpiawaredridexdropboxdropbox loaderdropperdrops cobaltduckdukedumpduqudustpandwordearth wendigoeasyeasylookeditsedr hooksedreppefnoegregoregregor payloadelfeliteemerging threatemissary pandaemotetemotet campaignemotet coreemotet epochemotet payloademotet runemotet sha256empireenableencoderencryptencryptionendpoint1energyenglishenjoyenterpssessionentropyentry pointepochepochsepochtimeerik hjelmvikerroreseteset researcheset securityestoniaesxiet cncet exploiteu cyber policieseuropeeurope/asiaevil corpexcelexecutable fileexfiltrationexitendififexotic lilyexpert perspectiveexploitexploitation activityexport functionextortionfailfalconfalcon completefalsefastfeaturefeodo trackerficker stealerfigurefilefilejustfileless malwarefilesfillerfin7finalfindfinspyfireeyefirstfirst detectionfishmasterfivehandsflexfooterfoozerforceforeign affairsformformatfortunefrom karakurtfrontfrpfunctiong o2gap analysisgasgategate variantgaussgeckogeneric.933739geopolitically motivatedgeorgiagermanyget requestgetchilditemgetoperandvaluegif headergithubgithub projectglobal funcgnu cgo downloadergogogolanggold blackburngoogle chromegoogle cloudgoogle docsgoogle drivegootkitgootkit loadergootloadergotrojgovernment sectorgovernment technologygozigozi malwaregrabffgrantedaccessgrapeloadergreecegriffongroup policygroupexchangegrouprevilgroupuchebkacguardguloaderhackhackermanhacking teamhadeshaixi mongolhancitorhancitor c2hancitor dllhancitor exehandoverharpyharvesterhashhatching triagehavocheaderheadlineshellhellohello packethellokittyhidehidedrvhighesthikithillhivehodurhoneymytehong konghookhookshta filehtmlhtml filehtml objecthttphttp attackhttp c2http gethttp methodhttp posthttp traffichttpshttps traffichumanhuntershwinithlwhydraicedidicedid malwareicedid payloadiceidicmpida proidentity & access exploitationigosiis workeriit appil fileil messaggioimages evidenceimpactimplantimportincident responseindia-chinaindicatorindonesiainfectionidinfoinformation technology sectorinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial contactinjectinjectorinstallintelintro contiinvestigation servicesinvestigationsioc510iocindicatoriocsiocs hashesiocs urliot securityipcountipv4iran, islamic republic ofiso fileiso filesystemiso imageissuer cusissuer orgitaliaitalyitw nameja3ja3sjames haughomjan rubnjapanjarmjarm signaturejarsjasonjavascript codejitterjohnjs filejson objectjssloaderkang mincholkarakurtkaspersky icskazakhstankazuarkerrdown samplekeyplugkhalesikhtmlknightkoadickorea, republic ofkoreankportscankronoslaterlatinlatvialazagnelearnlearn morelegallegezolemon duckleviathanlifelimelinodelinuxlinux systemlithuanialnk filelnklnklnklnkloaderloader plugxlocallockbitlockbit blacklog4jlog4shelllogiclogmeinlokibotlolbinslpwstr lpbufferlsasslsass memorylsass processltexasluckyluckymouseluminousmothmac osmacawmachinescalemachomacosmacromagicmailtomainmain entrymakadocsmakesmalaysiamalcatmaldocmalicious documentmalicious filemalicious linksmalicious pemalicious softwaremalspammalwaremalware descriptionsmalware technologiesmalwarebazaarmanagemanaged xdrmanualmarchx8664 gmaremarinemarkmaskmatanbuchusmatches nomatrixmazemaze ransomwaremcafeemediamedremeetingmegamespinozametasploitmeterpretermethodmethodologymexicomichaelmicromicrobackdoormicrosoft docsmicrosoft wordmidst intrusionminchol editsmindminermitre attmobile carriersmobile networksmobile threatmodelmodule stompmongoliamonitoringmonovmmonpassmonpass clientmonpass webmorphisec labsmortomotcmotnugmountlockermovingmozillamqtangms windowsmsbuildmsbuild processmsbuild projectmsf downloadermsf shellcodemshtml enginemsiemssqlmssql processmssql servermuddywatermultiplemustang pandamyanmarmyrtusmz headern c2n cobaltn httpsnaganamename filenarilamnation-state activitynativezonenbtscannebulaneitherneshtanetbiosnetscannetspynetsupport ratnetwalkernetwirenetworknetwork forensicsnevernew zealandnewsnextnexusngongrokngrok tunnelnightnim malwarenim programmingnimgrabbernimrevnimrodnimrodnimzanimzaloadernltestnobeliumnonamenorth americansantdsntlmntlm hasho2 o2ocean lotusoceaniaoceanlotusoffensivenimoilrigololone marketplaceoniondukeonlinoofficeopenopen processopen sourceopenfieldopensopenssloperation pawnoperationsopsecor filefullnameoracle weblogicoratorionos versionoverownerp4bnzr0palo altopandapartpasspatchpathpawn stormpayloadpayloadbinpcappdf documentpdf filepe headerperuphasephishingphishing attackphishing campaignphotoloaderpingpinkslipbotpioneerpipespl shellcodeplatform sha256pleadpleaseplinkplugxplugx backdoorplugx encryptedplugx implantplugx malwareplugx payloadpodcastpoisonpoison ivypolandpoliceponypoortryportpos softwareposhc2postpost bodypost methodpotential scanpotplayerdb.datpowerpowershellpowershell ratprefecturepress enterprimary threatpriorprivacyprocess hackerprocess injectionprojector libraprophetprophet spiderprotectproxyproxyshellpsexecpsrppublicpublic administrationpublic infrastructurepublic policyputtypymafkapysapysa ransomwarepythonpython scriptpyxieqakbotqakbot binaryqakbot malspamqakbot malwareqbotquasarquesto certquietexitraasradarradminragnarlockerraindrop loaderrandomransomransom virusransomexxransomhubransomwarerapid7rararchiveraspberry robinratrat trojanratsrazyrc4 encryptionreaves6 minreconrecon villagereconnaissancered deltaredlineredline stealerreferregional securityregszregulatory agenciesregwriterelatedtoremcomremcosratremoverenamereportreportsrequestresearchresearchedresponse taegisreturn addressrevilrevilcontiritarobinhoodrollcoastrootrozenarubeusrubyrun registryrussiarussian federationrustrustockrustybuerryukryuk domainryuk hostryuk ransomwareryuk threatsabbathsafetykatzsagesalary urlsandboxsandbox reportscalescams & fraudscan behavioralscannerscoutscriptseadukeseatbeltsecurexsecurity groupssekhmetsekurselectserbiaserverserver helloserviceservice mainservice scanservice workerset currentsfx codesfx fileshadowshadow chasersharpkatzshathakshellshellcodeshownshutsignsilentsilent breaksilent trinitysilentbreaksizesleepsleepexslingshotsliverslovakslovakiasmadavprotect32smallsmb beaconsnakesnortsnowsoarsocgholish netsupportsocial engineeringsocssodinokibisofacysoftethersolarstormsolarwindssomniasourceimagesouth africasouth americasoutheast asiaspamsparklinggoblinsparkratspawnspear phishingspearphishingspeedsphwspidersprite spiderspyeyesslblstabuniqstackstagestagerstagesstarstarkstarsstarted servicestartwstatastatestdoutstealerstellarparticlestoneboatstopstop ransomwarestormstorystreamstrikestrike activitystrike beaconstrike loaderstrike payloadstringstringsstrongstrontiumsttxstuxnetsublime editorsummarysuncryptsupernovasupply chain attacksvchostswedishswiftsyscallsysdigsystem disruptionsystembcsyswhispers2szdrft1003t1016t1027t1036t1047t1049t1052t1053t1055t1057t1059t1059.001t1059.005t1070t1071t1071.001t1074t1078t1082t1083t1091t1102t1105t1114t1119t1190t1203t1204t1204.001t1204.002t1218t1219t1486t1490t1496t1499.002t1499.003t1518t1546t1547t1560t1564t1565t1566t1566.001t1566.002t1566.003t1569.002t1573t1574t1583t1585t1587.001t1590.001t1598t1608ta416ta416 plugxta471ta551ta578ta800talostargettargeted attackstargetimagetask managertcp portteamteamt5teamt5 teamt5techtelecomtelecom servicestelecommunicationstemptencenttheftthemidathorthreatthreat actorthreat advisorythreat alertthreat analysisthreat analysis servicethreat feedthreat gridthreat intelligencethreat researchthreat responsethreat spotlightthreat-intelligencethreatsthreatsonarthreatsonar anti-ransomwarethreatvisionthrowbacktinbatipstldstls clienttls servertoolstor directorytor nodetouchtracingtrackertransferxl urltransferxl urlstravelextrellotrend microtrend visiontrickbottrickbot c2trickbot crewstrickbot grouptrickbots crewtrickbots cstridenttrident loadertriggertrinidad and tobagotrinitytrojantrojanspytrumptrustttpsturkeyturkishturlatvrattwittertycoontypeuac0056ukraineunc1151unc2165unc2190unc2190 beaconunc2198unc2452unc2465unc2589unc3381unified accessunitunited statesunusual porturisurlcampourlsurls httpurls httpsurlshxxpursnifuse sectionuserpcnameuuid variantuuidsuwagavaporragevariantvaronisvaronis threatvatetvawtrakvba macrovbs scriptvhashvidarvietnamviewvincssvision onevmwarevmware commandvmware horizonvmware identityvmware xfervnc activityvobfusvoicevoidvollgarvscodevulnerability scanwaf rulewdigestweb application attackweb bugweb securityweblogic accesswebshellwherewin32.agentwin32.bitcoinminerwinapiwinapi callwindwindowwindowswindows binarywindows contextwindows eventwindows exewindows hostwindows logonwindows ntwindows remotewindows servicewindows systemwineloaderwinidswinntiwinnti groupwinrarwinrmwinscpwiperwirelurkerwizard spiderwmicwmiexecwordword documentworkspace onewormwritewscriptx.509xll filexmrigxor algorithmsxss attackxtunnelxyzcampobb hxxpyahxzyanluowangyarayara rulez85 ascii85z85 httpszbotzenpakzeuszip filezloaderzscaler cloudzusyzxkbdklakv

Activity Timeline

1 total obs
May 1May 1

Threat Activity Heatmap

· Peak: 2026-05-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenFeb 28, 2022
Last seenMay 1, 2026
GeolocationHK
CountryHong Kong
LocationShek Lei, Kwai Tsing District
ASNAS135330
OrgVsnet
Coords22.3590, 114.1320

VirusTotal

Not checked

WHOIS

description
CC=HK ASN=AS135330 adcdata.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 1 month ago
Appeared in 12 threat reports