IOC Radar
IPMediumSignal 54/100

103.96.128.44

Location
Hong KongHong Kong
Mong Kok, Yau Tsim Mong District
ASN
AS136798
WUZHOUHULIAN INTERNATIONAL CO., LIMITED
First Seen
Jul 24, 2024
Last Seen
Jun 18, 2026
Jul 24
First Seen
700d ago
Jun 18
Last Seen
6d ago
12
Reports
source reports
54%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

73 techniques

Network Information

CountryHKHong Kong
RegionMong Kok, Yau Tsim Mong District
ASNAS136798
OrganizationWUZHOUHULIAN INTERNATIONAL CO., LIMITED

Feed Intelligence Summary

12 reports54% confidence
12
Source reports
54%
Confidence score
Category tags
abuseaccount compromiseacr stealeraddressaitm serverakira ransomwareamos steakeramos stealeranydesk moduleaptapt-k-47apt36apt43archive fileas path poisoningasiaastral stealerasyncrat reloadedatomic httpsatomic stealerautoitautoit malwareavast-anti-root-kitbabbleloaderbackdoorbadpilot campaignbanshee infostealerbcttbgpbha006bitter aptblockboinc c2bootkitty iocsbotnetbrazanbamboo c2brazenbamboobugsleep malwarebumblebee malwareburnsratburnsrat cc2c2 addressc2 domainc2 httpc2 httpsc2 ipc2 serverc2 serverscertcheat enginechinachina-linked aptchristmas-themed lnk fileschrome extensions hijackedcivil servicesclickfix-tacticclosecloudcloud atlascloud computingcloud migrationcloud securitycloud servicescloud storagecloudscout gmailcloudscout_evasive pandacobalt strikecode executioncode injectioncode issuescode snippetscometlogger-0.1command and controlcommand executioncommunication protocolcommunication technologiescompiled autoit malwarecompromise notecontagious interviewcookie theftcore network compromisecredential accesscredential harvestingcrowdstrike outage exploitcthulhu stealercyber threatsdaggerflydamndarkgatedarkracedatadata encryptiondata exfiltrationdata interceptiondatabase securitydefanged filedemodex rootkitdetailsdigital signaturedistributed attacksdlldll sideloadingdns-poisoningdonexdownload urldownloaderdropperduoyidwordeagerbee backdooreldoradoeldorado ransomwareelfeset researchespionage campaignevasive pandaevasive-pandaexploitextortionfake captchafake chromefake discount sitesfake game sitesfake software updatesfatalratferret malwarefigurefilefilesfinaldraft elffinaldraft malwarefinancefinancial servicesfindfingerprintfirstfirst seenfirst stagefooterfreelance developer scamgamacopy aptgamaredongh0stratghostgambitghostsocksgithubgithub usersglove-stealergmckgmergoogle ads heistgoogle drivegoogle meetgovernment technologygroup makesguidloaderhasheshashes payloadhawkeye malwarehelldown linuxhelldown ransomwarehidden rootkithkhong konghornshorns-hooveshtahta filehta md5hta scripthtmlhtml payloadhttp attackhttp scannericonindicatorindicatortypeindustries/all industriesinformation stealersinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection attacksinter-as route manipulationinvisibleferret malwareiociocsiocs filesiocs hashiocs helldowniocs maliciousiocs zipips httpsipv4ipv4 addressit infrastructurejs downloadl fileslandinglateral movementlateral network movementlatin americalegionloader malwarelinkslinuxlinux malwarelnklnk fileloaderlockbitlockbit ransomwarelockbit3lumma payloadlumma stealermacmamacma componentmacma macosmacma malwaremacosmainmalicious linksmalicious powershell activitymalicious softwaremallox ransomwaremalwaremalware c2malware hashmalware signingmalware/macmamalwaretype/windows backdoormanualmd5mekotio bankingmekotio banking trojanmgbotmgbot malwaremicrosoft advertisers phishedmin readmintsloadermintsloader c2mintsloader_stealcmirrorface campaignmirrorface campainmlpeamobilemobile carriersmobile networksmobile securitymoneromonitormsimsi filemulti-cloud managementmultiple industriesmut-1244-githubna majesticna starkneshtanetsupport ratnetworknetwork infrastructure attacknetwork ipnextnoneuclid ratnoopdoor malwarenoopldr type1noopldr type2operating systemopswat oesisottercookie contagious interviewottercookie malwarepandapanelpathloaderpayloadpayload hostpayload urlphishingphishing attackphishing urlsphobosphobos ransomwarephpsertphpsert variantplay ransomwarepluginplugxplugx c2plugx malwareportspowershower c2process injectionpscppsexecpublicpublic administrationpublic infrastructurepublic policypullpumakitpurecrypterpxa stealerpypi-aiocpapythonpython malwarepython nodestealerpython-based backdoorqilin ransomwarequite solsjoasquocransomransomhubransomwareransomware-lockbit3-iocs.csvratrat racerdpwrapper abusereddelta c2redditref5961ref5961 groupregistry keysregulatory agenciesremcos trojanremote accessremote servicesresearchedrhadamanthys c2rockrockstar-phishingromcom exploitsromcom-exploitsrouting protocolrspackrspack_compromised_packagesrustystealersalt typhoonsample sha256samplesscripting attackssearchseashell blizzardsectopratseenseo abuseserver httpserversserviceservice dllsftp attackshadowroot ransomwareshell commandssilent lynx aptsilent skimmersimilar sha256sitesitessliver implantsmokeloadersnailresin attacksnake keyloggersneaky 2fasocial engineeringsoftware developmentsoftware exploitationsoftware integritysolana-backdoorsolo airfieldssh accessstarstar blizzardstar blizzard spear-phishingstealcstealc c2stealc payloadstealerstealerssteelfox trojanstormbamboostrike loadersstrongstudio codesuzafksystem disruptionsystembcsystembc ratt1005t1021t1021.001t1027t1027.002t1041t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.005t1064t1069.001t1070t1070.001t1070.004t1071t1071.001t1071.004t1078t1078.002t1082t1083t1086t1095t1105t1110.002t1114t1114.001t1133t1140t1176t1190t1195t1195.002t1199t1203t1204t1204.001t1204.002t1213t1213.003t1486t1490t1496t1499.001t1499.002t1499.003t1547t1547.001t1550t1554.001t1554.003t1555t1555.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1569.002t1571t1573t1573.001t1587.001t1588t1590.001t1598t1598.003tag-100tailscale abusetaiwanteamtelecom servicestelecommunicationsthreat hunterthreattype/malwarethreattype/threat actortier-1 network vulnerabilitytipstls certificatetmalwaretype/macos backdoortokentrojan malwaretrojanizedtrojanspyturkeytwittertype nameu.s. organization targeteduac-0185uac-0194united statesurlsurls httpurls httpsv4 removalvalleyrat malwarevantvbshower c2versionversion bversion cversion dversion evgod ransomwareviewvisual studiovisual studio codevssadmin deleteweaponized softwareweb accessweb securityweb trafficwebflow abusewezrat malwarewindows payloadwinos4.0 ratwolfsbane backdoorymir ransomwarezebo-0.1.0zipmsi

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
12
Reports
First seenJul 24, 2024
Last seenJun 18, 2026
GeolocationHK
CountryHong Kong
LocationMong Kok, Yau Tsim Mong District
ASNAS136798
OrgWUZHOUHULIAN INTERNATIONAL CO., LIMITED
Coords22.3204, 114.1690

VirusTotal

Not checked

WHOIS

description
CC=HK ASN=AS136798 wuzhouhulian international co. limited

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 12 threat reports