IOC Radar
IPMediumSignal 79/100

139.59.56.73

Location
IndiaIndia
Bengaluru, KA
ASN
AS14061
DigitalOcean, LLC
First Seen
Dec 11, 2021
Last Seen
May 23, 2026
Dec 11
First Seen
1655d ago
May 23
Last Seen
30d ago
14
Reports
source reports
79%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryINIndia
RegionBengaluru, KA
ASNAS14061
OrganizationDigitalOcean, LLC

Feed Intelligence Summary

14 reports79% confidence
14
Source reports
79%
Confidence score
Category tags
abuseactive scanactive scanninganna paulaasiabad reputationbankingbodybokbotbotnetbotnet activitybrute forcebrute force attackc2 ipcivil servicescobalt strikecode executioncode issuescommandcommand & controlcommand and controlcommand executioncontrolcopycredential accesscredential harvestingcredential stuffingcredit cardcredit card servicescrilcyber crimedata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata transferdesktopdigital signaturedistributed attacksemotetemotet activityemotet campaignemotet dllemotet malspamemotet malwareemotet payloademotet spamencryptionexcelexcel fileexploitation activityextortionfigurefinancefinancial servicesfinancial technologyfirstfooterforeignfortiguards labsfrom emailgithubgovernment technologyhackingheadersicedididentity & access exploitationinindiaindicatorinfostealerinfrastructure acquisitionreconnaissanceinjection activityjumplaterltd namalicious powershell activitymalicious softwaremalspam emailmalwaremalware signingmalwarebazaarmalwareiocsmanualmsi filemtb filena abusecna digitaloceanna hetznernetworkoffice emailonenoteonline gmbhopenorcusorcus ratpassword attackspayment processingpe filephishingphishing attackpowershellprocess injectionpublic administrationpublic infrastructurepublic policypullqakbotransomwarerat iocsreconnaissanceregulatory agenciesresearchedrole nascannerscripting attackssender addresssignsilentbuildersocial engineeringsoftware exploitationsoftware integrityspamssh attackstarstrongsystem disruptiont1005t1027t1030t1055t1059t1059.001t1071.001t1086t1110.001t1110.002t1110.003t1110.004t1203t1204.002t1486t1490t1496t1499.002t1499.003t1554.001t1554.003t1565t1566.001t1566.002t1566.003t1566.004t1569.002t1587.001t1590.001t1595.001t1595.002t1595.003threat actorthreat researchthunderbird contactthunderbird emailtor nodetrickbottwittervba macrosviewwealth managementweb filteringzip archive

Activity Timeline

1 total obs
May 23May 23

Threat Activity Heatmap

· Peak: 2026-05-23
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
14
Reports
First seenDec 11, 2021
Last seenMay 23, 2026
GeolocationIN
CountryIndia
LocationBengaluru, KA
ASNAS14061
OrgDigitalOcean, LLC
Coords12.9634, 77.5855

VirusTotal

Not checked

WHOIS

raw
inetnum: 139.59.56.0 - 139.59.63.255 netname: DIGITALOCEAN-AP descr: DigitalOcean, LLC country: IN admin-c: DOIA2-AP tech-c: DOIA2-AP abuse-c: AD699-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-DIGITALOCEAN-AP mnt-irt: IRT-DIGITALOCEAN-AP last-modified: 2020-05-31T21:35:26Z source: APNIC irt: IRT-DIGITALOCEAN-AP address: 105 Edgeview Drive, Suite 425, Broomfield, Colorado 80021 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: DOIA2-AP tech-c: DOIA2-AP auth: # Filtered remarks: [email protected] was validated on 2026-03-19 remarks: [email protected] was validated on 2026-03-25 mnt-by: MAINT-DIGITALOCEAN-AP last-modified: 2026-03-25T17:24:46Z source: APNIC role: ABUSE DIGITALOCEANAP country: ZZ address: 105 Edgeview Drive, Suite 425, Broomfield, Colorado 80021 phone: +000000000 e-mail: [email protected] admin-c: DOIA2-AP tech-c: DOIA2-AP nic-hdl: AD699-AP remarks: Generated from irt object IRT-DIGITALOCEAN-AP remarks: [email protected] was validated on 2026-03-19 remarks: [email protected] was validated on 2026-03-25 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2026-03-25T17:25:11Z source: APNIC role: Digital Ocean Inc administrator address: 105 Edgeview Drive, Suite 425, Broomfield, Colorado 80021 country: US phone: +1 646-827-4366 fax-no: +1 646-827-4366 e-mail: [email protected] admin-c: DOIA2-AP tech-c: DOIA2-AP nic-hdl: DOIA2-AP mnt-by: MAINT-DIGITALOCEAN-AP last-modified: 2025-04-11T18:24:27Z source: APNIC
references
https://www.welivesecurity.com/2023/07/06/whats-up-with-emotet/, https://www.intrinsec.com/emotet-returns-and-deploys-loaders/, https://raw.githubusercontent.com/Intrinsec/IOCs/main/Emotet/INTRINSEC_MLW_EMOTET_IOCs_09_01_2023.csv, 2021-09-21-Curriculo-IOCs.txt, https://www.fortinet.com/blog/threat-research/the-taxman-never-sleeps, https://github.com/executemalware/Malware-IOCs/blob/main/2022-02-22%20Orcus%20RAT%20IOCs, https://www.deepinstinct.com/blog/emotet-vacation-is-over-no-rest-for-the-wicked

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 1 month ago
Appeared in 14 threat reports