IOC Radar
IPMediumSignal 100/100

152.32.201.202

Location
JapanJapan
Tokyo, 13
ASN
AS135377
Ucloud Information Technology (hk) Limited
First Seen
Dec 26, 2024
Last Seen
Feb 15, 2026
Dec 26
First Seen
535d ago
Feb 15
Last Seen
118d ago
15
Reports
source reports
99%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryJPJapan
RegionTokyo, 13
ASNAS135377
OrganizationUcloud Information Technology (hk) Limited

Feed Intelligence Summary

15 reports99% confidence
15
Source reports
99%
Confidence score
Category tags
adversary simulation toolamadeyaptarmasciiasiaasyncratattackbase64base64-loaderbeaconbeaconing activitybitbucketblankgrabberboatnetbotnetbotnetdomainc2c2 frameworkc2-same-servercensyscobalt strikecobalt-strikecobaltstrikecoinminercommand and controlcommand executioncredential harvestingdanabotdata exfiltrationddos attacksdefense-evasiondistributed attacksdlldonutloaderelfencodedevasionexegafgytgorillabotnethajimehavochtaindicatorinfrastructure acquisitionreconnaissanceinternet of thingsiot botnetiot/ics attackjapanjplateral movementlateral movement techniqueslazagnelazylnklummalummastealermalicious activitymalicious powershell activitymalicious softwaremalwaremanualmatanbuchusmeduzastealermeterpretermipsmirai botnetmozinetworkopen-diropendirpayloadpayload deploymentpayload generationpenetration testing toolphishing attackpingpost-exploitationpost-exploitation activitiesprocess injectionps1qakbotquasarratremcos trojanremcosratremote accessremote servicesresearchedrevrev-base64-loaderrustystealersaint helena, ascension and tristan da cunhascriptscripting attacksshellcodesocial engineeringstealcstealert1003t1016t1018t1021.001t1027t1041t1047t1055t1059t1059.001t1059.003t1071t1071.001t1078t1083t1086t1090t1090.001t1105t1190t1204.002t1210t1486t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1567t1569.002t1573t1573.001t1587.001t1590.001themidathreat actorua-wgetvalleyratvidarwebserverpiratax86-32xmrigxredxwormzip

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
15
Reports
First seenDec 26, 2024
Last seenFeb 15, 2026
GeolocationJP
CountryJapan
LocationTokyo, 13
ASNAS135377
OrgUcloud Information Technology (hk) Limited
Coords35.6887, 139.7450

VirusTotal

Not checked

WHOIS

raw
inetnum: 152.32.201.0 - 152.32.204.255 netname: UCLOUD-JP descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED country: JP admin-c: UITH2-AP tech-c: UITH2-AP abuse-c: AU164-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-UCLOUD-HK mnt-irt: IRT-UCLOUD-HK last-modified: 2023-03-08T08:40:07Z source: APNIC irt: IRT-UCLOUD-HK address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong e-mail: [email protected] abuse-mailbox: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP auth: # Filtered remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 mnt-by: MAINT-UCLOUD-HK last-modified: 2025-09-04T07:41:27Z source: APNIC role: ABUSE UCLOUDHK country: ZZ address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: AU164-AP remarks: Generated from irt object IRT-UCLOUD-HK remarks: [email protected] was validated on 2025-07-01 remarks: [email protected] was validated on 2025-07-01 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-07-01T09:51:21Z source: APNIC role: UCLOUD INFORMATION TECHNOLOGY HK LIMITED address: FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong country: HK phone: +000000000 e-mail: [email protected] admin-c: UITH2-AP tech-c: UITH2-AP nic-hdl: UITH2-AP notify: [email protected] mnt-by: MAINT-UCLOUD-HK last-modified: 2022-05-16T03:54:14Z source: APNIC route: 152.32.201.0/24 origin: AS135377 descr: UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED FLAT/RM 603 6/F LAWS COMMERCIAL PLAZA 788 CHEUNG SHA WAN ROAD, KL, mnt-by: MAINT-UCLOUD-HK last-modified: 2023-03-09T03:43:14Z country: JP source: APNIC
references
https://threatfox.abuse.ch/export/csv/recent/, https://www.shodan.io/search?query=product%3A%22Cobalt+Strike+Beacon%22, https://urlhaus.abuse.ch/browse/, https://x.com/drb_ra/status/1872162978247946381, https://x.com/drb_ra/status/1872172348948025424, https://x.com/drb_ra/status/1872172376210670028, https://x.com/drb_ra/status/1872172383458501017, https://x.com/drb_ra/status/1872172387535352109, https://x.com/drb_ra/status/1872172392497160511, https://x.com/drb_ra/status/1872172401494233344, https://x.com/drb_ra/status/1872172432942915764, https://x.com/drb_ra/status/1872172444510736568, https://x.com/drb_ra/status/1872172450987061412, https://x.com/drb_ra/status/1872172456632369473, https://x.com/drb_ra/status/1872172467839553746, https://x.com/drb_ra/status/1872172476655964525, https://x.com/drb_ra/status/1872172485728178654, https://x.com/drb_ra/status/1872172495987679273, https://x.com/drb_ra/status/1872172501884678281, https://x.com/drb_ra/status/1872172548626235492, https://x.com/drb_ra/status/1872172595157811562, https://x.com/drb_ra/status/1872172647292834295, https://x.com/drb_ra/status/1872172664405565689, https://x.com/drb_ra/status/1872173136416022644, https://x.com/drb_ra/status/1872173184864371081, https://x.com/drb_ra/status/1872235001179484259, https://x.com/drb_ra/status/1872235047333642713, https://x.com/drb_ra/status/1872235094473379953, https://x.com/drb_ra/status/1872235145937506568, https://x.com/drb_ra/status/1872235204133449801, https://x.com/drb_ra/status/1872235252640612742, https://x.com/drb_ra/status/1872235309989331138, https://x.com/drb_ra/status/1872235364448182753, https://x.com/drb_ra/status/1872235418638532724, https://x.com/drb_ra/status/1872240074966077477, https://x.com/drb_ra/status/1872240127290065391, https://x.com/drb_ra/status/1872240180540973235, https://x.com/drb_ra/status/1872331580624027949, https://x.com/drb_ra/status/1872353182430752916, https://x.com/drb_ra/status/1872353243726238204, https://x.com/drb_ra/status/1872353780051923418, https://x.com/drb_ra/status/1872353832115884039, https://x.com/drb_ra/status/1872354000538128549, https://x.com/drb_ra/status/1872354061854687392, https://x.com/drb_ra/status/1872354126396621004, https://x.com/drb_ra/status/1872354184093397018, https://x.com/drb_ra/status/1872354245653275017, https://x.com/drb_ra/status/1872354299227128007, https://x.com/drb_ra/status/1872354355472654729, https://x.com/drb_ra/status/1872354406387130846, https://x.com/drb_ra/status/1872354482555846804, https://x.com/drb_ra/status/1872354527292334209, https://x.com/drb_ra/status/1872354578240557567, https://x.com/drb_ra/status/1872355120757047578, https://x.com/drb_ra/status/1872355164017037763, https://x.com/drb_ra/status/1872390619076997574, https://x.com/drb_ra/status/1872390664404808151, https://x.com/drb_ra/status/1872394782611513513, https://x.com/drb_ra/status/1872421047905206664, https://x.com/drb_ra/status/1872421098266173616

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 15 threat reports