IOC Radar
IPHighVerifiedSignal 41/100

185.187.207.193

Location
IraqIraq
Sulaymaniyah, Sulaymaniyah Governorate
ASN
AS48492
Fancy Net Company Ltd
First Seen
Apr 16, 2026
Last Seen
May 31, 2026
Apr 16
First Seen
58d ago
May 31
Last Seen
14d ago
5
Reports
source reports
41%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

21 techniques

Network Information

CountryIQIraq
RegionSulaymaniyah, Sulaymaniyah Governorate
ASNAS48492
OrganizationFancy Net Company Ltd

Feed Intelligence Summary

5 reports41% confidence
5
Source reports
41%
Confidence score
Category tags
active scanagentaptasiaattackbackbad reputationcloudcontactdemodevtcpipportenumerateexploitation activitygrephackinghuntindicatoripv4iqiraqkagentmalwaremarimonetworknkabusenkn blockchainpostgresqlpythonrebootresearchedreverse shellscannerselectspacesstrongsysdigt1016t1021.004t1027.002t1033t1053t1053.003t1059.004t1059.006t1071.004t1082t1083t1090t1095t1105t1140t1190t1543.001t1543.002t1552.001t1571t1573.002targetthreat actortor nodeweb app attack

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
5
Reports
First seenApr 16, 2026
Last seenMay 31, 2026
Verified IOC
GeolocationIQ
CountryIraq
LocationSulaymaniyah, Sulaymaniyah Governorate
ASNAS48492
OrgFancy Net Company Ltd
Coords33.0000, 44.0000

VirusTotal

Not checked

WHOIS

description
CC=IQ ASN=ASNone
raw
inetnum: 185.187.204.0 - 185.187.207.255 netname: IQ-IQONLINE-20170130 country: IQ org: ORG-IOFI1-RIPE admin-c: NM8127-RIPE tech-c: NM8127-RIPE status: ALLOCATED PA mnt-by: mnt-iq-iqonline-1 mnt-by: RIPE-NCC-HM-MNT created: 2025-05-15T14:47:07Z last-modified: 2025-05-15T14:47:07Z source: RIPE organisation: ORG-IOFI1-RIPE org-name: I.Q Online for Internet Services and Communications LLC country: IQ org-type: LIR address: Hasba xani naqib, KSC Building, 2nd Floor address: 46001 address: Sulaymaniyah address: IRAQ phone: +9647713502771 admin-c: NM8127-RIPE tech-c: NM8127-RIPE abuse-c: AR60653-RIPE mnt-ref: mnt-iq-iqonline-1 mnt-by: RIPE-NCC-HM-MNT mnt-by: mnt-iq-iqonline-1 created: 2020-07-14T07:51:36Z last-modified: 2023-01-11T10:32:26Z source: RIPE # Filtered geoloc: 35.56222148624128 45.40504271674984 role: Network Manager address: Hasba xani naqib, KSC Building, 2nd Floor address: 46001 address: Sulaymaniyah address: IRAQ phone: +9647705600000 nic-hdl: NM8127-RIPE mnt-by: mnt-iq-iqonline-1 created: 2020-07-14T07:51:35Z last-modified: 2024-05-28T14:56:13Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 185.187.207.0/24 origin: as48492 mnt-by: mnt-iq-iqonline-1 created: 2025-05-15T22:30:01Z last-modified: 2025-05-15T22:33:00Z source: RIPE descr: iQ Onlinw FTTx Services
references
https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface, IOCs.2026.csv, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface#conclusion

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 month ago · Last seen 14 days ago
Appeared in 5 threat reports