IOC Radar
IPMediumSignal 86/100

206.233.130.141

Location
United StatesUnited States
McLean, Virginia
ASN
AS174
Cogent Communications
First Seen
Jun 24, 2024
Last Seen
Feb 21, 2026
Jun 24
First Seen
719d ago
Feb 21
Last Seen
112d ago
8
Reports
source reports
86%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
86%
Signal Score
86 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

70 techniques

Network Information

CountryUSUnited States
RegionMcLean, Virginia
ASNAS174
OrganizationCogent Communications

Feed Intelligence Summary

8 reports86% confidence
8
Source reports
86%
Confidence score
Category tags
abuseactive scanningapacapac regionappdataaptasiaasia-pacificautomotive manufacturingbotnetbrute forcebrute_forcebuilding constructioncdn exploitationcertcivil servicescloud service abusecode executioncode injectioncommand and controlcommand executioncommunication technologiesconstruction materialsconstruction safetyconstruction technologycredential accesscredential harvestingcredential stuffingcredential_accesscrypto cybercyber threatdata exfiltrationdata theftdefencedirectorydistributed attacksdll sideloadingelectronic health recordselectronics manufacturingenergyenergy distributionexfiltrationfatalratftpgh0stgh0st ratgovernment technologygroup policygroup policy injectionhasheshealth care and social assistancehealth information technologyhealthcare information systemshong konghospital managementicsindicatorindustrial automationindustrial control systemsindustrial iotindustrial organizationsindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessit infrastructurekaspersky icslateral movementmalicious softwaremalwaremanufacturing technologymedical servicesmobilemobile carriersmobile networksmobile securitymonitoringmoudoormydoornetworknetwork probingnetwork reconnaissancenetwork securitynetwork_reconnaissancenextnorth americanspackoil & gasoperation salmonslalompatient carepersistent accessphishing attackpower generationpower systemsprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlratsreconnaissanceregulatory agenciesremote accessremote access trojanremote servicesrenewable energyresearchedsandboxscadasimaysimayratsocial engineeringsoftware developmentssh attacksupply chain attacksupply chain managementt1003t1012t1016t1021t1021.001t1027t1033t1036t1040t1046t1047t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1064t1068t1070.001t1071t1071.001t1076t1078t1082t1083t1102t1105t1110t1110.002t1112t1132t1135t1136t1140t1190t1195t1202t1204t1218t1486t1496t1499.002t1499.003t1518t1530t1543.003t1547t1548t1553t1555t1563t1564t1565t1566t1566.001t1566.002t1566.003t1573t1574.002t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003t1598telecom servicestelecommunicationstelnet threattimettpsturkeyturnunited statesurlsyoudao cloudyoudao cloud noteszegost

Activity Timeline

1 total obs
Feb 21Feb 21

Threat Activity Heatmap

· Peak: 2026-02-21
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
86
SIGNAL
Signal Score
86%
Confidence
8
Reports
First seenJun 24, 2024
Last seenFeb 21, 2026
GeolocationUS
CountryUnited States
LocationMcLean, Virginia
ASNAS174
OrgCogent Communications
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
CC=US ASN=AS139646 hong kong megalayer technology co. limited
raw
PSINet, Inc. COGENT-206-232-233-234-235-236-237-238-16 (NET-206-232-0-0-1) 206.232.0.0 - 206.238.255.255 PSINet/ SAIC (circuit site) NETBLK-PSINET-C-130 (NET-206-233-130-0-1) 206.233.130.0 - 206.233.130.255
references
https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets, https://ics-cert.kaspersky.com/publications/reports/2025/02/24/fatalrat-attacks-in-apac-backdoor-delivered-via-an-overly-long-infection-chain-to-chinese-speaking-targets/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 8 threat reports