IOC Radar
IPMediumSignal 73/100

23.254.167.21

Location
United StatesUnited States
Seattle, Washington
ASN
AS54290
Hostwinds LLC
First Seen
Aug 19, 2023
Last Seen
Apr 30, 2026
Aug 19
First Seen
1028d ago
Apr 30
Last Seen
43d ago
7
Reports
source reports
73%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

18 techniques

Network Information

CountryUSUnited States
RegionSeattle, Washington
ASNAS54290
OrganizationHostwinds LLC

Feed Intelligence Summary

7 reports73% confidence
7
Source reports
73%
Confidence score
Category tags
abuseactive scanalienvault_ransomwareaptbad reputationbluenoroffc++c2 servercabbagecabbage ratcageychameleoncommand & controlcontactcopycryptocurrencydomainsdownloaderdprkelfexecutable fileexploitation activityfake meetingfake teamsfake zoomhasheshelloindicatoripv4lazaruslinuxllc namesilomachomalwarenamecheap incnation-state activitynetworknorth americaperlpetrosky cloudpowershellransomwareremote accessresearchedscams & fraudsedo gmbhserviceslacksnippetsocradart1005t1008t1027t1056t1057t1059t1059.002t1059.004t1078.004t1082t1102t1105t1123t1125t1176t1547t1557t1566terminatesthreat actortor nodeunc1069united statesvalidinvbsvbs payloadvoicezoom

Activity Timeline

1 total obs
Apr 30Apr 30

Threat Activity Heatmap

· Peak: 2026-04-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
7
Reports
First seenAug 19, 2023
Last seenApr 30, 2026
GeolocationUS
CountryUnited States
LocationSeattle, Washington
ASNAS54290
OrgHostwinds LLC
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
CC=US ASN=AS54290 hostwinds llc.
raw
NetRange: 23.254.128.0 - 23.254.255.255 CIDR: 23.254.128.0/17 NetName: HOSTWINDS-17-6 NetHandle: NET-23-254-128-0-1 Parent: NET23 (NET-23-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Hostwinds LLC. (HL-29) RegDate: 2013-11-13 Updated: 2021-09-23 Comment: https://www.hostwinds.com Comment: Abuse Contact: [email protected] Ref: https://rdap.arin.net/registry/ip/23.254.128.0 OrgName: Hostwinds LLC. OrgId: HL-29 Address: 12101 Tukwila International Blvd, 3rd Floor, Suite 320 City: Seattle StateProv: WA PostalCode: 98168 Country: US RegDate: 2011-11-30 Updated: 2024-11-25 Comment: https://www.hostwinds.com Comment: Abuse Contact: [email protected] Ref: https://rdap.arin.net/registry/entity/HL-29 ReferralServer: rwhois://rwhois.hostwinds.net:4321 OrgTechHandle: HNOC9-ARIN OrgTechName: Hostwinds Network Operations Center OrgTechPhone: +1-206-886-0665 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/HNOC9-ARIN OrgNOCHandle: HNOC9-ARIN OrgNOCName: Hostwinds Network Operations Center OrgNOCPhone: +1-206-886-0665 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/HNOC9-ARIN OrgAbuseHandle: HAC3-ARIN OrgAbuseName: Hostwinds Abuse Center OrgAbusePhone: +1-206-886-0665 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/HAC3-ARIN
references
https://radar.securityalliance.org/advisory-on-dprk-unc1069-fake-microsoft-teams-and-zoom-calls/, https://www.validin.com/blog/i_cant_hear_you_unc1069/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 7 threat reports