IOC Radar
IPMediumSignal 74/100

5.252.177.207

Location
United StatesUnited States
Bend, OR
ASN
AS39798
MivoCloud SRL
First Seen
May 6, 2024
Last Seen
May 12, 2026
May 6
First Seen
770d ago
May 12
Last Seen
34d ago
12
Reports
source reports
74%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

8 techniques

Network Information

CountryUSUnited States
RegionBend, OR
ASNAS39798
OrganizationMivoCloud SRL

Feed Intelligence Summary

12 reports74% confidence
12
Source reports
74%
Confidence score
Category tags
active scanactive scanningahk scriptandroidantispamaptbotnet activitybrute forcebrute-forcecertcisacredential harvestingcredential stuffingcvsscvss basedarkgateexecutable fileexploitation activitygooglehackinghtmlhtml fileidentity & access exploitationindicatorinfrastructure acquisitionreconnaissancelnk filelog4jmanualmicrosoft defender smartscreenmobile threatnetworknorth americaphishingphishing attackprotectqakbotransomwarereconnaissanceremcosresearchedriseprortkitscannersliversocial engineeringspamt1566.001t1566.002t1566.003t1587.001t1590.001t1595.001t1595.002t1595.003threat actortigerturkeyunited statesusweb app attackweekwindowswinscpxls file

Activity Timeline

1 total obs
May 12May 12

Threat Activity Heatmap

· Peak: 2026-05-12
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
12
Reports
First seenMay 6, 2024
Last seenMay 12, 2026
GeolocationUS
CountryUnited States
LocationBend, OR
ASNAS39798
OrgMivoCloud SRL
Coords44.0597, -121.3157

VirusTotal

Not checked

WHOIS

raw
NetRange: 5.0.0.0 - 5.255.255.255 CIDR: 5.0.0.0/8 NetName: RIPE-5 NetHandle: NET-5-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2010-11-30 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/5.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-darkgate-menace-leveraging-autohotkey-attempt-to-evade-smartscreen/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://any.run/malware-trends/, https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time, Darkgate Malware Leveraging Autohotkey Following Teams, https://nvd.nist.gov/vuln/detail/CVE-2024-21412, https://gbhackers.com/darkgate-malware-leveraging/, https://nvd.nist.gov/vuln/detail/CVE-2023-36025

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 12 threat reports