IOC Radar
IPMediumSignal 62/100

77.88.44.55

Location
Russian FederationRussian Federation
Moscow, Moscow
ASN
AS13238
Yandex LLC
First Seen
Sep 2, 2024
Last Seen
Jun 12, 2026
Sep 2
First Seen
662d ago
Jun 12
Last Seen
13d ago
7
Reports
source reports
62%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

66 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Moscow
ASNAS13238
OrganizationYandex LLC

Feed Intelligence Summary

7 reports62% confidence
7
Source reports
62%
Confidence score
Category tags
.aia50 dataacademic institutionsacceptactive scanactive scanningaddress rangeadult contentadvanced microadversarial attacksai reportakamaiasn1alertsall filehashall ipv4allocation typealone emailamazon dataamazonawsamerica asnamerica flaganalysis dateanalyze createdanguillaanti-vmantiavantivmapplayerappleapple iosappleremotesupportaptarcharmadilloascii textasiaasnoneauthenticationav detectionav detectionsavast avgavg clamavbackdoorbangatbe misleadingbear sharebearshar databelizebelize unknownbitcoinblockchainbotnet activitybrute forcebuildidbypassc2 antianalysisca ocspca validcamscapachachacheckin genericchi2chromecidrcity cupertinocivil servicesck idck matrixclickclient authcloud infrastructurecnmicrosoft tlscode signingcommandcommand & controlcommand decodecommodity contracts intermediationcommunication technologiescomspeccontacted domainscontent lengthcontent typecookiecopycountrycountry uscreation datecreato touccredential harvestingcredential stuffingcrypto exchangecrypto miningcrypto walletcryptocurrencycsc corporatecubacursorcursor agentscustomcustom rulesd4n timestampd8n timestampdatadata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata transferdata uploaddb d2de d3debuggingdecentralized financedefense evasiondelphidigice rsadigital currencydirectory permidiscovery attdisplaynamedns attackdnssecdomainsdotnetdynamicloadereb e1educationeducational resourceseducational serviceseducational technologyee fcelectronic health recordselfelf executableelf infoelf64elf64 operationemailsencryptencryptionenfalenglish usenter scentity adsn1entrieserroret httpeuropeeurope/asiaexe uploadexec amd64exec amd6464executable fileexecution attexpimexpiresfriexploitexploitation activityextr dataextraextra dataextrac dataextraction dataextre dataextri dataf0 fff3 e1f7 b9failedfalseff bbff d5ff fffilesfindflagflag unitedflagsformatfull reportsfunctionfusiong2 rsagandi sasgeckogeneric httpgeoipgermany as8560get httpget naghostgmbhgmtngo binarygooglegovernment technologygrok xgroup indiaguardhackinghacktool codehandlehashes oheader elf64health care and social assistancehealth information technologyhealthcare information systemshelphid ivhighhigher educationhistorical sslhospital managementhosthostn urlhostshttp exehwp supportico rtgroupiconidentity & access exploitationids detectionsimpactinclude reviewindicatorindonesiainfinite loopinfoinfo modifyinformation technologyinfostealeringress tool transferinjectinjectioninjection activityinput threatinstallinstall systeminstallers wellintelintel maciosiot securityipv4is__elfissuer thawteit infrastructureja3 digestsk augk octk-12 educationkeylogkhtmllearnless seelevellevel analysislevel3link librarylinuxlizardsquadloadslocallog idloggerlogmeinlow risklowfimachomadagascarmal_elf_systembcmal_elf_systembc_ratmalicious downloadmalicious softwaremalwaremalware analysismalware distributionmarkmarkmonitormarkusmazemediamedia centermedical servicesmediummetametadata analysismexicomineminimiragemiraimitre attmobile carriersmobile networksmobile threatmodelmodify registrymodify systemmovedmrasnms visualms windowsmsdefender febmsien httpsnaikonname domainname logmeinname serversname tacticsnamecheap incnation-state activitynetherlands asnnetwalkernetworknetwork namenextnjratnorth americanotenotifynsiso metadataobserved dnsobserved rmmocspoffset sizeolyxopensslor incompleteorg appleorg logmeinotx logooutbound yarapassive dnspathpatient carepattern matchpe filepe32 executablepe32 installerpegasuspegasus relatedphishingphishing attackpipespleaseplugxportpost httppost napowershellpresent junprimary rootprivate limitedprocessprocess injectionprocess t1064protonpublic administrationpublic infrastructurepublic policypublic urlpulse pulsespulse submitpushqnapcryptqueryransomransomwareratratioreconnaissancerecord valueregulatory agenciesremote access trojanremote servicesremotelyanywhereresearchedreverse dnsriseprormm domainrooterrootkitrticon englishrurussiarussian federationsafenetsalfordsample appearssandboxsc datascanidscannerscripting intese datasearchsectigo limitedsectigo rsasecuresegoe uiselfself-deleteserver caserversserviceservice scanservice-scanseznamsh certificshared modulesshellshowsigning defenseslcc2smoke loadersmtpsocial engineeringsocial media securitysocradarsoftware developmentspamspawnsssl certificatestackstop typstreamstringsstripchatstrtabstwasummarysummer stsweflagsystembcsystembc_linux_variantsysvt1005t1007t1010t1012t1016t1021t1027t1030t1033t1045t1053t1053.005t1055t1056t1057t1059t1059.001t1060t1063t1064t1069t1069.002t1070t1071t1071.001t1071.004t1082t1083t1087t1105t1112t1113t1115t1119t1129t1134t1140t1213t1222t1480t1480.002t1486t1496t1497t1518t1518.001t1543t1543 privilet1543 systemdt1543.002t1547t1553t1553.002t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1569t1583t1583.001t1587.001t1595.001t1595.002t1595.003t1614ta0004 crtechniques nonetechnir createtelecomtelecom servicestelecommunicationstelhashtestpagingthorthreat actortitletitle errortls snitls webtofseetokyotop destinationtop sourcetor nodetracetracking domainstrojantrojandroppertwittertwitter spywaretwitter vtfloodertype typeu extractioukraineunitedunited statesunixunknown nsupload inboundurlhttpurlmailtourlsusa windowsv execvalidvalid usagevercelvulnerability scanwabotwarpweb spamwhois serverwhois showwin16 newin32 dynamicwin32 malwarewin32/searchsuitewin32cuegoe aprwin32cve aprwin32cve yarawindirwindowwindowswindows malwarewindows ntwritewrite cx msedgex poweredx vercelxordataxserverxtremeratyandexyara detectionsyara ruleyara rule matchyayih

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
7
Reports
First seenSep 2, 2024
Last seenJun 12, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moscow
ASNAS13238
OrgYandex LLC
Coords55.7342, 37.5859

VirusTotal

Not checked

WHOIS

description
"Living off the Land" Takeover (LogMeIn.com)“ INCIDENT REPORT: HIGH-VALUE TARGET NETWORK INTRUSION Threat Profile: Human-operated corporate-grade attack chain targeting an isolated device.Vector: Local network exposure (compromised router/neighboring device) or physical media (USB).Attack Chain Stages:Quant Script: Obfuscated entry file bypassing network filters.SystemBC RAT: Creates a silent, persistent SOCKS5/Tor tunnel for attacker commands.LogMeIn Abuse: Attackers use legitimate remote software to control the device undetected.Crowti (CryptoWall): Final ransomware payload to encrypt high-value data.Key Observations: Because the target device lacked direct internet access, adversaries are actively abusing the local network infrastructure or physical proximity to bridge the gap. I’m open to other opinions regarding this report. I have been unwell and my thinking has been unclear and even off as I focus on getting well. Thank you.
raw
inetnum: 77.88.44.0 - 77.88.44.255 netname: YANDEX-77-88-44-0 status: ASSIGNED PA country: RU descr: Yandex enterprise network mnt-by: YANDEX-MNT admin-c: YNDX1-RIPE tech-c: YNDX1-RIPE org: ORG-YA1-RIPE remarks: INFRA-AW source: RIPE created: 2014-06-16T07:56:18Z last-modified: 2024-10-28T10:36:47Z organisation: ORG-YA1-RIPE org-name: YANDEX LLC country: RU org-type: LIR address: LVA TOLSTOY STREET, 16 address: 119021 address: Moscow address: RUSSIAN FEDERATION phone: +74957397000 fax-no: +74957397070 admin-c: YNDX1-RIPE tech-c: YNDX1-RIPE abuse-c: YAH6-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: YANDEX-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: YANDEX-MNT created: 2004-04-22T14:39:02Z last-modified: 2025-08-04T11:07:18Z source: RIPE # Filtered role: Yandex LLC Network Operations address: Yandex LLC address: 16, Leo Tolstoy St. address: 119021 address: Moscow address: Russian Federation phone: +7 495 739 7000 fax-no: +7 495 739 7070 remarks: trouble: ------------------------------------------------------ remarks: trouble: Points of contact for Yandex LLC Network Operations remarks: trouble: ------------------------------------------------------ remarks: trouble: Routing and peering issues: [email protected] remarks: trouble: SPAM issues: [email protected] remarks: trouble: Network security issues: [email protected] remarks: trouble: Mail issues: [email protected] remarks: trouble: General information: [email protected] remarks: trouble: ------------------------------------------------------ admin-c: MK24579-RIPE tech-c: EM3673-RIPE tech-c: AUR2-RIPE nic-hdl: YNDX1-RIPE mnt-by: YANDEX-MNT created: 2002-06-07T05:35:50Z last-modified: 2021-08-23T16:42:06Z source: RIPE # Filtered abuse-mailbox: [email protected] route: 77.88.44.0/24 descr: Yandex enterprise network origin: AS13238 mnt-by: YANDEX-MNT created: 2008-04-11T14:30:13Z last-modified: 2008-04-11T14:30:13Z source: RIPE
references
https://www.virustotal.com/gui/collection/7eaf72c6d83e1a53843e882b3139de2f1adfb0694d941fc25711382f04550194/summary, https://www.virustotal.com/gui/collection/7eaf72c6d83e1a53843e882b3139de2f1adfb0694d941fc25711382f04550194/iocs, https://www.virustotal.com/graph/embed/g44bd45d852dc47059636e6dd4313a995ae2d247fe58745a6b270b46d0b330b39?theme=dark, https://viz.greynoise.io/analysis/5ba1fbf1-b14f-4ccb-b055-ed78f6154e51, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665782e1dfbf8ec2d3c, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/681f8d9a33510abd7f7cb089 - Readable Strings, https://www.hybrid-analysis.com/sample/f6263e96056bbb4e0b750fea1d4aa466f39f52c6052ad42084d4371273d5d264, https://www.hybrid-analysis.com/sample/f6263e96056bbb4e0b750fea1d4aa466f39f52c6052ad42084d4371273d5d264/682236230d2a1dace50cac79, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/681f8d9c33510abd7f7cb0cc - EXIF Data, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/681f8d8933510abd7f7caf8a - YARA Rules, https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1, https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c, https://n0paste.eu/UH6n5pD/, https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs, https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark, https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 13 days ago
Appeared in 7 threat reports