TLP:WHITE55 IOCs

Secret Blizzard compromising Storm-0156 infrastructure for espionage / Snowblind: The Invisible Hand of Secret Blizzard

Botvrij.eu OSINT Feed

Published December 5, 2024Original Report

Diamond Model

Adversary

Infrastructure(6)

Capability

Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise55

Type	Indicator	Confidence	Score	First Seen
IP	162.213.195.192 indicatornetwork	High	68	Jun 2, 26
IP	84.247.181.64 malwarenetworkrat	High	68	Jun 2, 26
IP	144.91.72.17 malwarenetworkrat	High	68	Jun 2, 26
IP	130.185.119.198 malwarenetworkrat	High	68	Jun 2, 26
IP	173.212.252.2 indicatornetwork	High	68	Jun 2, 26
IP	154.53.42.194 malwarenetworkrat	High	68	Jun 2, 26
IP	23.88.26.187 indicatornetwork	High	68	Jun 2, 26
IP	209.145.52.172 malwarenetworkrat	High	68	Jun 2, 26
IP	173.249.18.251 malwarenetworkrat	High	68	Jun 2, 26
SHA256	c039ec6622393f9324cacbf8cfaba3b7a41fe6929812ce3bd5d79b0fdedc884a file-hashloadermalware	High	68	Jun 2, 26
SHA256	59d7ec6ec97c6b958e00a3352d38dd13876fecdb2bb13a8541ab93248edde317 file-hashloadermalware	High	68	Jun 2, 26
IP	5.189.183.63 c2exfiltrationmalware	High	68	Jun 2, 26
IP	95.111.229.253 indicatornetwork	High	68	Jun 2, 26
IP	144.126.154.84 indicatornetwork	High	68	Jun 2, 26
IP	162.213.195.129 indicatornetwork	High	68	Jun 2, 26
IP	62.171.153.221 indicatornetwork	High	68	Jun 2, 26
IP	185.229.119.60 indicatornetwork	High	68	Jun 2, 26
SHA256	7c4ef30bd1b5cb690d2603e33264768e3b42752660c79979a5db80816dfb2ad2 file-hashloadermalware	High	68	Jun 2, 26
IP	209.126.11.251 malwarenetworkrat	High	68	Jun 2, 26
SHA256	08803510089c8832df3f6db57aded7bfd2d91745e7dd44985d4c9cb9bd5fd1d2 aptespionagefile-hash	High	68	Jun 2, 26
IP	164.68.108.153 malwarenetworkrat	High	68	Jun 2, 26
IP	109.123.244.46 c2exfiltrationloader	High	68	Jun 2, 26
Domain	connectotels.net loadermalwarenetwork	High	68	Jun 2, 26
SHA256	aba8b59281faa8c1c43a4ca7af075edd3e3516d3cef058a1f43b093177b8f83c file-hashloadermalware	High	68	Jun 2, 26
IP	185.213.27.94 indicatornetwork	High	68	Jun 2, 26
IP	144.126.152.205 indicatornetwork	High	68	Jun 2, 26
IP	167.86.118.69 malwarenetworkrat	High	68	Jun 2, 26
IP	38.242.219.13 malwarenetworkrat	High	68	Jun 2, 26
IP	149.102.140.36 indicatornetwork	High	68	Jun 2, 26
IP	209.126.7.8 indicatornetwork	High	68	Jun 2, 26
IP	45.14.194.253 malwarenetworkrat	High	68	Jun 2, 26
IP	146.70.81.81 loadermalwarenetwork	High	68	Jun 2, 26
IP	161.35.192.207 indicatornetwork	High	68	Jun 2, 26
IP	66.219.22.102 indicatornetwork	High	68	Jun 2, 26
IP	46.249.58.201 indicatornetwork	High	68	Jun 2, 26
SHA256	dbbf8108fd14478ae05d3a3a6aabc242bff6af6eb1e93cbead4f5a23c3587ced file-hashloadermalware	High	68	Jun 2, 26
IP	167.86.113.241 indicatornetwork	High	68	Jun 2, 26
IP	94.177.198.94 indicatornetwork	High	68	Jun 2, 26
IP	91.234.33.48 malwarenetworkrat	High	68	Jun 2, 26
IP	176.57.184.97 malwarenetworkrat	High	68	Jun 2, 26
SHA256	e298b83891b192b8a2782e638e7f5601acf13bab2f619215ac68a0b61230a273 aptespionagefile-hash	High	68	Jun 2, 26
IP	146.70.158.90 networkproxy	High	68	Jun 2, 26
IP	173.212.206.227 malwarenetworkrat	High	68	Jun 2, 26
IP	37.60.236.186 malwarenetworkrat	High	68	Jun 2, 26
Domain	hostelhotels.net loadermalwarenetwork	High	68	Jun 2, 26
IP	173.249.7.111 indicatornetwork	High	68	Jun 2, 26
SHA256	e2d033b324450e1cb7575fedfc784e66488e342631f059988a9a2fd6e006d381 file-hashloadermalware	High	68	Jun 2, 26
IP	209.126.6.227 indicatornetwork	High	68	Jun 2, 26
IP	143.198.73.108 indicatornetwork	High	68	Jun 2, 26
IP	38.242.207.36 malwarenetworkrat	High	68	Jun 2, 26
IP	66.219.22.252 indicatornetwork	High	68	Jun 2, 26
IP	38.242.211.87 malwarenetworkrat	High	68	Jun 2, 26
IP	209.126.81.42 indicatornetwork	High	68	Jun 2, 26
IP	154.38.160.218 indicatornetwork	High	68	Jun 2, 26
SHA256	7c7fad6b9ecb1e770693a6c62e0cc4183f602b892823f4a451799376be915912 file-hashloadermalware	High	68	Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph55 total IOCs

IPSHA256Domain

scroll to zoom · drag to pan · click IOC to open