IOC Radar
DomainMediumSignal 15/100

www.ip123.com.cn

Location
IrelandIreland
First Seen
Jun 11, 2025
Last Seen
Jun 12, 2025
Jun 11
First Seen
368d ago
Jun 12
Last Seen
367d ago
2
Reports
source reports
15%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
15%
Signal Score
15 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Feed Intelligence Summary

2 reports15% confidence
2
Source reports
15%
Confidence score
Category tags
aaaaadobe portableamerica flagantivirus detectionascii textaustraliabodybotnetc2 communicationck idck matrixck techniquesclick-based attackcommandcommand and controlcommand decodecommunication protocolcontactcontacted hostscontrol ta0011copy md5copy sha1copy sha256creation datecredential harvestingcredential theftcsc corporatedata encryptiondata exfiltrationdefense evasiondistributed attacksdocument formatdotfuscatoremailsentrieserroreuropeexecution attexpiration dateextortionfilefilesfiles domainfiles locationflagflag unitedformathostname enumerationhttp scannerhybridigmpimphash matchingindicatorinformation gatheringinformation stealinginfrastructure acquisitionreconnaissanceingress tool transferinput validation bypassirelandlearnlocalmalicious linksmalicious softwaremalwaremarkmonitormitre attmozillaname servername serversname tacticsnetworknetwork analysisnetwork scanningoc0006 httpoccamyoceaniapacked executablepassive dnspath traversalpattern matchpdfpdf documentpdf phishingphishing attackpresent aprpresent febpresent marprocess injectionransomwarereconnaissanceredline stealerrelated nidsresearchedresolved ipsreverse dnsrgbarobotosearchself-signedshow techniquesizesocial engineeringspawnsssl certificatestatic ai analysisstatusstringssub domainsuricata ipv4suricata udpv4system disruptiont1003t1003.001t1003.005t1005t1027t1027.002t1041t1047t1055t1057t1059t1059.001t1068t1071t1071.001t1078t1078.004t1083t1105t1113t1129t1190t1204t1204.001t1204.002t1480t1486t1490t1496t1499.002t1499.003t1518t1547.001t1553t1555t1555.003t1565t1566t1566.001t1566.002t1566.003t1568t1583t1587.001t1589.001t1590t1590.001ta0007 commandtrojan malwareunitedunited kingdomurlsuser executionweb application exploitationweb trafficwininet c0005yara ruleyoutube account compromise

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2025-06-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
15
SIGNAL
Signal Score
15%
Confidence
2
Reports
First seenJun 11, 2025
Last seenJun 12, 2025

VirusTotal

Not checked

WHOIS

description
Yara Matches: MAL_Malware_Imphash_Mar23_1 from ruleset gen_imphash_detection by Arnim Rupp | MALWARE_Win_RedLine from ruleset malware by ditekSHen | rule INDICATOR_EXE_Packed_Dotfuscator from ruleset indicator_packed by ditekSHen | Word_Document_with_Suspicious_Metadata | Word_Document_with_Suspicious_Metadata by InQuest Labs | INDICATOR_EXE_Packed_ConfuserEx from ruleset indicator_packed by ditekSHen || •Trojan.PDF.Phishing.RP | • Static AI - Malicious PDF | • Artemis!071A7869CECD | • Win/malicious_confidence_90 | • Virus.Win32.Expiro | • Trojan.Crypt | • Trj/Chgt.AD | • Trojan.Win32.Occamy | • Trojan-Spy.MSIL.Convagent.gen | *annotation / reference issue while using tool.
raw
DNSSEC: unsigned Domain Name: ip123.com.cn Domain Status: clientTransferProhibited Expiration Time: 2027-09-25 04:04:22 Name Server: ns3.dns.com Name Server: ns4.dns.com Registrant Contact Email: [email protected] Registrant: e12ca28d0010525d Registration Time: 2024-09-25 04:04:22 Sponsoring Registrar: 厦门易名科技股份有限公司

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 year ago
Appeared in 2 threat reports