IOC Radar
IPMediumSignal 51/100

103.201.129.130

Location
JapanJapan
Osaka, 27
ASN
AS4785
xTom
First Seen
Sep 3, 2021
Last Seen
Jun 14, 2026
Sep 3
First Seen
1750d ago
Jun 14
Last Seen
5d ago
10
Reports
source reports
51%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

53 techniques

Network Information

CountryJPJapan
RegionOsaka, 27
ASNAS4785
OrganizationxTom

Feed Intelligence Summary

10 reports51% confidence
10
Source reports
51%
Confidence score
Category tags
academic institutionsaccount brute forceactive scanningaddressaerospace & defenseagricultural supply chainagricultural technologyagriculture, forestry, fishing and huntingaitm serveramos steakeramos stealerand exploitation attemptsanydesk moduleaptapt28archive fileasiaasimatera agentatomic httpsatomic stealerattackauthentication attackautomotive manufacturingbcttbha006blockboinc c2bootkitty iocsbotnetbrazanbamboo c2brute forcebrute force attackbrute_forceburnsrat cc2 addressc2 domainc2 httpc2 httpsc2 ipc2 serverc2 serverscertcheat enginechiselcivil servicescloudcloud computingcloud migrationcloud securitycloud servicescloud storagecobalt strikecode executioncode injectioncode issuescode snippetscommand and controlcommand executioncommunication protocolcommunication technologiescommunications networkscompromise noteconsumer goodscredential accesscredential harvestingcredential stuffingcredential theftcredential_accesscritical infrastructurecrop productioncrypto cybercthulhu stealercybercyber threatscyber warfaredamndarkracedatadata encryptiondata exfiltrationdatabase securitydefanged filedefencedefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedetailsdigital signaturedistributed attacksdistribution managementdonexdownload urldownloaderdropperduoyieducationeducational resourceseducational serviceseducational technologyeldoradoelectronics manufacturingemergency servicesenergyenergy distributionenergy systemsenumerationeuropeeurope/asiaexploitexploitationfake captchafake chromefarmingfilefilesfinaldraft elffinancefinancial servicesfinancial systemsfindfingerprintfirstfirst seenfirst stagefleet managementfood productionfooterfreight forwardingfreight servicesftpftp brute forcegh0stratghostgambitghostsocksgithubgithub usersglobal operationgmergoogle meetgovernment facilitiesgovernment technologyguidloaderhasheshashes payloadhelldown linuxhidden rootkithigher educationhornshta filehta md5hta scripthtmlhtml payloadhttp attackhttp brute forcehttp scannerhttpsiconimapindicatorindicatortypeindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection attacksinventory managementiocsiocs filesiocs hashiocs helldowniocs maliciousiocs zipips httpsipv4ipv4 addressit infrastructurejapanjpjs downloadk-12 educationl fileslandinglateral movementlatin americalinkslinuxlivestock managementlnk fileloaderlockbitlogistics technologylumma payloadmalicious activitymalicious linksmalicious softwaremalwaremalware c2malware hashmalware signingmanufacturing technologymaritime transportmekotio bankingmilitary operationsmintsloader c2mlpeamobile carriersmobile networksmoneromonitormsimsi filemulti-cloud managementna majesticna starknational securityneshtanetworknetwork attacksnetwork intrusionnetwork ipnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork_reconnaissancenoopldr type1noopldr type2officeoil & gasoil and gasopenopswat oesispanelpassenger transportationpassword attackspathloaderpayloadpayload hostpayload urlphantomphishingphishing attackphishing urlsphobosphpsertphpsert variantpluginplugxplugx c2portspower generationpower systemspowershower c2precision agricultureprocess injectionprocess manufacturingprotocol exploitationpscppsexecpublicpublic administrationpublic infrastructurepublic policypullquality controlquite solsjoasquocrail transportransomreconnaissancereddelta c2redditregistry keysregulatory agenciesremcos trojanremote accessremote managementremote servicesrenewable energyresearchedretail traderhadamanthys c2russiarussian state actorsample sha256samplessandwormsandworm aptsearchseenserver httpserversserviceservice dllsftp attackshell commandsshipping servicessimilar sha256sitesitessmb brute forcesmb scanningsmtpsmtp brute forcesocial engineeringsoftware developmentsoftware exploitationsoftware integritysolo airfieldssh accessssh attackstarstate-sponsored attackstealc c2stealc payloadstrike loadersstrongstudio codesupply chain managementsustainable agriculturesystembct1016t1018t1021t1021.001t1021.002t1027t1030t1040t1041t1046t1047t1055t1059t1059.001t1059.003t1068t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1199t1203t1204.001t1210t1486t1496t1499.001t1499.002t1499.003t1554.001t1554.003t1555t1563t1565t1566.001t1566.002t1566.003t1569.002t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp scanningtelecom servicestelecommunicationstelnet threatthreatthreat actortimetls certificatetokentransportation and warehousingtransportation infrastructuretransportation managementtransportation networkstransportation technologytrojanizedtrojanspyttpsturkeyturntwittertype nameudp scanukraineurlsurls httpurls httpsv4 removalvantvbshower c2versionversion bversion cversion dversion eviewvisual studiovssadmin deletewarehouse operationswater systemsweb securityweb trafficwindows payloadzimbrazipmsi

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
10
Reports
First seenSep 3, 2021
Last seenJun 14, 2026
GeolocationJP
CountryJapan
LocationOsaka, 27
ASNAS4785
OrgxTom
Coords34.6851, 135.5136

VirusTotal

Not checked

WHOIS

description
CC=JP ASN=AS4785 xtom
raw
inetnum: 103.201.128.0 - 103.201.131.255 netname: XTOM-UK-AP descr: xTom Limited country: JP org: ORG-XL1-AP admin-c: XLA5-AP tech-c: XLA5-AP abuse-c: AX75-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-XTOM-UK-AP mnt-routes: MAINT-XTOM-UK-AP mnt-irt: IRT-XTOM-UK-AP last-modified: 2020-05-12T13:04:51Z source: APNIC irt: IRT-XTOM-UK-AP address: 3rd Floor 86-90 Paul Street, London, EC2A 4NE e-mail: [email protected] abuse-mailbox: [email protected] admin-c: XLA5-AP tech-c: XLA5-AP auth: # Filtered remarks: [email protected] was validated on 2025-01-07 remarks: [email protected] was validated on 2025-01-08 mnt-by: MAINT-XTOM-UK-AP last-modified: 2025-01-08T04:33:52Z source: APNIC organisation: ORG-XL1-AP org-name: xTom Limited org-type: LIR country: GB address: 3rd Floor 86-90 Paul Street phone: +44-2038085333 fax-no: +44-2038085333 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:16:46Z source: APNIC role: ABUSE XTOMUKAP country: ZZ address: 3rd Floor 86-90 Paul Street, London, EC2A 4NE phone: +000000000 e-mail: [email protected] admin-c: XLA5-AP tech-c: XLA5-AP nic-hdl: AX75-AP remarks: Generated from irt object IRT-XTOM-UK-AP remarks: [email protected] was validated on 2025-01-07 remarks: [email protected] was validated on 2025-01-08 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-01-08T04:34:14Z source: APNIC role: xTom Limited administrator address: 3rd Floor 86-90 Paul Street, London, EC2A 4NE country: GB phone: +44-2038085333 fax-no: +44-2038085333 e-mail: [email protected] admin-c: XLA5-AP tech-c: XLA5-AP nic-hdl: XLA5-AP mnt-by: MAINT-XTOM-UK-AP abuse-mailbox: [email protected] last-modified: 2017-05-03T08:47:31Z source: APNIC route: 103.201.129.0/24 origin: AS4785 descr: xTom Limited 3rd Floor 86-90 Paul Street mnt-by: MAINT-XTOM-UK-AP last-modified: 2019-12-05T14:07:02Z source: APNIC
references
https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/, https://labs.inquest.net/iocdb, Bootkitty, Glove-Stealer, Fake Discount Sites Exploit Black Friday, Helldown Ransomware, HawkEye Malware, PXA Stealer, Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack, BrazenBamboo, SpyGlace, RustyStealer and New Ymir Ransomware, PyPI-AIOCPA, Python NodeStealer, romcom-exploits-firefox-and-windows, Rockstar-Phishing, Silent Skimmer Gets Loud (Again), SteelFox Trojan, WezRat Malware, Avast-Anti-Root-KIt, Winos4.0 RAT, APT36, WolfsBane Backdoor, APT-K-47, Remcos RAT, babbleloader, Bitter APT, UAC-0194’s Exploitation of CVE-2024-43451 in Ukraine for Phishing, CloudScout_ Evasive Panda scouting cloud services, clickfix-tactic, Akira Ransomware, Bumblebee Malware, ELDORADO RANSOMWARE, Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan, Demodex rootkit, BugSleep Malware, HotPage.exe (malware), Qilin Ransomware, NOOPDOOR Malware, Shadowroot Ransomware, play ransomware, MALLOX RANSOMWARE, New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users, ACR Stealer, Suspicious Domains Exploiting the Recent CrowdStrike Outage!, Gh0stGambit, MEKOTIO BANKING TROJAN, TAG-100, Fake game sites lead to information stealers, Chrome Extensions Hijacked, 2.6 Million Users Impacted, macOS Users Targeted by the New Variant of Banshee Infostealer, Hundreds of fake Reddit sites push Lumma Stealer malware, GamaCopy APT Group Mimicking GamaRedon, InvisibleFerret Malware Leveraging Python for Targeted Attacks, Fake CAPTCHA Campaign That Spreads LUMMA Info Stealer, REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors, Phishing Campaigns Fuel Compiled AutoIt Malware Distribution, The great Google Ads heist_ criminals ransack advertiser accounts via fake Google ads, New Star Blizzard spear-phishing campaign targets WhatsApp accounts, RansomHub Affiliate leverages Python-based backdoor, Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques, Advanced Evasion Techniques Used by NonEuclid RAT, The Return of PlugX Malware with Fresh Tricks, The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts, Weaponized Software Targeting Chinese Organizations, Threat Surge as Lumma Stealer Expands Its Reach, Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain, MintsLoader_Stealc, North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks, North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware, Rat Race_ ValleyRAT Malware Targets Organizations with New Delivery Techniques, Salt Typhoon Target U.S. Telecom Networks, SecTopRAT, Stealers on the Rise, Snake Keylogger, AsyncRAT Reloaded, The BadPilot campaign_ Seashell Blizzard subgroup conducts multiyear global access operation, FatalRAT, SystemBC RAT Poses New Risks to Linux System, Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations, FERRET Malware Targets macOS in Sophisticated North Korean Attacks, Espionage Campaign Targeting South Asian Entities, Astral Stealer Strikes Again Stealing More Than Just Your Cookies, The New Ransomware Menace Vgod Gains Momentum, Microsoft Advertisers Phished via Malicious Google Ads, LegionLoader Malware Expands Global Reach, NEW.txt, From Stealers to Ransomware PureCrypter Delivers It All, New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs, FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux, LockBit Ransomware Attack Leveraging Cobalt Strike, Rspack_Compromised_Packages, SmokeLoader, Sock5Systemz-PROXY-AM, solana-backdoor, U.S. Organization in China Targeted by Attackers, UAC-0185 attacks warned by CERT-UA, BellaCpp, bootkitty(logofail), Visual Studio Code Remote tunnels, Cloud Atlas seen using a new tool in its attacks, Christmas-Themed LNK Files Used for Malware Delivery, DarkGate, MirrorFace Campain, horns-hooves, Developers Targeted by New ‘OtterCookie’ Malware with Fake Job Offers, NetSupport RAT and BurnsRAT, Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery, MUT-1244-GitHub, Phobos ransomware, Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data, PUMAKIT, OtterCookie used by Contagious Interview, Ransomware-Lockbit3-IOCs.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 5 days ago
Appeared in 10 threat reports