July 2023 Incident Indicators of Compromise (IoCs)
Contents
This list was updated on 2023-07-14 14:47 UTC. If you haven’t updated since that date, please use the most up-to-date list.
Based on our investigation, we have identified the following malicious IP addresses and hashes to block and avoid at all costs. Please use this data to add additional protection to your Endpoint Detection and Response (EDR) and perimeter security solutions. This list may be updated periodically.
Block all of the following for ingress and egress:
- 51.254.24.19
- 185.152.67.39
- 70.39.103.3
- 66.187.75.186
- 104.223.86.8
- 100.21.104.112
- 23.95.182.5
- 78.141.223.50
- 116.202.251.38
- 89.44.9.202
- 192.185.5.189
- 162.241.248.14
- 179.43.151.196
- 45.82.250.186
- 162.19.3.23
- 144.217.92.197
- 23.29.115.171
- 167.114.188.40
- 91.234.199.179
- nomadpkgs[.]com
- centos-repos[.]org
- datadog-cloud[.]com
- toyourownbeat[.]com
- datadog-graph[.]com
- centos-pkg[.]org
- primerosauxiliosperu[.]com
- zscaler-api[.]org
- nomadpkg[.]com
- launchruse[.]com
- Reggedrobin[.]com
- Canolagroove[.]com
- alwaysckain[.]com
Do NOT allow these hashes to be executed:
SHA256: 9151ff77b65eeacd5cdddd13c041db3ad9818fd2aebe05d8745227fac7e516b8
SHA1: 92480e506d51d920fcc1d4dba7206c3185317f61
MD5: 3a9c24c92c221658a8bf9ce61d758e1a
SHA256: 4dc71b659c9277c7bb704392f8af5b6b2fbc9a66d3ad80d8cb4df0bd686f0e86
SHA1: cb0e71340f963f7f2f404a0431d82ac809d2b15d
MD5: b8724109e5473b4ca79a13c33b865e32
As a reminder, please do not reach out to these IPs or URLs directly from your company’s infrastructure. Please use a tool such as VirusTotal when evaluating IoCs.
Based on our investigation, we have identified the following malicious IP addresses and hashes to block and avoid at all costs. Please use this data to add additional protection to your Endpoint Detection and Response (EDR) and perimeter security solutions. This list may be updated periodically.
Block all of the following for ingress and egress:
- 51.254.24.19
- 185.152.67.39
- 70.39.103.3
- 66.187.75.186
- 104.223.86.8
- 100.21.104.112
- 23.95.182.5
- 78.141.223.50
- 116.202.251.38
- 89.44.9.202
- 192.185.5.189
- 162.241.248.14
- 179.43.151.196
- 45.82.250.186
- 162.19.3.23
- 144.217.92.197
- 23.29.115.171
- 167.114.188.40
- 91.234.199.179
- nomadpkgs[.]com
- centos-repos[.]org
- datadog-cloud[.]com
- toyourownbeat[.]com
- datadog-graph[.]com
- centos-pkg[.]org
- primerosauxiliosperu[.]com
- zscaler-api[.]org
- nomadpkg[.]com
- launchruse[.]com
- Reggedrobin[.]com
- Canolagroove[.]com
- alwaysckain[.]com
Do NOT allow these hashes to be executed:
SHA256: 9151ff77b65eeacd5cdddd13c041db3ad9818fd2aebe05d8745227fac7e516b8
SHA1: 92480e506d51d920fcc1d4dba7206c3185317f61
MD5: 3a9c24c92c221658a8bf9ce61d758e1a
SHA256: 4dc71b659c9277c7bb704392f8af5b6b2fbc9a66d3ad80d8cb4df0bd686f0e86
SHA1: cb0e71340f963f7f2f404a0431d82ac809d2b15d
MD5: b8724109e5473b4ca79a13c33b865e32
As a reminder, please do not reach out to these IPs or URLs directly from your company’s infrastructure. Please use a tool such as VirusTotal when evaluating IoCs.
IoC
100.21.104.112
104.223.86.8
116.202.251.38
144.217.92.197
162.19.3.23
162.241.248.14
167.114.188.40
179.43.151.196
185.152.67.39
192.185.5.189
23.29.115.171
23.95.182.5
3a9c24c92c221658a8bf9ce61d758e1a
45.82.250.186
4dc71b659c9277c7bb704392f8af5b6b2fbc9a66d3ad80d8cb4df0bd686f0e86
51.254.24.19
66.187.75.186
70.39.103.3
78.141.223.50
89.44.9.202
91.234.199.179
9151ff77b65eeacd5cdddd13c041db3ad9818fd2aebe05d8745227fac7e516b8
92480e506d51d920fcc1d4dba7206c3185317f61
b8724109e5473b4ca79a13c33b865e32
cb0e71340f963f7f2f404a0431d82ac809d2b15d
http://Canolagroove.com
http://Reggedrobin.com
http://alwaysckain.com
http://centos-pkg.org
http://centos-repos.org
http://datadog-cloud.com
http://datadog-graph.com
http://launchruse.com
http://nomadpkg.com
http://nomadpkgs.com
http://primerosauxiliosperu.com
http://toyourownbeat.com
http://zscaler-api.org
104.223.86.8
116.202.251.38
144.217.92.197
162.19.3.23
162.241.248.14
167.114.188.40
179.43.151.196
185.152.67.39
192.185.5.189
23.29.115.171
23.95.182.5
3a9c24c92c221658a8bf9ce61d758e1a
45.82.250.186
4dc71b659c9277c7bb704392f8af5b6b2fbc9a66d3ad80d8cb4df0bd686f0e86
51.254.24.19
66.187.75.186
70.39.103.3
78.141.223.50
89.44.9.202
91.234.199.179
9151ff77b65eeacd5cdddd13c041db3ad9818fd2aebe05d8745227fac7e516b8
92480e506d51d920fcc1d4dba7206c3185317f61
b8724109e5473b4ca79a13c33b865e32
cb0e71340f963f7f2f404a0431d82ac809d2b15d
http://Canolagroove.com
http://Reggedrobin.com
http://alwaysckain.com
http://centos-pkg.org
http://centos-repos.org
http://datadog-cloud.com
http://datadog-graph.com
http://launchruse.com
http://nomadpkg.com
http://nomadpkgs.com
http://primerosauxiliosperu.com
http://toyourownbeat.com
http://zscaler-api.org