Home/APT29/IOCs
IOCs

Indicators for APT29

1,662 indicators · scoped to malware families · back to APT29
Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this actor uses. All indicators are defanged for safe handling.

Indicators

100 of 1,662
ip:port
103[.]171[.]35[.]66:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
107[.]149[.]192[.]54:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
124[.]222[.]218[.]20:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
124[.]221[.]255[.]78:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
123[.]56[.]78[.]220:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
152[.]32[.]202[.]240:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
150[.]158[.]119[.]242:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
165[.]154[.]244[.]73:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
156[.]225[.]20[.]77:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
182[.]92[.]239[.]94:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
39[.]105[.]160[.]175:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]38[.]250[.]99:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
211[.]184[.]175[.]246:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
45[.]58[.]56[.]34:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
8[.]130[.]80[.]145:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
8[.]130[.]26[.]216:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
94[.]74[.]164[.]177:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
87[.]251[.]67[.]85:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
118[.]89[.]88[.]183:56781
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
139[.]196[.]223[.]82:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
helpremote[.]cc
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
115[.]190[.]160[.]206:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
8[.]159[.]146[.]72:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
missmovie[.]lol
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
179[.]43[.]186[.]214:7889
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
193[.]142[.]146[.]30:9433
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
81[.]71[.]82[.]54:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
60[.]205[.]139[.]210:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
36[.]140[.]162[.]173:4433
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]76[.]185[.]85:18443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
43[.]161[.]245[.]186:79
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
67[.]219[.]102[.]244:53
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
180[.]76[.]141[.]175:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
36[.]140[.]162[.]173:8088
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
115[.]190[.]161[.]178:1234
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
8[.]137[.]149[.]67:8091
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]182[.]168[.]169:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
101[.]132[.]173[.]62:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
106[.]13[.]29[.]104:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]236[.]56[.]15:4445
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
148[.]135[.]120[.]162:53
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
ns2[.]googleclouds[.]net
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
ns1[.]googleclouds[.]net
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
job[.]itechno[.]cc
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
156[.]245[.]248[.]173:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
154[.]201[.]74[.]112:1433
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
1[.]13[.]247[.]208:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
123[.]58[.]64[.]57:34567
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
122[.]51[.]93[.]94:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
43[.]156[.]63[.]124:64494
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
enter[.]xone[.]la
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
193[.]42[.]25[.]65:1443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]236[.]149[.]142:46832
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
120[.]79[.]255[.]238:8088
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
111[.]228[.]55[.]96:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
165[.]154[.]225[.]239:8443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
122[.]51[.]31[.]224:4443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
212[.]14[.]244[.]222:806
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
156[.]225[.]20[.]77:5006
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
59[.]110[.]28[.]230:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
192[.]253[.]227[.]88:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
167[.]88[.]168[.]76:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
83[.]229[.]126[.]183:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
117[.]72[.]242[.]9:9999
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
119[.]42[.]148[.]186:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
134[.]122[.]140[.]185:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
117[.]72[.]175[.]125:8087
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
103[.]149[.]93[.]146:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
112[.]3[.]31[.]155:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
179[.]43[.]186[.]214:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
8[.]17[.]56[.]128:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
ns1[.]servicedata[.]services
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
8[.]137[.]149[.]67:8060
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
182[.]254[.]155[.]23:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
182[.]16[.]98[.]83:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
116[.]62[.]226[.]163:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
182[.]16[.]98[.]84:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
196[.]251[.]83[.]89:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]121[.]135[.]201:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
140[.]143[.]194[.]253:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
maelootp[.]com
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
domain
evil[.]ritademo[.]io[.]vn
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
116[.]62[.]226[.]163:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
115[.]190[.]140[.]220:1443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]110[.]67[.]64:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]120[.]70[.]161:6666
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
www[.]salesf0rce[.]club
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
143[.]92[.]43[.]246:8011
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]129[.]2[.]130:53
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
domain
ns1[.]gygiuh[.]online
family Cobalt Strike source threatfox
VirusTotalOTXurlscancrt.shSecurityTrailsTalosPulsedive
ip:port
154[.]201[.]74[.]112:8080
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
183[.]78[.]152[.]175:808
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
143[.]92[.]43[.]153:8011
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
143[.]92[.]43[.]231:8011
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
154[.]92[.]15[.]229:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
212[.]14[.]244[.]222:808
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
115[.]120[.]245[.]134:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
196[.]251[.]69[.]253:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]113[.]186[.]138:443
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
43[.]139[.]170[.]200:80
family Cobalt Strike source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
Showing 501-600 of 1,662
Prev 6 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin