Home/MuddyWater/IOCs
IOCs

Indicators for MuddyWater

830 indicators · scoped to malware families · back to MuddyWater
Live IOCs from URLhaus, ThreatFox, MalwareBazaar, and abuse.ch SSLBL for malware families this actor uses. All indicators are defanged for safe handling.

Indicators

100 of 830
ip:port
167[.]99[.]51[.]2:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
167[.]99[.]51[.]2:443
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
8[.]216[.]80[.]229:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
167[.]71[.]13[.]103:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
167[.]71[.]13[.]103:443
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
91[.]199[.]154[.]103:443
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
146[.]70[.]158[.]198:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
146[.]70[.]158[.]198:443
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
91[.]199[.]154[.]103:34211
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
143[.]110[.]151[.]209:443
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
143[.]110[.]151[.]209:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
172[.]245[.]185[.]195:9988
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
46[.]8[.]226[.]70:80
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
5[.]180[.]253[.]105:8000
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
24[.]12[.]218[.]134:9090
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
185[.]246[.]223[.]72:5000
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
165[.]245[.]181[.]147:8000
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
164[.]90[.]231[.]249:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
173[.]254[.]211[.]245:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
157[.]245[.]235[.]51:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
82[.]153[.]138[.]218:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
217[.]60[.]248[.]115:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
117[.]148[.]177[.]48:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]242[.]215[.]217:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
77[.]111[.]101[.]101:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
163[.]123[.]183[.]125:443
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
13[.]222[.]116[.]11:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
169[.]40[.]135[.]133:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
120[.]53[.]244[.]68:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
42[.]193[.]120[.]28:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
31[.]204[.]128[.]108:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
107[.]174[.]64[.]130:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
37[.]60[.]231[.]121:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]242[.]227[.]177:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
188[.]244[.]117[.]112:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
147[.]45[.]60[.]103:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
204[.]168[.]210[.]199:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
192[.]210[.]193[.]106:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
89[.]125[.]255[.]44:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
134[.]199[.]231[.]101:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
143[.]244[.]208[.]126:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
5[.]180[.]253[.]105:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
45[.]77[.]13[.]129:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
157[.]245[.]101[.]92:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
158[.]178[.]141[.]79:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
104[.]251[.]180[.]167:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
143[.]198[.]183[.]46:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]109[.]11[.]65:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
64[.]225[.]49[.]99:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
172[.]236[.]10[.]230:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
36[.]150[.]237[.]12:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
147[.]15[.]78[.]253:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
209[.]209[.]40[.]215:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
165[.]245[.]181[.]147:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
140[.]245[.]13[.]61:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
31[.]58[.]79[.]155:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
104[.]248[.]203[.]61:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
158[.]160[.]103[.]134:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
37[.]81[.]166[.]34:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
153[.]75[.]248[.]248:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
178[.]128[.]244[.]152:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
107[.]173[.]37[.]160:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
146[.]190[.]69[.]62:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
31[.]204[.]128[.]170:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
159[.]65[.]231[.]200:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
151[.]243[.]109[.]146:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
89[.]117[.]1[.]80:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
47[.]237[.]100[.]236:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
124[.]222[.]144[.]44:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
146[.]19[.]213[.]207:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
77[.]91[.]70[.]29:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
143[.]198[.]149[.]226:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
35[.]208[.]7[.]65:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
164[.]68[.]96[.]71:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
167[.]172[.]239[.]135:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
173[.]249[.]23[.]64:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
45[.]198[.]224[.]19:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
194[.]233[.]77[.]182:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
198[.]46[.]249[.]111:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
150[.]107[.]31[.]116:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
64[.]235[.]35[.]39:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
31[.]204[.]128[.]102:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
2[.]59[.]151[.]222:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
137[.]220[.]38[.]206:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
107[.]175[.]44[.]223:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
180[.]131[.]145[.]69:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
167[.]71[.]131[.]160:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
81[.]71[.]51[.]134:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
66[.]116[.]237[.]233:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
104[.]129[.]128[.]148:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]47[.]122[.]77:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
192[.]3[.]171[.]211:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
80[.]96[.]108[.]90:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
164[.]90[.]149[.]44:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
51[.]195[.]119[.]119:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
64[.]235[.]43[.]82:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
38[.]54[.]17[.]171:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
74[.]0[.]32[.]165:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
8[.]162[.]15[.]76:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
ip:port
119[.]28[.]101[.]250:31337
family Sliver source threatfox
VirusTotalAbuseIPDBShodanGreyNoiseOTXCensysTalosPulsedive
Showing 701-800 of 830
Prev 8 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin