{"id":93689,"date":"2023-07-12T17:51:22","date_gmt":"2023-07-12T21:51:22","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=93689"},"modified":"2023-08-03T13:42:28","modified_gmt":"2023-08-03T17:42:28","slug":"july-2023-iocs","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/july-2023-iocs","title":{"rendered":"July 2023 Incident Indicators of Compromise (IoCs)"},"content":{"rendered":"\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<ul>\n<li>This article was updated on 2023-08-03 to modify instructions on blocking\/alerting on IP addresses.   <\/li>\n\n\n\n<li>The lists in this article were last updated on 2023-07-14 14:47 UTC. If you haven\u2019t updated since that date, please use the most up-to-date list.<\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>Based on our investigation, we have identified the following malicious IP addresses and hashes to block and avoid at all costs. Please use this data to add additional protection to your Endpoint Detection and Response (EDR) and perimeter security solutions. This list may be updated periodically.<\/p>\n\n\n\n<p><strong>Use the following list of IP addresses to inspect logs between June 20 and July 5 for any suspicious activity:<\/strong><\/p>\n\n\n\n<ul>\n<li>1.254.24.19<\/li>\n\n\n\n<li>185.152.67.39<\/li>\n\n\n\n<li>70.39.103.3<\/li>\n\n\n\n<li>66.187.75.186<\/li>\n\n\n\n<li>104.223.86.8<\/li>\n\n\n\n<li>100.21.104.112<\/li>\n\n\n\n<li>23.95.182.5<\/li>\n\n\n\n<li>78.141.223.50<\/li>\n\n\n\n<li>116.202.251.38<\/li>\n\n\n\n<li>89.44.9.202<\/li>\n\n\n\n<li>192.185.5.189<\/li>\n\n\n\n<li>162.241.248.14<\/li>\n\n\n\n<li>179.43.151.196<\/li>\n\n\n\n<li>45.82.250.186<\/li>\n\n\n\n<li>162.19.3.23<\/li>\n\n\n\n<li>144.217.92.197<\/li>\n\n\n\n<li>23.29.115.171<\/li>\n\n\n\n<li>167.114.188.40<\/li>\n\n\n\n<li>91.234.199.179<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Threat actors do not re-use IP addresses, and many of them will be recycled. Continued blocking\/alerting on these can result in false positives or block legitimate traffic.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p><strong>Block all of the following domains for ingress and egress<\/strong>:<\/p>\n\n\n\n<ul>\n<li>nomadpkgs[.]com<\/li>\n\n\n\n<li>centos-repos[.]org<\/li>\n\n\n\n<li>datadog-cloud[.]com<\/li>\n\n\n\n<li>toyourownbeat[.]com<\/li>\n\n\n\n<li>datadog-graph[.]com<\/li>\n\n\n\n<li>centos-pkg[.]org<\/li>\n\n\n\n<li>primerosauxiliosperu[.]com<\/li>\n\n\n\n<li>zscaler-api[.]org<\/li>\n\n\n\n<li>nomadpkg[.]com<\/li>\n\n\n\n<li>launchruse[.]com<\/li>\n\n\n\n<li>Reggedrobin[.]com<\/li>\n\n\n\n<li>Canolagroove[.]com<\/li>\n\n\n\n<li>alwaysckain[.]com<\/li>\n<\/ul>\n\n\n\n<p><strong>Do NOT allow these hashes to be executed<\/strong>:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>SHA256: 9151ff77b65eeacd5cdddd13c041db3ad9818fd2aebe05d8745227fac7e516b8<br>SHA1: 92480e506d51d920fcc1d4dba7206c3185317f61<br>MD5: 3a9c24c92c221658a8bf9ce61d758e1a<\/p>\n<\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>SHA256: 4dc71b659c9277c7bb704392f8af5b6b2fbc9a66d3ad80d8cb4df0bd686f0e86<br>SHA1: cb0e71340f963f7f2f404a0431d82ac809d2b15d<br>MD5: b8724109e5473b4ca79a13c33b865e32<\/p>\n<\/div><\/div>\n\n\n\n<p><strong>As a reminder, please do not reach out to these IPs or URLs directly from your company\u2019s infrastructure. Please use a tool such as VirusTotal when evaluating IoCs.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Based on our investigation, we have identified the following malicious IP addresses and hashes to block and avoid at all [&hellip;]<\/p>\n","protected":false},"author":206,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[],"support_tag":[],"coauthors":[2842],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>July 2023 Incident Indicators of Compromise (IoCs) - JumpCloud<\/title>\n<meta name=\"description\" content=\"Review the list of the July 2023 incident indicators of compromise (IoCs). Block all for ingress or egress, and do not allow hashes to be executed.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/july-2023-iocs\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"July 2023 Incident Indicators of Compromise (IoCs)\" \/>\n<meta property=\"og:description\" content=\"Review the list of the July 2023 incident indicators of compromise (IoCs). Block all for ingress or egress, and do not allow hashes to be executed.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/july-2023-iocs\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-03T17:42:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"pamkellman\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/july-2023-iocs\",\"url\":\"https:\/\/jumpcloud.com\/support\/july-2023-iocs\",\"name\":\"July 2023 Incident Indicators of Compromise (IoCs) - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-07-12T21:51:22+00:00\",\"dateModified\":\"2023-08-03T17:42:28+00:00\",\"description\":\"Review the list of the July 2023 incident indicators of compromise (IoCs). Block all for ingress or egress, and do not allow hashes to be executed.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/july-2023-iocs#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/july-2023-iocs\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/july-2023-iocs#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"July 2023 Incident Indicators of Compromise (IoCs)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"July 2023 Incident Indicators of Compromise (IoCs) - JumpCloud","description":"Review the list of the July 2023 incident indicators of compromise (IoCs). Block all for ingress or egress, and do not allow hashes to be executed.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/july-2023-iocs","og_locale":"en_US","og_type":"article","og_title":"July 2023 Incident Indicators of Compromise (IoCs)","og_description":"Review the list of the July 2023 incident indicators of compromise (IoCs). Block all for ingress or egress, and do not allow hashes to be executed.","og_url":"https:\/\/jumpcloud.com\/support\/july-2023-iocs","og_site_name":"JumpCloud","article_modified_time":"2023-08-03T17:42:28+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute","Written by":"pamkellman"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/july-2023-iocs","url":"https:\/\/jumpcloud.com\/support\/july-2023-iocs","name":"July 2023 Incident Indicators of Compromise (IoCs) - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-07-12T21:51:22+00:00","dateModified":"2023-08-03T17:42:28+00:00","description":"Review the list of the July 2023 incident indicators of compromise (IoCs). Block all for ingress or egress, and do not allow hashes to be executed.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/july-2023-iocs#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/july-2023-iocs"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/july-2023-iocs#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"July 2023 Incident Indicators of Compromise (IoCs)"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/93689"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/206"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/93689\/revisions"}],"predecessor-version":[{"id":95258,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/93689\/revisions\/95258"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=93689"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=93689"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=93689"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=93689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}