ipv4
23.254.164.123
discovered 2026-06-17
RAT stage-2 C2 (still live at analysis time). HTTPS POST to https://23.254.164.123/49890878. Hostwinds, PTR hwsrv-1327785.hostwindsdns.com. Fronts an expired wolfSSL test cert CN=www.wolfssl.com.
RAT stage-2 C2 (still live at analysis time). HTTPS POST to https://23.254.164.123/49890878. Hostwinds, PTR hwsrv-1327785.hostwindsdns.com. Fronts an expired wolfSSL test cert CN=www.wolfssl.com.
