Skip to content

Hide Navigation Hide TOC

Hardcoded Suspicious IP Address in Skill Content - ATR-2026-00225 (ca8b5637-f401-57d8-92c4-d85c2187020b)

Detects hardcoded IP addresses in skill content that may represent command and control (C2) servers, particularly when associated with suspicious network ranges or known malware infrastructure. The analyzed skill "sakaen736jih/youtube-watcher-p" contains reference to IP 91.92.242.30 identified as a known malware C2 server.

Cluster A Galaxy A Cluster B Galaxy B Level
External Harms (ba500f0e-52ca-40ff-aed4-e6dbf00cca10) MITRE ATLAS Attack Pattern Hardcoded Suspicious IP Address in Skill Content - ATR-2026-00225 (ca8b5637-f401-57d8-92c4-d85c2187020b) Agent Threat Rules 1