IOC Radar
IPMediumSignal 88/100

102.117.15.139

Location
MauritiusMauritius
Rose Hill, Plaines Wilhems District
ASN
AS23889
Mauritius Telecom Ltd
First Seen
Feb 11, 2026
Last Seen
May 2, 2026
Feb 11
First Seen
121d ago
May 2
Last Seen
42d ago
7
Reports
source reports
88%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
88%
Signal Score
88 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

59 techniques

Network Information

CountryMUMauritius
RegionRose Hill, Plaines Wilhems District
ASNAS23889
OrganizationMauritius Telecom Ltd

Feed Intelligence Summary

7 reports88% confidence
7
Source reports
88%
Confidence score
Category tags
abuse.ch threatfoxabuse.ch threatfox apiabusech-threatfox-c2cactive scanapplication layer protocolaptapt group activityapt29asyncratattackauto-generatedautomated analysisautomated osintautomated-analysisautomated-huntbad reputationbde score 85bde score: 85bde:85beaconbrute forcec2c2 activityc2 communicationc2 frameworkc2 frameworksc2 infrastructurec2 infrastructure detectedc2-infrastructurec2_infrastructurecensyscertcobaltcobalt groupcobalt strikecode executioncommand & controlcommand and controlcommand executioncommunication channelcompromised hostcompromised host infrastructurecompromised infrastructurecompromised infrastructure activitycompromised infrastructure communicationcompromised infrastructure detectedcompromised systemcredential accesscredential dumpingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredata theftdcratdeerstealerdeimosc2dgaencryptioneurope/asiaexfiltrationexploitationexploitation activityextortionghost rathavochavoc c2havoc frameworkhttpsidentity & access exploitationinbound connectionindicatorindicators of compromiseinformation stealerinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinjection activityintrusion detectioniociocslateral movementlumma stealer activitymalicious activitymalicious domainmalicious domainsmalicious ipsmalicious linksmalicious softwaremalwaremalware campaign activitymalware campaign analysismalware campaign detectionmalware campaign osintmalware communicationmalware distributionmalware distribution campaignmalware familiesmalware frameworkmalware infection activitymauritiusmeterpretern-w0rmnetworknetwork activitynetwork communicationnetwork securitynetwork trafficnetwork traffic analysisnjratopen source intelligenceosintosint-volleyoutbound trafficpattern 49pattern-49payloadpayload deliveryphishingphishing attackpost-exploitationpost-exploitation activityprocess injectionquasar ratquasar-ratquasar_ratquasarratransom demandransomwareransomware activityratrat activityremote accessremote access toolremote access toolsremote access trojanremote-access-trojanresearchedrussiascams & fraudscannerself-signed certificateself-signed certificatesself-signed-certificateself_signed_certificateshodansliversliver activitysocial engineeringsoftware exploitationsslssl certificatesssl communicationssl-analysisstix feedsystem disruptiont1003t1005t1016t1021t1021.001t1027t1040t1041t1043t1047t1053t1055t1056.001t1057t1059t1059.001t1059.004t1059.005t1060t1071t1071.001t1076t1078t1083t1105t1189t1193t1203t1204t1204.001t1204.002t1205t1210t1211t1218t1219t1486t1490t1499.001t1539t1547t1547.001t1555.003t1562.001t1565t1566t1566.001t1566.002t1566.003t1567t1568t1568.002t1569t1569.002t1573t1573.001t1583t1587.001t1590.001threat actorthreat intelligencethreatfox apithreatfox feedthreatfox_apitor nodetrojan malwarettpsunknown malwareunknown ratunknown-malwarevalleyratvidarvidar activityvidar stealervulnerability scanweb securityxworm

Activity Timeline

1 total obs
May 2May 2

Threat Activity Heatmap

· Peak: 2026-05-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
88
SIGNAL
Signal Score
88%
Confidence
7
Reports
First seenFeb 11, 2026
Last seenMay 2, 2026
GeolocationMU
CountryMauritius
LocationRose Hill, Plaines Wilhems District
ASNAS23889
OrgMauritius Telecom Ltd
Coords-20.2833, 57.5463

VirusTotal

Not checked

WHOIS

raw
Socket not responding: timed out
references
https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://threatfox.abuse.ch

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 1 month ago
Appeared in 7 threat reports