IOC Radar
IPHighVerifiedSignal 55/100

178.159.94.8

Location
ItalyItaly
Moscow, Krasnoyarsk Krai
ASN
AS216246
Qwarta
First Seen
Sep 4, 2025
Last Seen
Feb 19, 2026
Sep 4
First Seen
294d ago
Feb 19
Last Seen
126d ago
5
Reports
source reports
55%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

79 techniques

Network Information

CountryITItaly
RegionMoscow, Krasnoyarsk Krai
ASNAS216246
OrganizationQwarta

Feed Intelligence Summary

5 reports55% confidence
5
Source reports
55%
Confidence score
Category tags
active scanningadvanced persistent threatamsi bypassaptapt 28apt campaignsapt groupasiaattackbatchbatch scriptbatch script malwareblacklisted ipbotnetbrute forcebrute force attackbrute_forcec2central asiacommand and controlcommand executioncommunication protocolcompromised emailcompromised systemcredential accesscredential harvestingcredential stuffingcredential_accessdata breachdata exfiltrationdata theftddos attackdenial of servicedetected botnet activitydistributed attacksdll implantdll implantsdll injectiondocument luredomains/ipsdownloaderdownshellelectronic health recordsenergyenergy distributionenergy sectorenumerationeuropeeurope/asiaftpftp brute forcehealth care and social assistancehealth information technologyhealthcare information systemshospital managementhttp brute forceindicatorinformation gatheringinfrastructure targetinginitial accessintrusion detectionitalykazakhstankazakhstan cybersecuritykmglateral movementlnk filelnk file malwaremalicious activitymalicious powershell activitymalicious softwaremalwaremalware analysismalware deliverymedical servicesmetasploitmetasploit frameworkmeterpretermeterpreter payloadnetworknetwork attacksnetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_reconnaissancenoisy bearnoisybear aptoil & gasoil and gasoperation barrelfirepassword attackspatient carephishing attachmentphishing attackphishing attackspotential unauthorized accesspower generationpower systemsprocess injectionprotocol exploitationreconnaissanceremote accessremote command executionremote servicesrenewable energyresearchedrussiarussian threat actorscannerscripting attackssecurity operationsseqriteseqrite labsseqrite labs researchsocial engineeringsocial engineering attackspear-phishingspearphishingssh attackt1003t1005t1016t1018t1021t1021.001t1027t1027.005t1039t1040t1041t1046t1047t1053t1055t1055.001t1055.003t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1068t1071t1071.001t1076t1078t1078.001t1078.002t1083t1086t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1132t1136t1189t1190t1192t1202t1204t1204.002t1210t1218.007t1218.010t1218.011t1486t1496t1499.001t1499.002t1499.003t1543t1547t1547.001t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1567.002t1573t1573.001t1589.002t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.003tcp protocoltelnet threatthreat actorthreat intelligencezipzip file exploitation

Activity Timeline

1 total obs
Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
5
Reports
First seenSep 4, 2025
Last seenFeb 19, 2026
Verified IOC
GeolocationIT
CountryItaly
LocationMoscow, Krasnoyarsk Krai
ASNAS216246
OrgQwarta
Coords56.0271, 92.7806

VirusTotal

Not checked

WHOIS

description
CC=RU ASN=AS204895 yury dolin
raw
inetnum: 178.159.80.0 - 178.159.95.255 netname: RU-IPDOLIN-20100914 country: RU org: ORG-YD12-RIPE admin-c: YD1096-RIPE tech-c: YD1096-RIPE status: ALLOCATED PA mnt-by: ru-yurydolin-1-mnt mnt-by: RIPE-NCC-HM-MNT created: 2020-01-23T11:18:12Z last-modified: 2020-01-23T11:18:12Z source: RIPE organisation: ORG-YD12-RIPE org-name: Yury Dolin country: RU org-type: LIR address: Visotnaya 4 office 216 address: 660062 address: Krasnoyarsk address: RUSSIAN FEDERATION phone: +79135343171 admin-c: YD1096-RIPE tech-c: YD1096-RIPE abuse-c: AR52667-RIPE mnt-ref: ru-yurydolin-1-mnt mnt-by: RIPE-NCC-HM-MNT mnt-by: ru-yurydolin-1-mnt created: 2019-05-15T11:20:56Z last-modified: 2020-12-16T12:18:36Z source: RIPE # Filtered person: Yury Dolin address: Visotnaya 4 office 216 address: 660062 address: Krasnoyarsk address: RUSSIAN FEDERATION phone: +79135343171 nic-hdl: YD1096-RIPE mnt-by: ru-yurydolin-1-mnt created: 2019-05-15T11:20:55Z last-modified: 2019-05-15T11:20:55Z source: RIPE
references
https://www.seqrite.com/blog/operation-barrelfire-noisybear-kazakhstan-oil-gas-sector, https://www.seqrite.com/blog/operation-barrelfire-noisybear-kazakhstan-oil-gas-sector/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 9 months ago · Last seen 4 months ago
Appeared in 5 threat reports