IOC Radar
IPMediumSignal 64/100

178.178.194.134

Location
Russian FederationRussian Federation
Moscow, Sankt-Peterburg
ASN
AS25159
MegaFon
First Seen
Mar 25, 2025
Last Seen
Jun 6, 2026
Mar 25
First Seen
449d ago
Jun 6
Last Seen
11d ago
28
Reports
source reports
64%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

71 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Sankt-Peterburg
ASNAS25159
OrganizationMegaFon

IP Category

Proxy
Proxy server

Feed Intelligence Summary

28 reports64% confidence
28
Source reports
64%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount enumerationactive scanactive scanningactive-attackadbhoney honeypotadresse ipaptasiaattackattack_vector:brute_forceaustraliaauthentication abuseauthentication attackauthentication attacksauthentication-failureauthentication_protocolautomated attackazure adbad reputationbad web botbankingbelgiumbelgium ip addressesbelgium targetblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2 communicationc2 servercivil servicescloud account securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostcompromised hostsconpot honeypotcontainer securitycowriecowrie honeypotcowrie ssh attackcredential accesscredential attackscredential brute forcingcredential compromisecredential harvestingcredential stuffingcredential-accesscredential-dumpingcredential-harvestingcredential_accesscredit card servicescurldata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase login attemptdatabase securitydcerpcddosddos attackddospotdecoy systemdenial of servicedictionary attackdigital oceandionaea honeypotdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationenv-huntingeuropeeurope/asiaexfiltrationexploitexploit targetingexploitation activityexploited hostexternal-threatextortionfattfinancefinancial servicesfinancial technologyfinlandfinland activityfnt-secure-sentinelfnt-sentinelfrancefraud voipftpftp brute forceftp brute-forcegalahgermanygluttongopotgovernment technologyhackinghellpothoneynet connecthoneytrap activityhoneytrap honeypothttp brute forcehttp scannerhttpsics securityidentity & access exploitationidentity attackimapimap attackimap brute forceindicatorindustrial control systemsinformation technologyinitial accessinjection activityintrusion detectioniociocsiot securityiot/ics attackipphoney honeypotipv4ipv4 addressesipv4-indicatorsipv4-iocipv4_addressit infrastructurekibanakill-chain exploitationkill-chain reconnaissancelateral movementlog4potlogin attacklogin attemptmailoney honeypotmalaysiamalicious activitymalicious network activitymalicious softwaremalicious-ipmalwaremalware behaviourmalware capturemalware distributionmalware downloadmedium-riskmedpotmicrosoft 365microsoft entramicrosoft entra idmssqlmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork accessnetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-discoverynetwork:tcpnginxnorth americaoceaniaopen proxyp0fp0f os fingerprintingpassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackphishing trappolandpop3 brute forceprocess injectionprotocol exploitationprotocol:imapprotocol:pop3protocol:saslprotocol:smtpproxyproxy accesspublic administrationpublic infrastructurepublic policyransomwarereconnaissanceredis honeypotregulatory agenciesremote accessremote servicesremote-accessremote_accessresearchedresource hijackingrurussiarussian federationrussian threat actorsaslsasl brute forcescams & fraudscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice scansftp attackshell accessshell access attemptsippsmb brute forcesmtpsmtp brute forcesmtp-attacksnaresocial engineeringsoftware developmentsoftware exploitationspamsql injectionsshssh attackssh monitoringssh-brutesuricata alertswedensystem disruptiont1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1591.002t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp brute forcetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotturkeyudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized login attemptsunauthorized-accessunited statesvalid accountsvnc protocolvoipvoip attackvulnerability scanvultr-platformwealth managementweb app attackweb application attackweb attackweb exploitationweb login attemptweb shellweb shell uploadweb spamweb trafficwgetwordpot

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
28
Reports
First seenMar 25, 2025
Last seenJun 6, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Sankt-Peterburg
ASNAS25159
OrgMegaFon
Coords55.7386, 37.6068
Proxy

VirusTotal

Not checked

WHOIS

description
FNT Sentinel detected SMTP attack. 2026-05-08 20:41:35.7800 Login failure: 178.178.194.134 SMTP
raw
inetnum: 178.178.192.0 - 178.178.195.255 netname: MF-MB-20231128 descr: Metropolitan branch of PJSC MegaFon country: RU admin-c: MA23317-RIPE tech-c: MA23317-RIPE status: ASSIGNED PA mnt-by: GDC-TR-CoreIP created: 2023-11-28T10:19:47Z last-modified: 2025-04-11T10:48:04Z source: RIPE role: Mobile address: Samara nic-hdl: MA23317-RIPE mnt-by: GDC-TR-CoreIP created: 2020-02-05T11:44:29Z last-modified: 2020-02-05T11:44:29Z source: RIPE # Filtered route: 178.178.192.0/22 origin: AS25159 descr: MF-MOSCOW-MBB-FIXEDIP mnt-by: GDC-TR-CoreIP created: 2023-11-28T12:32:06Z last-modified: 2023-11-28T12:32:06Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, ip.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 11 days ago
Appeared in 28 threat reports