IOC Radar
IPMediumSignal 64/100

178.178.194.192

Location
Russian FederationRussian Federation
Moscow, Moscow
ASN
AS25159
MegaFon
First Seen
May 13, 2024
Last Seen
Jun 7, 2026
May 13
First Seen
762d ago
Jun 7
Last Seen
7d ago
29
Reports
source reports
64%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Moscow
ASNAS25159
OrganizationMegaFon

Feed Intelligence Summary

29 reports64% confidence
29
Source reports
64%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseaccount discoveryaccount enumerationaccount lockoutaccount profilingaccount takeoveraccount takeover attemptactive scanactive scanningactive-attackadresse ipaptasiaatif feedattackattack origin: malaysiaattacker-ipaustraliaauthenticationauthentication attackauthentication failure analysisauthentication-failureauto-generated securityautomated attackazure adbad reputationbad web botbankingbanlist feedbelgiumbelgium ip addressesbelgium targetbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force ipsbrute-forcebrute-force attackbruteforcec2 communicationc2 servercivil servicescloud environmentcloud infrastructurecloud infrastructure attackcloud securitycloud servicescode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialscompromised hostcompromised hostscowriecredential accesscredential access attemptcredential brute forcecredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-accesscredential-dumpingcredential-harvestingcredentialscredit card servicesctadata exfiltrationdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedigital oceandistributed attacksemailemail-protocolenv-huntingeuropeeurope/asiaexploitation activityexploited hostfin scanfinancefinancial servicesfinancial technologyfinlandfinland activityfnt-secure-sentinelfnt-sentinelfrancefraud ordersftp brute forcegermanygovernment technologyhackinghoneynet connecthttp brute forcehttp probingidentity & access exploitationidentity attackidentity managementimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksintrusion detectioniocipv4it infrastructurelateral movementlogin attacklogin attemptlogin attemptslogin brute forcemail servermalaysiamalicious activitymalicious ip addressesmalicious softwaremalicious-ipmalwaremalware distributionmanualmicrosoft 365microsoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork accessnetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork-protocolnginxnorth americanull scanoceaniaopenctipassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forcepossible malicious activitypotential vulnerability scanprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingrtbhrurussiarussian federationrussian threat actorsaslsasl authentication attacksasl brute forcescams & fraudscannerscannersscanning activityscanning ipssecurity operationssecurity policyservice enumerationservice scansmb brute forcesmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsoftware developmentspamsshssh attackssh protocolssh-bruteswedensyn scant1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1587.001t1588t1588.004t1589t1589.001t1589.002t1590t1590.001t1590.005t1591.002t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tcp attacktcp brute forcetcp protocoltcp protocol attacktcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodeturkeyudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited kingdomunited statesunknown threat groupvalid accountsvoidtrapvulnerability scanwealth managementweb app attackweb application attackweb exploitationweb spamxmas scan

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
29
Reports
First seenMay 13, 2024
Last seenJun 7, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moscow
ASNAS25159
OrgMegaFon
Coords55.7386, 37.6068

VirusTotal

Not checked

WHOIS

description
Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
raw
inetnum: 178.178.192.0 - 178.178.195.255 netname: MF-MB-20231128 descr: Metropolitan branch of PJSC MegaFon country: RU admin-c: MA23317-RIPE tech-c: MA23317-RIPE status: ASSIGNED PA mnt-by: GDC-TR-CoreIP created: 2023-11-28T10:19:47Z last-modified: 2025-04-11T10:48:04Z source: RIPE role: Mobile address: Samara nic-hdl: MA23317-RIPE mnt-by: GDC-TR-CoreIP created: 2020-02-05T11:44:29Z last-modified: 2020-02-05T11:44:29Z source: RIPE # Filtered route: 178.178.192.0/22 origin: AS25159 descr: MF-MOSCOW-MBB-FIXEDIP mnt-by: GDC-TR-CoreIP created: 2023-11-28T12:32:06Z last-modified: 2023-11-28T12:32:06Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 7 days ago
Appeared in 29 threat reports