IPMediumSignal 55/100
185.76.78.177
Location
ItalyMilan, VC
ASN
AS9009
EDIS GmbH
First Seen
Sep 25, 2024
Last Seen
Jun 18, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryItaly
ItalyRegionMilan, VC
ASNAS9009
OrganizationEDIS GmbH
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
12 reports55% confidence
12
Source reports
55%
Confidence score
Category tags
active directoryactive scanactive scanningaerospace & defenseagriusaptapt groupapt34apt34 targetsasiabackdoorbankingbeta searchbladedfbladedfelinebodybotnetbotnet activitybrute forcebrute_forcec serverc2c2 servercertcertfa radarchange themecivil servicescode executioncommandcommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescommunity managementconfigcontent sharingcredential accesscredential harvestingcredential stealingcredential stuffingcredential_accesscredit card servicescuboid sandstormcustom tunneling applicationcybercyber espionagecyberespionage campaigndanabotdanbotdata encryptiondata exfiltrationdata store exposuredata theftdefensedefense contractingdefense logisticsdefense systemsdefense technologydigital platformsdistributed attacksdual-channel c2dualchannel c2encryptionenergyenergy distributioneuropeexecutable fileexfiltrationexploitexploitation activityfeedfileless malwarefinancefinance and insurancefinancial servicesfinancial technologyfirstflogformatftpftp brute forcegovernment technologygray sandstormgreenbuggroup2http scannerhttpsidentity & access exploitationiisiis backdooriis groupiis group2iis moduleinfostealerinfrastructure acquisitionreconnaissanceinitial accessinjection activityinsights alertsiociocsiot securityiraniran-alignediran-aligned aptiraqiraqi governmentitit infrastructureitalykarkoffkeyloggerkimsukykrg systemkurdish governmentkurdistan regional governmentlaretlateral movementlemon sandstormlsasslummalumma stealermalicious linksmalicious powershell activitymalicious softwaremalwaremangomanualmarkmicrosoft exchangemiddle eastmilanmilitary operationsmobile carriersmobile networksmultiple adversarynational securitynetworknetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork_reconnaissancenextoil & gasoilrigolalapassword attackpayment processingphishingphishing attackpinarplinkpower generationpower systemspowershellprimecache iis moduleprocess injectionprotocol exploitationproxypsexecpublic administrationpublic infrastructurepublic policypumpkin sandstormpythonransomwareratrdatreconnaissanceregulatory agenciesremcosremcos trojanremote accessremote access trojanremote servicesrenewable energyresearchedreverse tunnelreverse tunnelingrgdoorsaitamascanning activityscripting attackssharkshellslippery snakeletsocial analyticssocial engineeringsocial mediasocial media marketingsocial media securitysocial networkingsoftware developmentsoftware exploitationsolarspainspearalspearal malwaresperealsshssh attackstealerstepstrongt1003t1003.001t1003.002t1003.003t1003.006t1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1027t1027.001t1027.002t1027.003t1027.004t1027.005t1040t1041t1047t1048t1048.001t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1068t1070t1070.004t1070.006t1071t1071.001t1071.002t1071.003t1071.004t1071.005t1076t1077t1078t1078.001t1078.002t1078.003t1083t1086t1087t1090t1090.001t1090.002t1090.003t1105t1110t1110.002t1113t1132t1132.001t1133t1140t1189t1190t1192t1197t1203t1204t1204.001t1204.002t1486t1496t1499.002t1499.003t1505t1505.003t1546t1547t1547.001t1555t1555.003t1559t1560t1560.001t1560.002t1560.003t1562t1562.001t1562.002t1562.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1569.002t1573t1573.001t1573.002t1583t1583.001t1583.003t1586t1586.002t1587.001t1588t1588.006t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1595t1595.001t1595.002t1595.003t1598t1598.003telecom servicestelecommunicationstelecommunications providertelnet threatthreat actorthreats feedtipstoolstor nodetortoiseshellturkeytwitteruser engagementveatyvoid manticorevpnvulnerability scanwealth managementweb application attackweb securityweb shellweb trafficwebshellwhisperwhisper backdooryellow liderc
Activity Timeline
Jun 18Jun 18
Threat Activity Heatmap
· Peak: 2026-06-18LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
12
Reports
First seenSep 25, 2024
Last seenJun 18, 2026
GeolocationIT
CountryItaly
LocationMilan, VC
ASNAS9009
OrgEDIS GmbH
Coords38.1441, -0.7709
VPN
VirusTotal
Not checked
WHOIS
- description
- CC=ES ASN=AS50129 concisa comunicacion marketing y servicios s.l.
- raw
- inetnum: 185.76.78.0 - 185.76.78.255 netname: EDIS-IT-NET descr: EDIS Infrastructure in Italy remarks: Milano, Lombardia, Italy country: IT geoloc: 45.4642 9.1900 geofeed: https://www.edis.at/geofeed.txt language: IT org: ORG-EG44-RIPE admin-c: EDIS-AT tech-c: EDIS-AT status: ASSIGNED PA mnt-by: EDIS-MNT created: 2024-02-08T12:50:57Z last-modified: 2024-02-08T12:50:57Z source: RIPE organisation: ORG-EG44-RIPE org-name: EDIS GmbH country: AT org-type: LIR address: Hauptplatz 3/3 address: 8010 address: Graz address: AUSTRIA phone: +43316827500300 fax-no: +43316827500777 admin-c: GK2 admin-c: ISAT mnt-ref: EDIS-MNT mnt-ref: NINE-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: EDIS-MNT abuse-c: EDIS-AT created: 2011-08-10T14:08:22Z last-modified: 2026-02-27T09:22:07Z source: RIPE # Filtered role: EDIS GmbH - Noc Engineer address: EDIS GmbH, Hauptplatz 3/3, 8010, GRAZ, Austria address: http://www.edis.at phone: +43 316 827500300 admin-c: EDIS-RIPE admin-c: GK2 admin-c: ISAT tech-c: EDIS-RIPE tech-c: ISAT abuse-mailbox: [email protected] nic-hdl: EDIS-AT mnt-by: EDIS-MNT created: 2011-08-12T07:29:38Z last-modified: 2016-04-08T06:50:42Z source: RIPE # Filtered route: 185.76.78.0/24 origin: AS9009 mnt-by: EDIS-MNT created: 2024-02-08T12:51:19Z last-modified: 2024-02-08T12:51:19Z source: RIPE
- references
- https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/, https://research.checkpoint.com/2024/iranian-malware-attacks-iraqi-government/, IOCs.pdf, IOCs2.pdf, IOC2.pdf, https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/#iocs, https://x.com/skocherhan/status/1930063917289467978, https://x.com/skocherhan/status/1930066668283191736, https://x.com/skocherhan/status/1930075415072113113, https://x.com/skocherhan/status/1930089890026533063, https://x.com/skocherhan/status/1930093699528093955, https://x.com/skocherhan/status/1930099238211305769, https://x.com/skocherhan/status/1930101673516548144, https://x.com/skocherhan/status/1930105007619072231, https://x.com/skocherhan/status/1930107326280741253, https://x.com/skocherhan/status/1930115123613495333, https://x.com/skocherhan/status/1930116342679552417, https://x.com/skocherhan/status/1930118901150384435, https://x.com/skocherhan/status/1930121288871284991, https://x.com/skocherhan/status/1930269748937306142, https://x.com/skocherhan/status/1930319560055415221, https://x.com/skocherhan/status/1930329052809703557, https://x.com/skocherhan/status/1930330951047156102, https://x.com/skocherhan/status/1930332754107085245, https://x.com/skocherhan/status/1930342198664671598, https://x.com/skocherhan/status/1930357312092549547, https://x.com/skocherhan/status/1930369350302650565, https://x.com/skocherhan/status/1930371313144594891, https://x.com/skocherhan/status/1930375168674705518, https://x.com/skocherhan/status/1930386442963779889, https://radar.certfa.com/en/threats/view/55c66e5b/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 7 days ago
Appeared in 12 threat reports