IOC Radar
IPMediumSignal 38/100

187.8.32.138

Location
BrazilBrazil
Guarulhos, SP
ASN
AS10429
TELEF�NICA BRASIL S.A
First Seen
May 10, 2025
Last Seen
Apr 6, 2026
May 10
First Seen
409d ago
Apr 6
Last Seen
79d ago
17
Reports
source reports
38%
Confidence
medium
1/91
VirusTotal
detections
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryBRBrazil
RegionGuarulhos, SP
ASNAS10429
OrganizationTELEF�NICA BRASIL S.A

Feed Intelligence Summary

17 reports38% confidence
17
Source reports
38%
Confidence score
Category tags
abuseaccess controlaccount takeover attemptaccount-compromiseactive scanactive scanningattackattack_vector:brute_forceauthentication attackauthentication_protocolbad reputationbotnetbotnet activitybrazilbrute forcebrute force attackbrute force attemptbrute force attemptsbrute-force attackc2 communicationc2 servercommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscredential accesscredential brute forcecredential brute forcingcredential harvestingcredential stuffingcredential-accesscredential_accessdata exfiltrationdata store exposuredata theftddosdistributed attacksemail-protocoleuropeexploitation activityfinlandfinland activityidentity & access exploitationimapimap attackimap brute forceindicatorinjection activityioclogin attacklogin-attackmail servermalicious activitymalicious softwaremalwaremalware distributionnetworknetwork attacksnetwork brute forcenetwork intrusionnetwork traffic analysisnetwork:tcppassword attackpassword attackspassword crackingpassword-attackphishingpop3 brute forcepotential-atoprocess injectionprotocol:imapprotocol:pop3protocol:saslprotocol:smtpransomwarereconnaissanceremote_accessresearchedsaslsasl authentication attacksasl brute forcescannerscanning activitysecurity policysmtpsmtp attackersmtp brute forcesocial engineeringsouth americaspamssh attackt1040t1055t1059t1071t1071.001t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1187t1486t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1588t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003t1598t1598.003tcp attacktcp brute forcetcp protocoltcp protocol attackthreat actorthreat preventiontor nodevalid accountsvulnerability scan

Activity Timeline

1 total obs
Apr 6Apr 6

Threat Activity Heatmap

· Peak: 2026-04-06
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
17
Reports
First seenMay 10, 2025
Last seenApr 6, 2026
GeolocationBR
CountryBrazil
LocationGuarulhos, SP
ASNAS10429
OrgTELEF�NICA BRASIL S.A
Coords-21.3410, -48.0785

VirusTotal

1/ 91vendors flagged
1% detection rateJun 15, 2026

WHOIS

description
Email related brute force IOCs collected mainly from hosts located in Finland
raw
Socket not responding: [Errno 111] Connection refused
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 17 threat reports