IOC Radar
IPMediumSignal 57/100

193.43.159.78

Location
Syrian Arab RepublicSyrian Arab Republic
Damascus, Damascus Governorate
ASN
AS29256
Wafa Telecom J.S.C
First Seen
Aug 5, 2025
Last Seen
May 28, 2026
Aug 5
First Seen
313d ago
May 28
Last Seen
18d ago
10
Reports
source reports
57%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

13 techniques

Network Information

CountrySYSyrian Arab Republic
RegionDamascus, Damascus Governorate
ASNAS29256
OrganizationWafa Telecom J.S.C

IP Category

Proxy
Proxy server

Feed Intelligence Summary

10 reports57% confidence
10
Source reports
57%
Confidence score
Category tags
active scanactive scanningafricaaptargentinaasiaaustraliabad reputationbad web botbangladeshbelgiumbotnetbotnet activitybrazilbrute forcebrute force attackbrute-forcebruteforcecanadachinacosta ricacredential accesscredential stuffingddosddos attackdenial of serviceeuropeeurope/asiaexploitation activityexploited hostfinlandfrancegermanyhackinghong kongidentity & access exploitationimapimap attackindiaindicatorindonesiaiot securityiot targetedip-onlyiraqirelandjapankenyakorea, republic ofkyrgyzstanlithuaniamalaysiamalicious ipmexicomiraimorocconetherlandsnetworknew zealandnorth americanorwayoceaniapassword attackspolandproxyqatarreconnaissanceresearchedromaniarussiarussian federationscanscannerserbiasingaporesmtpsmtp attackersouth africasouth americaswedensyrian arab republict1071.001t1105t1110.001t1110.002t1110.003t1110.004t1190t1203t1499.001t1573.002t1595.001t1595.002t1595.003taiwantcptelnetthreat actorthreat-inteltor nodeukraineunited arab emiratesunited kingdomunited statesvenezuela, bolivarian republic ofviet namvietnamweb application attackweb exploitation

Activity Timeline

1 total obs
May 28May 28

Threat Activity Heatmap

· Peak: 2026-05-28
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
10
Reports
First seenAug 5, 2025
Last seenMay 28, 2026
GeolocationSY
CountrySyrian Arab Republic
LocationDamascus, Damascus Governorate
ASNAS29256
OrgWafa Telecom J.S.C
Coords35.0000, 38.0000
Proxy

VirusTotal

Not checked

WHOIS

description
The following is the full list of names given to Vye32GsS2g38eKhmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA
raw
inetnum: 193.43.159.0 - 193.43.159.255 netname: SY-WAFATELECOM-20191114 country: SY org: ORG-WTJ1-RIPE descr: WI-Fi Outdoor Service admin-c: WS1833-RIPE tech-c: KHO1970-RIPE status: ALLOCATED-ASSIGNED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: STEMNT-1 created: 2023-10-17T13:41:34Z last-modified: 2025-03-19T05:46:41Z source: RIPE organisation: ORG-WTJ1-RIPE org-name: Wafa Telecom J.S.C country: SY org-type: LIR address: Mazzeh Highway - Syrian Telecom Building address: 10400 address: Damascus address: SYRIAN ARAB REPUBLIC phone: +963116115983 admin-c: WS1833-RIPE tech-c: WS1833-RIPE abuse-c: AR17306-RIPE mnt-by: RIPE-NCC-HM-MNT mnt-by: STEMNT-1 created: 2023-09-26T10:13:00Z last-modified: 2025-02-18T17:17:39Z source: RIPE # Filtered mnt-ref: STEMNT-1 fax-no: +963116121795 person: Khalil Othman address: Syrian Telecom (ST), Al-Mazzeh, Damascus, Syria phone: +963116122331 nic-hdl: KHO1970-RIPE mnt-ref: STEMNT-1 mnt-by: STEMNT-1 created: 2025-02-18T16:12:16Z last-modified: 2025-02-18T16:30:47Z source: RIPE # Filtered person: Weam Salem address: Syrian Telecom (ST) phone: +963-11-6115983 phone: +963-11-6120977 fax-no: +963-11-6121795 nic-hdl: WS1833-RIPE mnt-by: WS-MNT created: 2008-12-01T20:09:00Z last-modified: 2026-03-22T18:34:22Z source: RIPE # Filtered route: 193.43.159.0/24 origin: AS29256 mnt-by: STEMNT-1 created: 2025-02-18T16:04:13Z last-modified: 2025-02-18T16:04:13Z source: RIPE route: 193.43.159.0/24 origin: as29386 mnt-by: STEMNT-1 created: 2025-02-18T16:04:52Z last-modified: 2025-02-18T16:04:52Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 10 months ago · Last seen 18 days ago
Appeared in 10 threat reports