IOC Radar
IPMediumSignal 63/100

217.215.101.70

Location
SwedenSweden
Helsingborg, Stockholms lan
ASN
AS3301
Telia Network Services
First Seen
Jun 26, 2025
Last Seen
Feb 21, 2026
Jun 26
First Seen
359d ago
Feb 21
Last Seen
118d ago
7
Reports
source reports
63%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Network Information

CountrySESweden
RegionHelsingborg, Stockholms lan
ASNAS3301
OrganizationTelia Network Services

Feed Intelligence Summary

7 reports63% confidence
7
Source reports
63%
Confidence score
Category tags
access controlactive scanningattackbotnetbotnet activity detectedbrute forcebrute force attackbrute force attacksc2c2 communicationcommand and controlcommunication technologiescompromised hostsconnected devicescredential accesscredential stuffingdata exfiltrationddos preparationdefault credentialsdevice managementdistributed attackseuropeexploit attemptsftp brute forceglobalhttp scanninghttps scanningindicatorindustrial iotinternet of thingsiot analyticsiot applicationsiot platformsiot securitylateral movementmalicious activitymalicious softwaremalwaremalware distributionmirai variantmobile carriersmobile networksnetworknetwork enumerationnetwork intrusionnetwork scanningnetwork securitypassword attacksprocess injectionprotocol exploitationproxy activityreconnaissanceresearchedrouter exploitationscannerscanning activitysecurity policysmart devicessmtp scanningssh attackswedent1003t1005t1016t1018t1021t1021.001t1021.002t1040t1043t1047t1053t1053.005t1055t1056t1059t1059.001t1068t1071t1071.001t1071.002t1071.004t1078t1083t1090t1090.001t1090.002t1090.003t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1497t1497.001t1499.002t1499.003t1550t1550.002t1552t1555t1555.003t1556t1565t1573t1595.001t1595.002t1595.003telecom servicestelecommunicationstelnet threatthreat actorthreat preventionvoipweak passwords

Activity Timeline

1 total obs
Feb 21Feb 21

Threat Activity Heatmap

· Peak: 2026-02-21
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
7
Reports
First seenJun 26, 2025
Last seenFeb 21, 2026
GeolocationSE
CountrySweden
LocationHelsingborg, Stockholms lan
ASNAS3301
OrgTelia Network Services
Coords56.0091, 12.8058

VirusTotal

Not checked

WHOIS

description
Security researchers have uncovered a global botnet campaign targeting VoIP- enabled routers that are configured with default or weak Telnet passwords. This botnet exhibits characteristics similar to the Mirai botnet. It was initially detected in rural New Mexico and later traced to over 500 infected systems worldwide. The threat highlights how exposed and poorly secured VoIP infrastructure is being exploited to power large-scale botnets. Organizations that rely on VoIP technology especially utilities and ISPs face an immediate risk if their devices are internet facing and not properly secured.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 3 months ago
Appeared in 7 threat reports