IOC Radar
IPMediumSignal 85/100

217.64.148.159

Location
SwedenSweden
Stockholm, AB
ASN
AS42675
OVPN
First Seen
Feb 22, 2025
Last Seen
May 31, 2026
Feb 22
First Seen
485d ago
May 31
Last Seen
22d ago
9
Reports
source reports
85%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Network Information

CountrySESweden
RegionStockholm, AB
ASNAS42675
OrganizationOVPN

IP Category

VPN
VPN exit node

Feed Intelligence Summary

9 reports85% confidence
9
Source reports
85%
Confidence score
Category tags
abusech-threatfox-c2caesaes decryptionagent teslaasiaasyncrataustraliabad reputationbase64base64 encodingbotnetbotnet activitybrute forcec2certcommand & controlcommand and controlcommand executioncommunication protocolcredential accesscredential harvestingcredential stuffingcryptocurrencycryptocurrency threatscryptojackingdata exfiltrationdata store exposuredistributed attacksenterprise securityeuropeexploitation activityfigurefinancegermanyidentity & access exploitationimageindonesiainformation technologyinjection activityiociocsit infrastructuremalicious powershell activitymalicious softwaremalwaremalware downloadmalware executionmexicomozimozi linknetworknetwork attacksnorth americaoceaniaopenspatch managementpersistence mechanismphishingphishing attackpowershellprocess injectionproxyransomwareratratsremcosremcos trojanremote accessremote access trojanremote servicesresearchedresource hijackingscripting attackssesocial engineeringsoftware developmentsoftware vulnerabilitiesstartupswedent1021.001t1027t1040t1053.005t1055t1059t1059.001t1059.003t1071t1071.001t1078t1086t1105t1190t1195t1204t1204.002t1486t1496t1499.002t1499.003t1547.001t1565t1566t1566.001t1566.002t1566.003t1566.004tcp connectiontcp protocolthreat actorurlsurls httpsvenomratvhdvirtual hard drivevpnvulnerability scanweekwsgi davwsgidav

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
9
Reports
First seenFeb 22, 2025
Last seenMay 31, 2026
GeolocationSE
CountrySweden
LocationStockholm, AB
ASNAS42675
OrgOVPN
Coords59.3333, 18.0500
VPN

VirusTotal

Not checked

WHOIS

description
ip:port combination that is used for botnet Command&control (C&C)
raw
inetnum: 217.64.148.0 - 217.64.148.255 descr: OVPN Stockholm geoloc: 59.334591 18.063240 netname: SE-OVPN-2 country: SE admin-c: OIA19-RIPE tech-c: OIA19-RIPE status: ASSIGNED PA mnt-by: MNT-OVPN created: 2019-02-07T16:01:10Z last-modified: 2019-02-08T09:44:41Z source: RIPE role: OVPN Integritet AB abuse-mailbox: [email protected] address: Engelbrekts Kyrkogata 7 address: 11426 Stockholm address: Sweden nic-hdl: OIA19-RIPE mnt-by: MNT-OVPN created: 2016-01-15T08:32:08Z last-modified: 2021-03-05T08:51:34Z source: RIPE # Filtered tech-c: TMS109-RIPE admin-c: DW5333-RIPE route: 217.64.148.0/23 origin: AS42675 mnt-by: MNT-OVPN mnt-by: MNT-OVPN created: 2021-11-17T09:09:16Z last-modified: 2021-11-17T09:09:16Z source: RIPE
references
https://threatfox.abuse.ch/export/csv/recent/, https://www.forcepoint.com/blog/x-labs/venomrat-malware-uses-virtual-hard-drives, https://any.run/malware-trends/, https://urlhaus.abuse.ch/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 22 days ago
Appeared in 9 threat reports