IOC Radar
IPMediumSignal 73/100

27.0.217.208

Location
IndiaIndia
Jaipur, Rajasthan
ASN
AS24186
RailTel Corporation
First Seen
Apr 14, 2025
Last Seen
Mar 21, 2026
Apr 14
First Seen
422d ago
Mar 21
Last Seen
81d ago
6
Reports
source reports
73%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Network Information

CountryINIndia
RegionJaipur, Rajasthan
ASNAS24186
OrganizationRailTel Corporation

Feed Intelligence Summary

6 reports73% confidence
6
Source reports
73%
Confidence score
Category tags
/32 ip addressabuseaccess attemptaccount accessaccount discoveryaccount profilingaccount takeoveractive scanningasiaattackattack vector: networkattempted compromiseauthenticationauthentication abuseauthentication attackauthentication attemptauthentication brute forceauthentication bypassauthentication failureauthentication: brute forceautomated attackautomated threatbotnetbrute forcebrute force attackbrute force attemptbrute force attemptsbruteforcingcommand and controlcompromise credentialscompromised credentialscredential accesscredential attackcredential guessingcredential stuffingcredentialsdata exfiltrationdecoy systemdefault credentialsdistributed attacksexploit public-facing applicationexploitationexploited hostexternal originexternal remote serviceshackingindiaindicatorinfrastructure impairmentinitial accesslateral movementlogin attacklogin attemptlogin brute forcelogin brute-forcelogin failuremalicious activitymalicious softwaremalwarenetworknetwork accessnetwork behaviornetwork boundarynetwork brute forcenetwork devicenetwork exploitationnetwork intrusionnetwork intrusion attemptnetwork loginnetwork login attemptnetwork logonnetwork perimeternetwork probingnetwork protocolnetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork servicenetwork service exploitationnetwork service protocolnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnorth americaos credential dumpingos credentials dumpingpassword attackpassword attackspassword brute forcepassword crackingprocess injectionprotocol exploitationprotocol: telnetreconnaissanceremote accessremote access attackremote access protocolremote access serviceremote authenticationremote loginremote serviceremote servicesresearchedscannerscanning activitysecurity operationssingle ip sourcestolen credentialst1018t1021t1021.001t1021.002t1021.004t1021.006t1040t1046t1048t1055t1059t1059.001t1059.004t1071t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1486t1496t1499.002t1499.003t1550t1550.002t1550.003t1555t1555.001t1555.002t1555.003t1555.004t1565t1567t1588t1588.002t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003telnet threatthreat actorthreat intelligenceunauthorized accessunauthorized loginunited statesunited states sourceus /32us based attackus ip addressus ip sourceus sourceus source ipus-based attackusa sourceuser executionvalid accounts

Activity Timeline

1 total obs
Mar 21Mar 21

Threat Activity Heatmap

· Peak: 2026-03-21
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
6
Reports
First seenApr 14, 2025
Last seenMar 21, 2026
GeolocationIN
CountryIndia
LocationJaipur, Rajasthan
ASNAS24186
OrgRailTel Corporation
Coords20.0063, 77.0060

VirusTotal

Not checked

WHOIS

description
Telnet bruteforce client IP
raw
inetnum: 27.0.216.0 - 27.0.219.255 netname: RAILTEL-IN descr: RailTel Corporation is an Internet Service Provider. country: IN admin-c: NA1011-AP tech-c: NA1011-AP abuse-c: NA1011-AP status: ALLOCATED PORTABLE mnt-by: MAINT-IN-IRINN mnt-lower: MAINT-IN-RAILTEL mnt-routes: MAINT-IN-RAILTEL mnt-irt: IRT-RAILTEL-IN last-modified: 2024-05-21T06:36:04Z source: APNIC irt: IRT-RAILTEL-IN address: Plot No, 143 address: Sector 44 ,Gurugram address: Haryana ,122003 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NA1011-AP tech-c: NA1011-AP auth: # Filtered mnt-by: MAINT-IN-RAILTEL last-modified: 2022-05-12T07:26:27Z source: APNIC person: Network Administrator address: Plate-A, 6th Floor, Office Block Tower-2, address: East Kidwai Nagar, New Delhi-110023 country: IN phone: +91 11 22900600 e-mail: [email protected] nic-hdl: NA1011-AP mnt-by: MAINT-IN-RAILTEL fax-no: +91 11 22900699 last-modified: 2022-05-12T07:18:48Z source: APNIC route: 27.0.217.0/24 descr: Route & ROA country: IN origin: AS24186 mnt-by: MAINT-IN-RAILTEL last-modified: 2024-12-16T09:27:01Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 6 threat reports