IPMediumSignal 100/100
27.215.109.76
Location
ChinaJinan, Shandong
ASN
AS4837
China Unicom Shandong Province Network
First Seen
Apr 10, 2025
Last Seen
Apr 7, 2026
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryChina
ChinaRegionJinan, Shandong
ASNAS4837
OrganizationChina Unicom Shandong Province Network
Feed Intelligence Summary
12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
abuseactive scanactive scanningarmasciiasiaasyncratback orifice trafficbackdoorbad reputationbase64-loaderbotnetbotnet activitybotnetdomainbrute forcebrute force attackcensyschinaclipboardhijackercode injectioncoinminercommand and controlcommand executioncredential accesscredential harvestingcredential stuffingcryptocurrencydarktortilladarkvisionratdata exfiltrationdata store exposuredbatloaderdcratddosddos attacksddosagentdistributed attacksdlldocdropped-by-lummastealerelfencodedexeexecutable fileexploitation activityfakecaptchagafgytgetshellgpon rceguloaderhajimehijackloaderhtahtmlidentity & access exploitationindiaindicatorinfostealerinjection activityinternet of thingsiot botnetiot exploitationiot securityiot/ics attackjpg-base64-loaderlokilummastealermalaysiamalicious powershell activitymalicious softwaremalwaremeterpretermipsmirai botnetmodiloadermoobotmozimozi botnetmsinetworknetwork scanningnorth americaopendirpassword attacksphishingphishing attackprocess injectionps1quasarratraccoonclipperransomwareratreconnaissanceremcosratremote accessremote access trojanresearchedrev-base64-loaderrouter vulnerability exploitationsaint helena, ascension and tristan da cunhascams & fraudscannerscripting attackssliversmartloadersmoke loadersocial engineeringsora botnetsshdkitsystembc botnett1027t1055t1059t1059.001t1059.007t1071t1071.001t1078t1086t1105t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204t1204.001t1204.002t1486t1496t1497.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1583t1588t1589t1592t1595.001t1595.002t1595.003threat actortor nodetsunamiua-wgetunited statesvidarvipkeyloggervulnerability scanweb exploitationxloaderxwormzgrab scannerzip
Activity Timeline
Apr 7Apr 7
Threat Activity Heatmap
· Peak: 2026-04-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address, represents a critical threat to organizational security and demands immediate attention. With a perfect threat score of 100.0 and no whitelisting, this IP address is strongly associated with malicious activities, including command and control infrastructure. Its direct attribution to sophisticated threat actors Roaming Mantis and SMOKY SPIDER underscores the advanced nature of the potential adversaries. The presence of this IOC within our netw…
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenApr 10, 2025
Last seenApr 7, 2026
GeolocationCN
CountryChina
LocationJinan, Shandong
ASNAS4837
OrgChina Unicom Shandong Province Network
Coords36.6518, 117.1200
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 27.192.0.0 - 27.223.255.255 netname: UNICOM-SD descr: China Unicom Shandong province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: XZ14-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP mnt-lower: MAINT-CNCGROUP-SD mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:11:14Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: XIAOFENG ZHANG nic-hdl: XZ14-AP e-mail: [email protected] address: Jinan,Shandong P.R China phone: +86-531-6666666 fax-no: +86-531-6666666 country: CN mnt-by: MAINT-ZXF last-modified: 2008-09-04T07:29:35Z source: APNIC route: 27.192.0.0/11 descr: China Unicom Shandong Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2010-04-14T05:24:01Z source: APNIC
- references
- https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7336404647240241154-LAw9?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://urlhaus.abuse.ch/browse/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 12 threat reports