IOC Radar
IPMediumSignal 77/100

27.37.127.126

Location
ChinaChina
Dongguan, Guangdong
ASN
AS17816
China Unicom Guangdong Province Network
First Seen
Apr 12, 2026
Last Seen
May 22, 2026
Apr 12
First Seen
62d ago
May 22
Last Seen
22d ago
8
Reports
source reports
77%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

7 techniques

Network Information

CountryCNChina
RegionDongguan, Guangdong
ASNAS17816
OrganizationChina Unicom Guangdong Province Network

Feed Intelligence Summary

8 reports77% confidence
8
Source reports
77%
Confidence score
Category tags
abusech-urlhaus-c2cactive scanactive scanningallasenhaapkaptarcarmarm5arm6arm7asciiasiaasyncratayakashibackdoorbad reputationbase64-loaderboatnetbotbotnetbotnet activitybrute forcebrute force attackbrute-forcec2castleratchinacncnccobaltstrikecoinminercommand & controlcredential accesscredential stuffingcryptocurrencyddosddosagentdropped-by-amadeydropped-by-phorpiexelfencodedencryptionexeexecutable fileexploitation activityexploited hostgafgytgithubgolanggotoresolveguloaderhackinghajimehtai468i686identity & access exploitationindicatorinfostealeriot securityiot targetedkemo828kimsukyladvixloaderlodalodaratluam68kmalwaremassloggermemzmipsmips.miraimobile threatmozimpslmsinetworkopendirpassword attacksphantomstealerphishingpowerpcpowershellppcps1purecrypterpureratqbotransomwareratreconnaissanceremcosratresearchedrev-base64-loaderrmmrustystealersaint helena, ascension and tristan da cunhasalatstealersantastealerscams & fraudscannerscriptshsmartloadersparcspcsshsuperht1110.001t1110.002t1110.003t1110.004t1595.001t1595.002t1595.003threat actortor nodeua-wgetvidarweb app attackx86x86_64xwormzip

Activity Timeline

1 total obs
May 22May 22

Threat Activity Heatmap

· Peak: 2026-05-22
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
8
Reports
First seenApr 12, 2026
Last seenMay 22, 2026
GeolocationCN
CountryChina
LocationDongguan, Guangdong
ASNAS17816
OrgChina Unicom Guangdong Province Network
Coords23.0207, 113.7520

VirusTotal

Not checked

WHOIS

raw
inetnum: 27.37.0.0 - 27.37.255.255 netname: UNICOM-GDDG descr: China Unicom Dongguan city network descr: China Unicom Dongguan Branch country: CN admin-c: CG272-AP tech-c: CG272-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-CNCGROUP-GD last-modified: 2010-10-18T07:16:01Z source: APNIC role: CNCGROUP GD nic-hdl: CG272-AP e-mail: [email protected] address: XinShiKong Plaza,No 666 Huangpu Rd. Guangzhou 510627,China phone: +86-20-22214226 fax-no: +86-20-22214228 admin-c: RP181-AP tech-c: RP181-AP country: CN mnt-by: MAINT-CNCGROUP-GD last-modified: 2009-04-14T08:33:40Z source: APNIC route: 27.36.0.0/15 descr: China Unicom Guangdong Province Network country: CN origin: AS17816 mnt-by: MAINT-CNCGROUP-RR last-modified: 2010-04-12T00:56:01Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 22 days ago
Appeared in 8 threat reports