IOC Radar
IPMediumSignal 91/100

27.37.24.5

Location
ChinaChina
Dongguan, GD
ASN
AS17816
China Unicom Guangdong Province Network
First Seen
Apr 8, 2025
Last Seen
Feb 19, 2026
Apr 8
First Seen
441d ago
Feb 19
Last Seen
124d ago
9
Reports
source reports
91%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
91%
Signal Score
91 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryCNChina
RegionDongguan, GD
ASNAS17816
OrganizationChina Unicom Guangdong Province Network

Feed Intelligence Summary

9 reports91% confidence
9
Source reports
91%
Confidence score
Category tags
active scanningarmasciiasiaasyncratbackdoorbase64-loaderbookingbotnetbotnetdomainbrute force attackc2censyschinaclipboardhijackercode injectioncoinminercommand and controlcommand executioncredential accesscredential harvestingcredential stuffingdarktortilladarkvisionratdata exfiltrationdbatloaderdcratddosddos attacksddosagentdistributed attacksdlldocdropped-by-lummastealerelfencodedencrypted payloadexefakecaptchagafgytgeo-fencedgergetshellgh0stratguloaderhajimehijackloaderhtahtmlindicatoringress tool transferinternet of thingsiot botnetiot/ics attackjpg-base64-loaderlnklokilokibotlummastealermalicious powershell activitymalicious softwaremalwaremeterpretermipsmirai botnetmodiloadermoobotmozimsinetworknetwork scanningopendirpassword attacksphishing attackprocess injectionps1quasarratraccoonclipperratreconnaissanceremcosratremote accessresearchedrev-base64-loadersaint helena, ascension and tristan da cunhascannerscripting attackssliversmartloadersmoke loadersocial engineeringsshdkitstealerstrelastealert1027t1055t1059t1059.001t1059.005t1059.007t1071t1071.001t1078t1086t1105t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1204t1204.001t1204.002t1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1583t1588t1589t1592t1595.001t1595.002t1595.003trojan malwaretsunamiua-wgetvidarvipkeyloggerweb crawlerweb crawlingweb exploitationwsgidavwshratxloaderxml-opendirxwormzip

Threat Activity Heatmap

· Peak: 2026-02-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
91
SIGNAL
Signal Score
91%
Confidence
9
Reports
First seenApr 8, 2025
Last seenFeb 19, 2026
GeolocationCN
CountryChina
LocationDongguan, GD
ASNAS17816
OrgChina Unicom Guangdong Province Network
Coords23.0312, 113.7203

VirusTotal

Not checked

WHOIS

raw
inetnum: 27.37.0.0 - 27.37.255.255 netname: UNICOM-GDDG descr: China Unicom Dongguan city network descr: China Unicom Dongguan Branch country: CN admin-c: CG272-AP tech-c: CG272-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-CNCGROUP-GD last-modified: 2010-10-18T07:16:01Z source: APNIC role: CNCGROUP GD nic-hdl: CG272-AP e-mail: [email protected] address: XinShiKong Plaza,No 666 Huangpu Rd. Guangzhou 510627,China phone: +86-20-22214226 fax-no: +86-20-22214228 admin-c: RP181-AP tech-c: RP181-AP country: CN mnt-by: MAINT-CNCGROUP-GD last-modified: 2009-04-14T08:33:40Z source: APNIC route: 27.36.0.0/15 descr: China Unicom Guangdong Province Network country: CN origin: AS17816 mnt-by: MAINT-CNCGROUP-RR last-modified: 2010-04-12T00:56:01Z source: APNIC
references
https://urlhaus.abuse.ch/browse/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 9 threat reports