IOC Radar
IPMediumSignal 39/100

27.78.70.157

Location
VietnamVietnam
Ho Chi Minh City, SG
ASN
AS7552
VIETTEL
First Seen
Apr 7, 2025
Last Seen
May 5, 2026
Apr 7
First Seen
433d ago
May 5
Last Seen
40d ago
15
Reports
source reports
39%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryVNVietnam
RegionHo Chi Minh City, SG
ASNAS7552
OrganizationVIETTEL

Feed Intelligence Summary

15 reports39% confidence
15
Source reports
39%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningasiaattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication failuresautomated attackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcbrute-forcec2 servercommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostscowrie honeypotcredential accesscredential stuffingcredential stuffing attemptsdata exfiltrationdata store exposuredata theftddosdecoy systemdenial of servicedistributed attackseuropeexploitation activityfail2ban alertfail2ban eventsfail2ban logsfail2ban triggeredfailed authenticationfailed loginsfin scanningfinlandftp brute forcegeoiphackinghttp brute forceidentity & access exploitationimap brute forceindicatorinfoinformation technologyinitial accessinjection activityiocit infrastructurelateral movementlogin attacklogin attackslogin attempt failureslogin attemptslogin brute forcelogin brute-forcemalicious activitymalicious softwaremalwaremalware distributionnetworknetwork attacksnetwork intrusionnetwork intrusion detectionnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnoticenull scanningoceaniapassword attackpassword attacksphishingprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote servicesresearchedscannerscanning activitysecurity alertsecurity operationssecurity policyservice scansftp attacksmtp brute forcesocradar honeypotsoftware developmentspamsshssh attackssh monitoringswedensyn scanningt-pott1021t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1486t1496t1499.002t1499.003t1565t1573t1588t1588.002t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003tcp protocoltcp scanningtelnet threatthreat actorthreat intelligencethreat preventiontor nodetpottpotceunauthorized accessunauthorized login attemptunited kingdomviet namvietnamvnvpsvulnerability scanxmas scanning

Activity Timeline

1 total obs
May 5May 5

Threat Activity Heatmap

· Peak: 2026-05-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
15
Reports
First seenApr 7, 2025
Last seenMay 5, 2026
GeolocationVN
CountryVietnam
LocationHo Chi Minh City, SG
ASNAS7552
OrgVIETTEL
Coords10.8326, 106.6581

VirusTotal

Not checked

WHOIS

description
SSH brute force IOCs collected mainly from hosts located in Finland
raw
inetnum: 27.64.0.0 - 27.79.255.255 netname: VIETTEL-VN descr: Viettel Group descr: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN admin-c: TVT8-AP tech-c: NDT9-AP status: ALLOCATED PORTABLE mnt-by: MAINT-VN-VNNIC mnt-irt: IRT-VNNIC-AP last-modified: 2017-11-11T09:36:50Z source: APNIC irt: IRT-VNNIC-AP address: Ha Noi, VietNam phone: +84-24-35564944 fax-no: +84-24-37821462 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NTTT1-AP tech-c: NTTT1-AP auth: # Filtered mnt-by: MAINT-VN-VNNIC last-modified: 2025-09-04T05:18:22Z source: APNIC person: Nguyen Dang Tiep address: Viettel Network Corporation address: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN phone: +84-24-62989898 e-mail: [email protected] nic-hdl: NDT9-AP mnt-by: MAINT-VN-VIETEL last-modified: 2017-11-11T09:40:35Z source: APNIC person: Tran Van Thanh address: Viettel Network Corporation address: No 1, Tran Huu Duc street, My Dinh 2 ward, Nam Tu Liem district, Ha Noi City country: VN phone: +84-24-62989898 e-mail: [email protected] nic-hdl: TVT8-AP mnt-by: MAINT-VN-VIETEL last-modified: 2018-08-21T09:57:13Z source: APNIC route: 27.64.0.0/12 descr: VIETTEL-VN origin: AS24086 mnt-by: MAINT-VN-VNNIC last-modified: 2025-08-14T17:15:01Z source: APNIC route: 27.64.0.0/12 descr: VIETTEL-VN origin: AS38731 mnt-by: MAINT-VN-VNNIC last-modified: 2025-08-14T17:15:06Z source: APNIC route: 27.64.0.0/12 descr: VIETTEL-VN origin: AS7552 mnt-by: MAINT-VN-VNNIC last-modified: 2025-08-14T17:14:56Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, ip.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 15 threat reports