IOC Radar
IPMediumSignal 100/100

37.229.245.160

Location
UkraineUkraine
Dnipro, Dnipropetrovsk Oblast
ASN
AS15895
Kyivstar LLC
First Seen
Dec 19, 2024
Last Seen
Feb 15, 2026
Dec 19
First Seen
544d ago
Feb 15
Last Seen
121d ago
12
Reports
source reports
99%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryUAUkraine
RegionDnipro, Dnipropetrovsk Oblast
ASNAS15895
OrganizationKyivstar LLC

Feed Intelligence Summary

12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningbotnetbrute forcebrute force attackbrute force attemptcommand and controlcommunication protocolcommunication technologiesconnected devicescredential accesscredential harvestingcredential stuffingctadata exfiltrationddos attacksdecoy systemdefault credentialsdevice managementdistributed attackseuropeglobalindicatorindustrial iotinfrastructure acquisitionreconnaissanceinternet of thingsintrusion detectioniociot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackloginmalicious activitymalicious network activitymalicious softwaremalwaremanualmirai botnetmirai variantmobile carriersmobile networksnetworknetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningpassword attacksphishing attackprocess injectionprotocol exploitationreconnaissanceresearchedrouter exploitationscanscannerscanning activitysecurity policysmart devicessocial engineeringssh attackt1021.001t1021.002t1040t1046t1055t1056.001t1059.001t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1497.001t1499.001t1499.002t1499.003t1550.002t1555.003t1565t1566.001t1566.002t1566.003t1587.001t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreat preventionukrainevoipweak passwords

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenDec 19, 2024
Last seenFeb 15, 2026
GeolocationUA
CountryUkraine
LocationDnipro, Dnipropetrovsk Oblast
ASNAS15895
OrgKyivstar LLC
Coords48.2395, 35.5119

VirusTotal

Not checked

WHOIS

description
Security researchers have uncovered a global botnet campaign targeting VoIP- enabled routers that are configured with default or weak Telnet passwords. This botnet exhibits characteristics similar to the Mirai botnet. It was initially detected in rural New Mexico and later traced to over 500 infected systems worldwide. The threat highlights how exposed and poorly secured VoIP infrastructure is being exploited to power large-scale botnets. Organizations that rely on VoIP technology especially utilities and ISPs face an immediate risk if their devices are internet facing and not properly secured.
raw
inetnum: 37.229.128.0 - 37.229.255.255 netname: KYIVSTAR-NET-15 descr: Kyivstar GSM descr: Ukrainian mobile phone operator country: UA admin-c: KSUA-RIPE tech-c: KSUA-RIPE status: ASSIGNED PA mnt-by: KYIVSTAR-MNT mnt-lower: KYIVSTAR-MNT mnt-routes: KYIVSTAR-MNT created: 2012-09-07T09:07:46Z last-modified: 2012-09-07T09:07:46Z source: RIPE role: Kyivstar PJSC address: Degtyarevskaya, 53 address: Kiev, Ukraine admin-c: AEL17-RIPE admin-c: EB14332-RIPE tech-c: NP1533-RIPE tech-c: EB14332-RIPE tech-c: AEL17-RIPE nic-hdl: KSUA-RIPE remarks: Please send all abuse reports here: abuse-mailbox: [email protected] mnt-by: KYIVSTAR-MNT created: 2003-05-19T14:48:31Z last-modified: 2023-02-23T14:09:33Z source: RIPE # Filtered route: 37.229.0.0/16 descr: Kyivstar GSM, Kiev, Ukraine origin: AS15895 mnt-by: KYIVSTAR-MNT created: 2012-04-10T12:39:48Z last-modified: 2012-04-10T12:39:48Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 12 threat reports