IOC Radar
IPMediumSignal 41/100

5.167.12.23

Location
Russian FederationRussian Federation
Angarsk, IRK
ASN
AS51645
JSC "ER-Telecom Holding" Irkutsk Branch
First Seen
Jun 30, 2025
Last Seen
Apr 20, 2026
Jun 30
First Seen
359d ago
Apr 20
Last Seen
64d ago
11
Reports
source reports
41%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

49 techniques

Network Information

CountryRURussian Federation
RegionAngarsk, IRK
ASNAS51645
OrganizationJSC "ER-Telecom Holding" Irkutsk Branch

IP Category

Proxy
Proxy server

Feed Intelligence Summary

11 reports41% confidence
11
Source reports
41%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningattackbad reputationbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksc2c2 communicationcommand & controlcommand and controlcompromised credentials attemptcompromised hostscowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposureddosddos preparationdecoy systemdionaea honeypotdistributed attacksenumerationeurope/asiaexploit attemptsexploitationexploitation activityfailed login attemptsftp brute forcehoneytrap honeypothttp scanninghttps scanningidentity & access exploitationindicatorinjection activitylamplamp exploitation attemptlateral movementmalicious activitymalicious payload attemptmalicious softwaremalwaremalware behaviourmalware capturemalware distributionnetworknetwork enumerationnetwork intrusionnetwork scanningnetwork securitynetwork service scanningpassword attackspassword sprayingpotential malware uploadprocess injectionprotocol exploitationproxyproxy activityransomwarereconnaissanceremote accessresearchedrussiascannersecurity policyself-signedservice scansftp attackshellsmtp scanningsocradar honeypotssh attackssh monitoringt1003t1005t1016t1018t1021t1021.004t1040t1041t1043t1047t1053t1053.005t1055t1056t1059t1071t1071.001t1071.002t1071.004t1078t1078.001t1083t1090t1090.001t1090.002t1090.003t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1497t1499.002t1499.003t1550t1552t1555t1556t1565t1573t1595t1595.001t1595.002t1595.003telnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor node

Activity Timeline

1 total obs
Apr 20Apr 20

Threat Activity Heatmap

· Peak: 2026-04-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
11
Reports
First seenJun 30, 2025
Last seenApr 20, 2026
GeolocationRU
CountryRussian Federation
LocationAngarsk, IRK
ASNAS51645
OrgJSC "ER-Telecom Holding" Irkutsk Branch
Coords52.2978, 104.2964
Proxy

VirusTotal

Not checked

WHOIS

description
dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw
inetnum: 5.167.8.0 - 5.167.15.255 netname: ERTH-IRKUTSK-PPPOE-14-NET descr: JSC "ER-Telecom Holding" Irkutsk branch descr: Irkutsk, Russia descr: PPPoE individual customers country: RU admin-c: ERTH38-RIPE org: ORG-CHIB2-RIPE tech-c: ERTH38-RIPE status: ASSIGNED PA mnt-by: RAID-MNT geoloc: 52.27777945615291 104.30080270996086 remarks: INFRA-AW created: 2013-08-02T12:44:18Z last-modified: 2016-01-25T06:25:21Z source: RIPE # Filtered organisation: ORG-CHIB2-RIPE org-name: JSC "ER-Telecom Holding" Irkutsk Branch org-type: OTHER descr: TM DOM.RU, Irkutsk ISP address: shosse Kosmonavtov, 111 address: 614099 Perm' address: Russian Federation phone: +7 342 2462 367 fax-no: +7 342 2195 104 admin-c: ERTH38-RIPE tech-c: ERTH38-RIPE abuse-c: RAID1-RIPE mnt-ref: RAID-MNT mnt-by: RAID-MNT created: 2011-06-16T11:29:23Z last-modified: 2019-10-18T09:11:48Z source: RIPE # Filtered role: Network Operation Center CJSC ER-Telecom Holding Irkutsk branch address: CJSC "ER-Telecom Holding" Irkutsk branch address: shosse Kosmonavtov, 111 address: 614099 Perm' address: Russian Federation phone: +7 342 2 195 100 fax-no: +7 342 2 195 100 admin-c: RAID1-RIPE tech-c: RAID1-RIPE nic-hdl: ERTH38-RIPE created: 2011-06-16T11:23:49Z last-modified: 2019-10-18T13:08:27Z source: RIPE # Filtered mnt-by: RAID-MNT route: 5.167.12.0/22 origin: AS51645 org: ORG-CHIB2-RIPE descr: CJSC "ER-Telecom Holding" Irkutsk branch descr: Irkutsk, Russia mnt-by: RAID-MNT created: 2013-06-21T12:09:02Z last-modified: 2013-06-21T12:09:02Z source: RIPE organisation: ORG-CHIB2-RIPE org-name: JSC "ER-Telecom Holding" Irkutsk Branch org-type: OTHER descr: TM DOM.RU, Irkutsk ISP address: shosse Kosmonavtov, 111 address: 614099 Perm' address: Russian Federation phone: +7 342 2462 367 fax-no: +7 342 2195 104 admin-c: ERTH38-RIPE tech-c: ERTH38-RIPE abuse-c: RAID1-RIPE mnt-ref: RAID-MNT mnt-by: RAID-MNT created: 2011-06-16T11:29:23Z last-modified: 2019-10-18T09:11:48Z source: RIPE # Filtered
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 2 months ago
Appeared in 11 threat reports