IOC Radar
IPMediumSignal 51/100

5.181.27.219

Location
United KingdomUnited Kingdom
Harlesden, ENG
ASN
AS202422
GCL
First Seen
Mar 15, 2025
Last Seen
Jun 14, 2026
Mar 15
First Seen
458d ago
Jun 14
Last Seen
2d ago
6
Reports
source reports
51%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

60 techniques

Network Information

CountryGBUnited Kingdom
RegionHarlesden, ENG
ASNAS202422
OrganizationGCL

Feed Intelligence Summary

6 reports51% confidence
6
Source reports
51%
Confidence score
Category tags
accessactive scanningactorsandroidbackdoorbackdoor installationblack lotusbodyboombotnetbotnet activitybrute forcebusiness email compromisebuttonc2 communicationchinacmdcodecode executioncode injectioncommand and controlcommand executioncommand injectioncommunication protocolconnectcovid19coyotecredential accesscredential harvestingcredential stuffingcritical infrastructurecsscvecyber espionagecyber securitydata breachdata encryptiondata exfiltrationdata theftdatabase securityddosddos attacksdenial of servicedirectory traversaldistributed attacksdosdroppereducationemaileuropeexploitexploit kit usagefilefilesfinfinchformftpftp brute forcegbgdrivegithubglobalgroupshigher educationhttphttp brute forcehttp scannerhttpsindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection attacksinternet of thingsintrusion detectioniociocsiotiot botnetiot/ics attacklabslateral movementlinkmalicious softwaremalwaremanualmedia & entertainmentmetadata analysismirai botnetmsinetnetworknetwork attacksnetwork compromisenetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securityngroknosediveonepassword sprayingphishingphishing attackphishing campaignprivilege escalationprocess injectionransomware threatraptor trainreconnaissancereloadremote accessremote code executionremote servicesresearchedroutersscannerscanning activityscriptscripting attacksslugsocial engineeringsocial media securitysohospansparrowssh attackstarstealersummitsupportsurface websynsystem compromiset1016t1018t1021t1021.001t1021.002t1040t1047t1053t1055t1059t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1133t1189t1190t1203t1204t1210t1486t1490t1496t1499.001t1499.002t1499.003t1547t1563t1565t1566t1566.001t1566.002t1566.003t1587.001t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1592t1592.001t1592.002t1592.003t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationsthreat intelligencetiertopunauthorized accessunauthorized access attemptunited kingdomunixurlvulnerabilityweb attackweb exploitationweb loginweb trafficwebsitewindowsxmasxssyara

Activity Timeline

1 total obs
Jun 14Jun 14

Threat Activity Heatmap

· Peak: 2026-06-14
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
6
Reports
First seenMar 15, 2025
Last seenJun 14, 2026
GeolocationGB
CountryUnited Kingdom
LocationHarlesden, ENG
ASNAS202422
OrgGCL
Coords51.5064, -0.0200

VirusTotal

Not checked

WHOIS

description
CC=GB ASN=AS202422 G-Core Labs S.A.
raw
inetnum: 5.181.27.0 - 5.181.27.255 descr: G-Core Labs Customer assignment netname: GCL-CUSTOMER-GB country: GB admin-c: LA5122-RIPE tech-c: LA5122-RIPE status: ASSIGNED PA mnt-by: GCL1-MNT created: 2021-07-09T13:34:01Z last-modified: 2021-07-09T13:34:01Z source: RIPE geoloc: 51.4988377 -0.0166814 person: LIR Admin address: G-Core Labs S.A. address: 2 Rue Edmond Reuter address: 5326 Contern phone: +35220880507 nic-hdl: LA5122-RIPE mnt-by: GCL1-MNT created: 2012-12-05T15:05:34Z last-modified: 2023-07-17T19:38:48Z source: RIPE # Filtered route: 5.181.27.0/24 origin: AS199524 mnt-by: GCL1-MNT created: 2021-06-29T13:30:08Z last-modified: 2021-06-29T13:30:08Z source: RIPE route: 5.181.27.0/24 descr: GCL-146-185-251-0-24 origin: AS202422 mnt-by: GCL1-MNT created: 2021-11-02T13:28:50Z last-modified: 2021-11-02T13:28:50Z source: RIPE
references
https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/0/CSA-PRC-LINKED-ACTORS-BOTNET.PDF, https://blog.lumen.com/derailing-the-raptor-train, https://blog.lumen.com/derailing-the-raptor-train/, https://github.com/blacklotuslabs/IOCs/blob/main/Raptor_Train_IOCs.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 days ago
Appeared in 6 threat reports