IPMediumSignal 23/100
5.5.5.5
Location
GermanyFrankfurt am Main, Hesse
ASN
AS6805
Telefonica Germany GmbH & Co.OHG
First Seen
Aug 16, 2022
Last Seen
May 7, 2026
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
23%
Signal Score
23 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionFrankfurt am Main, Hesse
ASNAS6805
OrganizationTelefonica Germany GmbH & Co.OHG
Feed Intelligence Summary
9 reports23% confidence
9
Source reports
23%
Confidence score
Category tags
.net frameworkaaaaabcdacademic institutionsaccept toggleaccount discoveryaccount hijackingaccount profilingaccount takeoveractive relatedactive scanactive scanningadded activeaerospace & defenseahsalertsamazonameranalysis dateaptartifacts of interestascii textasiaattackautomotive manufacturingav detectionsbackdoorbad actorberbewbg96gwpbinary filebodybotnetbotnet activitybrute forcebrute force attackbusiness impersonationchinacivilcivil servicesck idck idsck techniquesclick-based attackclosecode executioncode injectioncommandcommand and controlcommand executioncommunication protocolcommunication technologiescontent lengthcopy md5copy sha1copy sha256cowrie honeypotcreation datecredential accesscredential harvestingcredential stuffingcredential theftcrimecryptocurrencycryptographic stagnationdata accessdata copyingdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata transferddosddos attacksdedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydeleted file identificationdelphidenial of servicedistributed attacksdmarcdnsdns attackdnsseceducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingencryptencrypted connectionsencryptionendgameenigmaenterprise securityentriesentries peerroreu cyber policieseuropeeurope/asiaexploitation activityextortionfiles locationfinanceflag unitedformbook stealerfraudgermanygooglegovernment technologyhackershealth care and social assistancehealth information technologyhealthcare information systemshighhigher educationhong konghospital managementhostname enumerationhours agohtml documenthtml smugglinghtml_smugglinghttp attackhttp scannerhybrididentity & access exploitationids detectionsiframeindicatorindustrial automationindustrial iotindustrial productioninformation gatheringinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinjection vulnerabilityinput validation bypassinsertintelligence agency surveillanceinternet of thingsiociosiot botnetiot securityiot/ics attackipv4it infrastructurek-12 educationlaw enforcement surveillancelearnlegacy infrastructurelegendlightlinuxlocalmacmalicious activitymalicious linksmalicious softwaremalwaremalware campaignmalware distributionmalware droppermanufacturing technologymarkusmedical servicesmediummemoryfile scanmetadata analysismilitary operationsmirai botnetmitre attmobilemobile carriersmobile networksmobile securitymobile threatmovedname tacticsnational securitynetworknetwork scanningnetwork securitynextnext associatednextraynone filenortonnsonso groupoperating systempacked executableparagonpassive dnspassword attackspatch managementpath traversalpatient carepattern matchpegasuspeoplephishingphishing attackpixelpotential malware storagepresent marpresent novprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policypulse pulsespulsespulses nonepulses urlpushquality controlransomwarereconnaissanceregional securityregulatory agenciesrelated nidsrelated pulsesrelated tagsremote accessremote servicesreport spamresearchedresource hijackingrobotorole titlerussiasamsungscams & fraudscannerscrollsearchsecurity operationssentrypeer botnetsftp attackshowshowingsizeskynetsocial engineeringsocial media securitysoftware developmentsoftware vulnerabilitiessonyspamspanspawnsssh attackssh monitoringstealerstringssupply chain attacksupply chain managementsuspsystem disruptionsystemic weaknesst1001t1005t1011t1018t1019t1021t1021.001t1021.006t1027t1030t1040t1041t1055t1055.001t1057t1059t1059.001t1059.004t1059.007t1060t1064t1069.001t1070t1071t1071.001t1071.004t1078t1078.004t1088t1094t1105t1110.001t1110.002t1110.003t1110.004t1113t1114t1114.002t1133t1190t1192t1199t1202t1204.001t1204.002t1218.001t1480t1486t1490t1496t1499.001t1499.002t1499.003t1547t1553t1553.004t1562t1563.002t1565t1566t1566.001t1566.002t1566.003t1567t1567.001t1573t1583t1587.001t1588t1589t1589.001t1590.001t1595t1595.001t1595.002t1595.003t1596.001t1596.004tannertelecom servicestelecommunicationstelusthreat actorthreat intelligencetitle addedtor nodetraffic maskingtridenttrojan downloadertrojan malwaretrojandroppertrust anchor degradationtwittertype indicatortypeoftypeof eualbertaunitedunsigned protocolupgradeurlsuser executionuss cusvwusvwuvoicevoidvoipvoip attackvulnerability scanvulnerable softwareweb application attackweb application exploitationweb securityweb trafficwebviewwin32 malwarewindowwindows malwarewixwriteyarayara detectionsyeg
Activity Timeline
May 7May 7
Threat Activity Heatmap
· Peak: 2026-05-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
23
SIGNAL
Signal Score
23%
Confidence
9
Reports
First seenAug 16, 2022
Last seenMay 7, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS6805
OrgTelefonica Germany GmbH & Co.OHG
Coords51.2215, 6.7762
VirusTotal
Not checked
WHOIS
- description
- Victims business social media accounts deleted. Used to commit malicious activity against businesses, espionage , financial abuse.
- raw
- inetnum: 5.4.0.0 - 5.7.255.255 netname: DE-MEDIAWAYS-20120425 country: DE org: ORG-TDG4-RIPE admin-c: MWH6-RIPE tech-c: MWH6-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-by: MDA-Z mnt-lower: MDA-Z mnt-routes: MDA-Z created: 2012-04-25T06:13:17Z last-modified: 2018-07-30T09:52:34Z source: RIPE organisation: ORG-TDG4-RIPE org-name: Telefonica Germany GmbH & Co.OHG country: DE org-type: LIR address: Georg-Brauchle-Ring 50 address: 80992 address: M�nchen address: GERMANY phone: +498924420 admin-c: RCM25-RIPE admin-c: DK9212-RIPE abuse-c: MWH6-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: MDA-Z mnt-by: RIPE-NCC-HM-MNT mnt-by: MDA-Z created: 2004-04-17T12:45:50Z last-modified: 2024-04-30T04:43:21Z source: RIPE # Filtered role: mediaWays Hostmaster address: Telefonica Germany GmbH & Co. OHG address: Georg-Brauchle-Ring 50 address: 80992 Muenchen address: DE phone: +498924420 fax-no: +49892442198224 abuse-mailbox: [email protected] admin-c: DK9212-RIPE admin-c: RCM25-RIPE tech-c: TG819-RIPE tech-c: ASZ-RIPE nic-hdl: MWH6-RIPE mnt-by: MDA-Z created: 2001-11-06T10:42:25Z last-modified: 2022-03-31T09:18:07Z source: RIPE # Filtered route: 5.4.0.0/14 descr: Telefonica Germany GmbH & Co. OHG remarks: netname: DE-MEDIAWAYS origin: AS6805 mnt-by: MDA-Z created: 2018-08-08T09:03:25Z last-modified: 2018-08-08T09:13:47Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d, This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube., original dropped file discovery url, http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css, Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK™ matrix), https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 1 month ago
Appeared in 9 threat reports