IOC Radar
IPMediumSignal 47/100

5.53.123.43

Location
Russian FederationRussian Federation
Moscow, Moskva
ASN
AS50340
Selectel
First Seen
Jul 6, 2025
Last Seen
Apr 12, 2026
Jul 6
First Seen
353d ago
Apr 12
Last Seen
72d ago
19
Reports
source reports
47%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryRURussian Federation
RegionMoscow, Moskva
ASNAS50340
OrganizationSelectel

Feed Intelligence Summary

19 reports47% confidence
19
Source reports
47%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotattackaustraliabad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute_forcecisco devicecisco exploit attemptscisco_exploitcommand and controlcommunication protocolcompromised hostcowrie activitycowrie honeypotcowrie_attackcredential accesscredential harvestingcredential stuffingcredential_accessdata exfiltrationdata store exposuredatabase brute forceddosdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdistributed attacksenterprise networkingenumerationeurope/asiaexfiltrationexploitationexploitation activityftpftp brute forcehackinghoneytrap honeypothttp brute forcehttp probinghttp scanneridentity & access exploitationindicatorinitial_accessinjection activityiocipv4lamplamp exploit attemptslamp_exploitlateral movementmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware download attemptsnetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisoceaniapassword attackspassword sprayingphishingphishing attackpotential malware uploadprocess injectionprotocol exploitationransomwarereconnaissanceremote accessresearchedresource hijackingrussiascanscannerscanner activitysecurity policysentrypeer botnetservice scansftp attacksftp_attacksip brute forcesip probingsip scanningsip_attacksocial engineeringsocradar honeypotspamsql injection attemptsssh attackssh monitoringssh scanningssh_bruteforcesshdt1018t1021t1021.004t1040t1041t1046t1055t1059t1068t1071t1071.001t1078t1078.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1199t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1589t1590t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodevoipvoip attackvulnerability scanweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Apr 12Apr 12

Threat Activity Heatmap

· Peak: 2026-04-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
19
Reports
First seenJul 6, 2025
Last seenApr 12, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moskva
ASNAS50340
OrgSelectel
Coords55.7558, 37.6173

VirusTotal

Not checked

WHOIS

description
dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw
inetnum: 5.53.123.0 - 5.53.123.255 netname: SELECTEL-NET descr: Selectel Network status: ASSIGNED PA country: RU geofeed: https://geofeed.selectel.ru/subnets.csv admin-c: SA32710-RIPE tech-c: SA32710-RIPE mnt-by: MNT-SELECTEL created: 2019-07-01T11:18:28Z last-modified: 2023-06-01T07:53:39Z source: RIPE role: SELECTEL-NOC address: Russia, Saint-Petersburg, Cvetochnaya st. 21 admin-c: CMH-RIPE admin-c: KS9134-RIPE admin-c: TL5407-RIPE admin-c: RVA179-RIPE admin-c: EN5675-RIPE admin-c: NS8369-RIPE admin-c: AD16782-RIPE admin-c: AN33480-RIPE admin-c: KV3619-RIPE tech-c: CMH-RIPE tech-c: KS9134-RIPE tech-c: TL5407-RIPE tech-c: RVA179-RIPE tech-c: EN5675-RIPE tech-c: NS8369-RIPE tech-c: AD16782-RIPE tech-c: AN33480-RIPE tech-c: AN33869-RIPE tech-c: KV3619-RIPE nic-hdl: SA32710-RIPE mnt-by: mnt-selectel created: 2015-01-19T15:40:16Z last-modified: 2025-05-13T07:58:33Z source: RIPE # Filtered route: 5.53.120.0/22 descr: Selectel Route Object origin: AS50340 mnt-by: MNT-SELECTEL created: 2019-07-01T11:18:27Z last-modified: 2019-07-01T11:18:27Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 2 months ago
Appeared in 19 threat reports