IOC Radar
IPMediumSignal 39/100

77.246.217.23

Location
BulgariaBulgaria
Sofia, Sofia-grad
ASN
AS49072
Novatech EOOD
First Seen
Dec 28, 2024
Last Seen
Mar 31, 2026
Dec 28
First Seen
535d ago
Mar 31
Last Seen
77d ago
9
Reports
source reports
39%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Network Information

CountryBGBulgaria
RegionSofia, Sofia-grad
ASNAS49072
OrganizationNovatech EOOD

Feed Intelligence Summary

9 reports39% confidence
9
Source reports
39%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningattackbad reputationbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbulgariac2c2 communicationcommand & controlcommand and controlcommunication protocolcommunication technologiescompromised credentialscompromised hostconnected devicescowrie honeypotcredential accesscredential attackcredential stuffingdata encryptiondata exfiltrationdata store exposureddosddos attackdecoy systemdefault credentialsdefault password attackdenial of servicedevice managementdistributed attacksencryptioneuropeexploitexploitationexploitation activityexploitation attemptsexploited hostfinlandfranceftpftp brute forcegermanyglobalhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttpsidentity & access exploitationindicatorindustrial iotinfected systeminfrastructure acquisitionreconnaissanceinitial accessinjection activityinternet of thingsintrusion detectioniot analyticsiot applicationsiot platformsiot securityiot targetedlamplateral movementlegacy protocol abuselogin attemptmalicious activitymalicious communicationmalicious domainsmalicious ipsmalicious sftp activitymalicious softwaremalicious ssh activitymalwaremirai variantmobile carriersmobile networksnetworknetwork attacksnetwork intrusionnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaosint enrichmentpassword attackpassword attackspolandprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote access attemptremote servicesresearchedrouter exploitationscannerscanning activitysecurity operationssecurity policyservice scansftp attacksmart devicessmtp brute forcessh attackssh monitoringt1016t1021t1021.001t1021.002t1021.004t1040t1041t1046t1053t1055t1059t1059.001t1068t1071t1071.001t1071.004t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1497.001t1499.001t1499.002t1499.003t1550.002t1555.003t1563t1565t1566t1573t1573.001t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003tcp protocoltcp scantcp/23telecom servicestelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeudp scanunauthorized access attemptunited statesvoipvulnerability scanweak passwordsweb traffic

Activity Timeline

1 total obs
Mar 31Mar 31

Threat Activity Heatmap

· Peak: 2026-03-31
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
9
Reports
First seenDec 28, 2024
Last seenMar 31, 2026
GeolocationBG
CountryBulgaria
LocationSofia, Sofia-grad
ASNAS49072
OrgNovatech EOOD
Coords42.6027, 23.4759

VirusTotal

Not checked

WHOIS

description
Scanner activity detected in SSH honeypot (1 attack attempts , 2 interactions)
raw
inetnum: 77.246.217.0 - 77.246.217.255 netname: BG-I-NET-77-246-217 descr: BG-I-NET-217 country: BG admin-c: NI974-RIPE tech-c: NI974-RIPE status: ASSIGNED PA mnt-by: bg-i-net-1-mnt created: 2014-05-15T12:47:05Z last-modified: 2019-04-12T06:14:43Z source: RIPE role: NOC I-NET-BG address: 47A Sytniakovo bul, Reduta 1505 address: SOFIA address: BULGARIA admin-c: MP28184-RIPE tech-c: MP28184-RIPE nic-hdl: NI974-RIPE mnt-by: I-NETBG mnt-by: bg-i-net-1-mnt created: 2019-04-12T05:55:21Z last-modified: 2019-04-12T05:55:21Z source: RIPE # Filtered route: 77.246.217.0/24 origin: AS49072 mnt-by: bg-i-net-1-mnt created: 2023-10-02T11:51:49Z last-modified: 2023-10-02T11:51:49Z source: RIPE route: 77.246.217.0/24 descr: BG-I-NET-217 origin: AS60447 mnt-by: bg-i-net-1-mnt created: 2014-05-21T14:00:46Z last-modified: 2018-08-21T15:22:03Z source: RIPE
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 9 threat reports