IPMediumSignal 77/100
91.240.118.168
Location
Russian FederationMoscow, Moscow
First Seen
Jan 26, 2022
Last Seen
May 22, 2026
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryRussian Federation
Russian FederationRegionMoscow, Moscow
OrganizationChang Way Technologies Co. Limited
Feed Intelligence Summary
19 reports77% confidence
19
Source reports
77%
Confidence score
Category tags
abuseactive scanads infoasiaattackbad reputationbrute forcecanadacontactcopycredential harvestingcredential stuffingctacyber securityczechiadefensedenmarkemotetemotet dllemotet emailemotet malwareemotet payloademotet pmestoniaeuropeeurope/asiaexcelexcel fileexecutemalwareexploitation activityfigurefrancegermanygithubhelp centerhkhong konghotel herzoghtml fileidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceiocjumplatvialithuanialuremalicious activitymalwaremalwareiocsmanualnetbytesecnetworknextraynorth americanorwayoffice macrosphishingphishing attackpleasepolandpolicy cookiepolicy imprintpowershellpowershell codeproxypublicrandomransomwarerdpresearchedromaniarurussiarussian federationservice privacysignsocial engineeringstarstrongt1566.001t1566.002t1566.003t1587.001t1590.001thread hijackingthreat actortor nodetranslate tweetturkeytwitterukraineunited kingdomunited statesurlsvb scriptvba macroview
Activity Timeline
May 22May 22
Threat Activity Heatmap
· Peak: 2026-05-22LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
19
Reports
First seenJan 26, 2022
Last seenMay 22, 2026
GeolocationRU
CountryRussian Federation
LocationMoscow, Moscow
OrgChang Way Technologies Co. Limited
Coords55.7386, 37.6068
VirusTotal
Not checked
WHOIS
- description
- This IOC report provided and daily updated by NextRay AI Detection & Response Inc.
- raw
- inetnum: 91.0.0.0 - 91.255.255.255 netname: RIPE-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the RIPE Whois Database, which contains remarks: details of IP addresses allocated in Europe, the remarks: Middle East, and northern Africa: remarks: remarks: website: http://www.ripe.net/perl/whois remarks: command line: whois.ripe.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
- references
- https://unit42.paloaltonetworks.com/new-emotet-infection-method/, February 16th, 2022 - CryptoGen Cyber Threat Intelligence - Emotet now spreads via Malicious Excel Files.pdf, blacklist_ip.backup, https://www.kaspersky.com/resource-center/threats/emotet, https://notes.netbytesec.com/2022/02/technical-malware-analysis-return-of.html, https://twitter.com/MBThreatIntel/status/1486822582611595266, https://github.com/executemalware/Malware-IOCs/blob/main/2022-01-27%20Emotet%20PM%20IOCs
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 22 days ago
Appeared in 19 threat reports