← Back to feed
AS12389 Rostelecom
ASN Active mediumWhy this campaign was detected
5 IPs from the same network (Rostelecom, AS12389) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS12389 · Rostelecom
Subnet
—
Country
🇷🇺 RU
Cloud Provider
—
Member Count
5 IPs
Below average
Total Events
2403
Below average by volume
Started / Ended
2026-02-18 16:09 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Command and Control
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 178.185.136.57 | credential_harvester | 71% | 1x OSINT | 1735 | 3 | ssh:bruteforce | — | 2026-05-02 20:43 | evidence → |
| 95.71.127.158 | credential_harvester | 54% | 142 | 2 | ssh:bruteforce | — | 2026-05-08 00:06 | evidence → | |
| 88.205.172.170 | scanner | 47% | 1x OSINT | 8 | 3 | ssh:bruteforce | — | 2026-05-07 16:35 | evidence → |
| 81.177.101.45 | credential_harvester | 46% | 1x OSINT | 532 | 1 | ssh:bruteforce | — | 2026-05-03 04:20 | evidence → |
| 178.45.130.103 | opportunistic_bruter | 22% | 6 | 1 | ssh:bruteforce | — | 2026-05-05 04:31 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds