103.230.107.236

Summary (Bottom Line Up Front)

External host 103.230.107.236 from Bangladesh conducted SMBv1 reconnaissance against internal networks on March 6, 2026 at approximately 11:00 UTC, generating 328 events over 30 minutes. This activity represents CRITICAL-level threat due to targeting of inherently vulnerable SMBv1 services accessible from external networks. Immediate action required to block source IP and audit SMB exposure.

smb

SMB

Activity Timeline

INITIAL REPORT2026-03-21T15:21:21Z

Source: Analyst Manual Entry

Technical details

Source: 103.230.107.236 (AS45925 Teletalk Bangladesh Ltd., AbuseIPDB score 100/100)

Attack Vector: SMBv1 protocol exploitation attempts with NTLM authentication

Volume: 328 events over 30-minute window (March 6, 2026 11:00-12:00 UTC)

MITRE Technique: T1021.002 (Remote Services: SMB/Windows Admin Shares)

Kill Chain Phase: Reconnaissance

Key Patterns: SMBv1 protocol detection, NTLM authentication attempts, NTLM negotiation

IOCs: 103.230.107.236, open services on ports 80/2022/8443/10443

Assessment: High confidence (85%) reconnaissance activity potentially preceding EternalBlue or similar SMBv1 exploitation

IOCs

IP:103.230.107.236

ASN:45925

COUNTRY:BD

Recommendations

Block IP 103.230.107.236 at perimeter firewalls and update threat intelligence feeds immediately
Conduct emergency audit of all SMB services accessible from external networks and disable SMBv1 protocol organization-wide
Implement network segmentation to prevent SMB traffic from crossing network boundaries unnecessarily
Deploy enhanced monitoring for SMB-related activities, particularly focusing on external-to-internal SMB connections
Review and harden all Windows systems to ensure SMBv1 is disabled and latest security patches are applied