Summary (Bottom Line Up Front)
IP address 103.231.45.44 (AS59165 Auspice Infratel Pvt. Ltd., India) conducted sustained SMB reconnaissance activity on March 14, 2026, generating 949 events over approximately 5 minutes. This represents medium-severity reconnaissance activity with potential for follow-on exploitation attempts. Network defenders should immediately review SMB exposure and implement enhanced monitoring for this source IP.
Activity Timeline
INITIAL REPORT2026-03-14T17:39:10Z
Source: batch_hunting
IP address 103.231.45.44 (AS59165 Auspice Infratel Pvt. Ltd., India) conducted sustained SMB reconnaissance activity on March 14, 2026, generating 949 events over approximately 5 minutes. This represents medium-severity reconnaissance activity with potential for follow-on exploitation attempts. Network defenders should immediately review SMB exposure and implement enhanced monitoring for this source IP.
Technical details
- Source: 103.231.45.44 (India, AS59165 Auspice Infratel Pvt. Ltd.)
- Activity Window: March 14, 2026, 08:00-09:00 UTC
- Volume: 949 events across SMB protocols
- Primary Technique: SMBv1 detection attempts (373 instances)
- MITRE ATT&CK Mapping: T1135 (Network Service Scanning), T1021.002 (Remote Services: SMB/Windows Admin Shares)
- Protocols Observed: SMB, SMBv1, TCP SYN scanning
- IOCs: 103.231.45.44, concentrated targeting of single destination port
- Threat Assessment: Medium severity - reconnaissance phase with exploitation potential
IOCs
IP:103.231.45.44
ASN:59165
COUNTRY:IN
Recommendations
- Block IP address 103.231.45.44 at network perimeter and monitor for additional IPs from AS59165
- Audit and disable SMBv1 protocol across all Windows systems if not operationally required
- Implement enhanced logging and alerting for SMB connection attempts from external sources
- Review firewall rules to ensure SMB ports (445, 139) are not exposed to internet-facing interfaces
- Deploy network segmentation to limit SMB protocol access to authorized internal systems only