Summary (Bottom Line Up Front)
A Bolivia-based threat actor at 190.181.26.29 conducted intensive SMB protocol attacks over an 11-minute window on March 6, 2026, generating 282 malicious events. The activity demonstrates automated scanning behavior targeting legacy SMB implementations with sustained, high-volume attack patterns indicating opportunistic network reconnaissance and potential lateral movement preparation.
Activity Timeline
INITIAL REPORT2026-03-14T12:38:53Z
Source: Analyst Manual Entry
A Bolivia-based threat actor at 190.181.26.29 conducted intensive SMB protocol attacks over an 11-minute window on March 6, 2026, generating 282 malicious events. The activity demonstrates automated scanning behavior targeting legacy SMB implementations with sustained, high-volume attack patterns indicating opportunistic network reconnaissance and potential lateral movement preparation.
Technical details
The observed activity exclusively targeted Server Message Block (SMB) protocol implementations, with all 282 events classified as SMB version 1 detection triggers. The attack pattern aligns with MITRE ATT&CK technique T1021.002 (Remote Services: SMB/Windows Admin Shares) for lateral movement and T1135 (Network Service Scanning) for discovery phase activities. Traffic analysis revealed consistent SMB1 protocol negotiation attempts, suggesting the actor was probing for vulnerable legacy file sharing services. The source IP 190.181.26.29 originates from ASN AS26210 (AXS Bolivia S.A.) with an AbuseIPDB reputation score of 23/100, indicating prior malicious activity reporting. No reverse DNS resolution was observed, and the source exhibited no VPN or proxy characteristics.
IOCs
IP:190.181.26.29
ASN:26210
COUNTRY:BO