Summary (Bottom Line Up Front)
Internet-facing sensors observed sustained SMB scanning activity from 218.205.64.41 (China Mobile ASN) generating 11,554 events over approximately 5 hours on March 3, 2026. The activity represents medium-severity automated reconnaissance targeting legacy SMB implementations. Behavioral patterns indicate opportunistic scanning infrastructure conducting broad network enumeration rather than targeted intrusion attempts.
Activity Timeline
INITIAL REPORT2026-03-14T12:32:48Z
Source: Analyst Manual Entry
Internet-facing sensors observed sustained SMB scanning activity from 218.205.64.41 (China Mobile ASN) generating 11,554 events over approximately 5 hours on March 3, 2026. The activity represents medium-severity automated reconnaissance targeting legacy SMB implementations. Behavioral patterns indicate opportunistic scanning infrastructure conducting broad network enumeration rather than targeted intrusion attempts.
Technical details
Protocols Observed: SMB (Server Message Block), TCP, TCP SYN packets
Primary Attack Vector: SMB protocol abuse targeting legacy SMB1 implementations
MITRE ATT&CK Mapping: T1046 (Network Service Scanning) - Discovery phase activity
Detection Signatures Triggered:
- SMB1 usage detection (1,845 hits)
- Legacy SMB1 protocol identification (1,842 hits)
Port Targeting: Single destination port focus (specific port withheld for OPSEC)
Payload Analysis: No malicious payloads detected; activity limited to protocol enumeration
CVEs Targeted: None identified
IOCs: Source IP 218.205.64.41, consistent SMB1 probe signatures
IOCs
IP:218.205.64.41
ASN:56041
COUNTRY:CN