Threat Intelligence Feed — Tag: SMB_SCAN

A South Korean IP address (221.166.248.230) conducted sustained automated credential capture attacks against network infrastructure over a 5-day period from March 28-April 2, 2026, generating 1,240 malicious events. This represents low-sophistication opportunistic scanning with medium threat level d…

External IP address 45.33.12.214 conducted sustained multi-protocol reconnaissance activity over 42 days (March 3-April 14, 2026), targeting SMB, RDP, HTTP, and TLS services across 4 unique ports with 55 total events observed. Assessment indicates low-to-moderate threat level focused on network enum…