IOC Radar
IPMediumSignal 76/100

1.255.85.176

Location
Korea, Republic ofKorea, Republic of
Seoul, Seoul
ASN
AS9318
SK Broadband Co Ltd
First Seen
Oct 17, 2024
Last Seen
Feb 15, 2026
Oct 17
First Seen
601d ago
Feb 15
Last Seen
116d ago
9
Reports
source reports
76%
Confidence
medium
5/91
VirusTotal
detections
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryKRKorea, Republic of
RegionSeoul, Seoul
ASNAS9318
OrganizationSK Broadband Co Ltd

Feed Intelligence Summary

9 reports76% confidence
9
Source reports
76%
Confidence score
Category tags
active exploitationamadeyandromargument injectionarmasciiasiaasyncratbackdoorbatchbinbotnetbruteratelc2c2 communicationc2ipcertcgicgi modecode injectioncoinminercommand and controlcommand executioncommand injectioncontrolcredential harvestingdata exfiltrationdcratddosddos attacksdestination managementdeudistributed attacksdlldropped_fileelfencodedencoding conversionexeexploitfake-msf-defenderfake-protonvpngafgytguloaderhavochg620gfhospitality serviceshtaindicatoringress tool transferinjection vulnerabilityintelinternet of thingsiot botnetiot/ics attackkorea, republic oflayered obfuscationlayered obfuscation techniqueslinpeaslotllummastealermalicious powershell activitymalicious softwaremalwaremartemassloggermeterpretermipsmirai botnetmoobotmotorolamozimsinetworkokiruon dopendiroperating systempalestine, state ofphishing attackprocess injectionps1purelogstealerqasar ratquasarquasar ratransomhubratrceredlineremcosratremote accessremote code executionresearchedrev-base64-loadersaint helena, ascension and tristan da cunhascripting attacksscripting languagesectopratsnakekeyloggersocial engineeringsouth koreasparcstealcstealerstrelastealert1005t1021.001t1027t1053.005t1055t1056t1057t1059t1059.001t1059.004t1059.007t1068t1069.001t1071t1071.001t1078t1086t1105t1133t1189t1190t1202t1203t1204t1204.001t1204.002t1210t1486t1496t1499.002t1499.003t1505t1505.003t1547.001t1565t1566t1566.001t1566.002t1566.003t1573t1588.002tourism marketingtourist attractionstransportation servicestraveltravel agenciestravel bookingtravel experiencetravel technologytrojan malwareturkeyua-wgeturlhausvbsvipkeyloggerweb application exploitationweb attackweb developmentweb exploitationweb serverweb shellx86-64x8664xmrigxmrig mineryakuzazip

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
9
Reports
First seenOct 17, 2024
Last seenFeb 15, 2026
GeolocationKR
CountryKorea, Republic of
LocationSeoul, Seoul
ASNAS9318
OrgSK Broadband Co Ltd
Coords37.5112, 126.9741

VirusTotal

5/ 91vendors flagged
5% detection rateJun 8, 2026

WHOIS

description
CC=KR ASN=AS9318 sk broadband co ltd
raw
inetnum: 1.234.0.0 - 1.255.255.255 netname: broadNnet descr: SK Broadband Co Ltd admin-c: IM670-AP tech-c: IM670-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T00:38:09Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Seoul Jung-gu Toegye-ro 24 country: KR phone: +82-80-828-2106 e-mail: [email protected] nic-hdl: IM670-AP mnt-by: MNT-KRNIC-AP last-modified: 2021-10-05T05:20:03Z source: APNIC inetnum: 1.234.0.0 - 1.255.255.255 netname: broadNnet-KR descr: SK Broadband Co Ltd country: KR admin-c: IM12-KR tech-c: IM12-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Seoul Jung-gu Toegye-ro 24 address: SK Namsan Green Bldg. country: KR phone: +82-80-828-2106 e-mail: [email protected] nic-hdl: IM12-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://www.bitdefender.com/en-us/blog/businessinsights/technical-advisory-update-mass-exploitation-cve-2024-4577, https://urlhaus.abuse.ch/browse/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 9 threat reports