IOC Radar
IPMediumSignal 47/100

103.173.227.188

Location
VietnamVietnam
Quận Phú Nhuận, Ho Chi Minh
ASN
AS151858
Inter Group Viet NAM Joint Stock Company
First Seen
Apr 7, 2023
Last Seen
Jun 23, 2026
Apr 7
First Seen
1173d ago
Jun 23
Last Seen
today
22
Reports
source reports
47%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
47%
Signal Score
47 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

55 techniques

Network Information

CountryVNVietnam
RegionQuận Phú Nhuận, Ho Chi Minh
ASNAS151858
OrganizationInter Group Viet NAM Joint Stock Company

Feed Intelligence Summary

22 reports47% confidence
22
Source reports
47%
Confidence score
Category tags
abuseabuseipdbaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotaerospace & defenseantispamapacheapache attackerapplication layer attackapplication layer protocolaptasiaattackauthenticationautomotive manufacturingbad reputationbad web botblocklistblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcebrute_forcebruteforcec2 communicationc2 serverciscocisco attackcisco devicecisco device targetingcisco exploit attemptscisco_exploitcivil servicescommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostsconpotconpot honeypotcowriecowrie activitycowrie honeypotcowrie_attackcredential accesscredential harvestingcredential stuffingcredential-accesscredential_accesscyber securitydata exfiltrationdata store exposuredata theftdatabase attackdatabase enumerationddosddos attackddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaeadionaea activitydionaea capturedionaea honeypotdistributed attackselectronics manufacturingemailemerging threatsenterprise networkingeuropeexecutable fileexploitation activityexploitation attemptsexploited hostfinlandfranceftp brute forceftp brute-forcegermanygovernment technologyhackingheralding behaviorhoneynet connecthoneytrap honeypothttphttp brute forcehttp scannerics securityidentity & access exploitationindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninformation technologyinfrastructure acquisitionreconnaissanceinitial_accessinjection activityiociot securityiot/ics attackipphoney honeypotit infrastructurelamplamp attacklamp exploit attemptslamp stack targetinglamp_exploitlateral movementlog4jloginlogin attacklogin attemptlogin-brute-forcemailoney honeypotmalicious activitymalicious email activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmanufacturing technologymilitary operationsnational securitynetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnextraynorth americapassword attackpassword attacksphishingphishing attackphishing trapphpping of deathpolandpossible malware probingprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlreconnaissanceregulatory agenciesremote accessremote access attemptsremote servicesresearchedresource hijackingscannerscanning activityscripting attacksscripting languagesecurity operationssecurity policyself-signedsentrypeer botnetsentrypeer detectionservice scansftpsftp access attemptsftp activitysftp attacksftp_attacksipsip brute forcesip scanningsip_attacksmb brute forcesmtp brute forcesmtp scanningsocial engineeringsoftware developmentspamsshssh attackssh monitoringssh_bruteforcesupply chain attacksupply chain managementt1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1185t1187t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588.004t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat-intelligencetor nodetpottpotceudp scanunauthorized access attemptunited statesvietnamvnvoipvoip attackvulnerability scanwebweb app attackweb applicationweb application attackweb application exploitationweb application scanningweb attackweb developmentweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 23Jun 23

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
47
SIGNAL
Signal Score
47%
Confidence
22
Reports
First seenApr 7, 2023
Last seenJun 23, 2026
GeolocationVN
CountryVietnam
LocationQuận Phú Nhuận, Ho Chi Minh
ASNAS151858
OrgInter Group Viet NAM Joint Stock Company
Coords0.0000, 0.0000

VirusTotal

Not checked

WHOIS

description
Score: 80/100. Labels: abuseipdb:clean, cowrie, firehol:unlisted, gti:exported, gti:suspicious, sector:energy. 103.173.227.188 classified as attacker with unclear intent (medium confidence). Origin: enriched. Listed on: AbuseIPDB (clean).
raw
inetnum: 103.173.226.0 - 103.173.227.255 netname: INTERDATA-VN descr: INTER GROUP VIET NAM JOINT STOCK COMPANY descr: 48 Nguyen Thi Huynh, Ward 11, Phu Nhuan District, Ho Chi Minh City, Viet Nam admin-c: TTHM1-AP tech-c: NMC12-AP country: VN mnt-by: MAINT-VN-VNNIC mnt-lower: MAINT-VN-VNNIC mnt-irt: IRT-VNNIC-AP status: ALLOCATED PORTABLE last-modified: 2021-09-29T02:38:05Z source: APNIC irt: IRT-VNNIC-AP address: Ha Noi, VietNam phone: +84-24-35564944 fax-no: +84-24-37821462 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NTTT1-AP tech-c: NTTT1-AP auth: # Filtered mnt-by: MAINT-VN-VNNIC last-modified: 2017-11-08T09:40:06Z source: APNIC person: Nguyen Minh Chau address: INTERDATA-VN country: VN phone: +84-966039166 e-mail: [email protected] nic-hdl: NMC12-AP mnt-by: MAINT-VN-VNNIC last-modified: 2021-09-29T02:33:49Z source: APNIC person: Truong Thi Hong My address: INTERDATA-VN country: VN phone: +84-966039166 e-mail: [email protected] nic-hdl: TTHM1-AP mnt-by: MAINT-VN-VNNIC last-modified: 2021-09-29T02:31:59Z source: APNIC route: 103.173.226.0/23 descr: INTERDATA-VN origin: AS151858 mnt-by: MAINT-VN-VNNIC last-modified: 2025-05-15T07:44:07Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen today
Appeared in 22 threat reports