IOC Radar
IPLowSignal 75/100

112.72.133.74

Location
Korea, Republic ofKorea, Republic of
Cheongju-si, 43
ASN
AS9319
HYUNDAI COMMUNICATIONS & NETWORK
First Seen
May 19, 2025
Last Seen
Feb 15, 2026
May 19
First Seen
387d ago
Feb 15
Last Seen
115d ago
8
Reports
source reports
75%
Confidence
low
0/91
VirusTotal
detections
Found in 8 reports. Confidence: low. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryKRKorea, Republic of
RegionCheongju-si, 43
ASNAS9319
OrganizationHYUNDAI COMMUNICATIONS & NETWORK

Feed Intelligence Summary

8 reports75% confidence
8
Source reports
75%
Confidence score
Category tags
abuseactive scanningasiabotnetbrute forcebrute force attackcommand and controlcommunication technologiesconnected devicescredential accesscredential stuffingdata exfiltrationddosdefault credentialsdenial of servicedevice managementdistributed attacksexploit attemptsftp brute forceglobalhttp brute forceindicatorindustrial iotinternet of thingsiot analyticsiot applicationsiot platformsiot securityiot targetedkorea, republic oflateral movementmalicious softwaremalwaremalware propagationmalware scanningmirai variantmobile carriersmobile networksnetworknetwork probingnetwork scanningnetwork securitypassword attacksprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedrouter exploitationscannerscanning activitysmart devicessmtp brute forcesouth koreasql injection attemptsssh attackt1021t1021.001t1021.002t1040t1046t1055t1059t1059.001t1068t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1210t1486t1496t1497.001t1499.002t1499.003t1550.002t1555.003t1563t1565t1588t1595t1595.001t1595.002t1595.003telecom servicestelecommunicationstelnet threatvoipweak passwords

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
8
Reports
First seenMay 19, 2025
Last seenFeb 15, 2026
GeolocationKR
CountryKorea, Republic of
LocationCheongju-si, 43
ASNAS9319
OrgHYUNDAI COMMUNICATIONS & NETWORK
Coords36.6387, 127.4702

VirusTotal

0/ 91vendors flagged
0% detection rateJun 8, 2026

WHOIS

description
Security researchers have uncovered a global botnet campaign targeting VoIP- enabled routers that are configured with default or weak Telnet passwords. This botnet exhibits characteristics similar to the Mirai botnet. It was initially detected in rural New Mexico and later traced to over 500 infected systems worldwide. The threat highlights how exposed and poorly secured VoIP infrastructure is being exploited to power large-scale botnets. Organizations that rely on VoIP technology especially utilities and ISPs face an immediate risk if their devices are internet facing and not properly secured.
raw
inetnum: 112.72.128.0 - 112.72.255.255 netname: HCN descr: HYUNDAI COMMUNICATIONS NETWORK country: KR admin-c: IM699-AP tech-c: IM699-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2019-04-29T07:39:49Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Seoul Mapo-gu Maebongsan-ro 75 country: KR phone: +82-2-1877-8000 e-mail: [email protected] nic-hdl: IM699-AP mnt-by: MNT-KRNIC-AP last-modified: 2025-02-13T00:54:03Z source: APNIC inetnum: 112.72.128.0 - 112.72.255.255 netname: HCN-KR descr: HYUNDAI COMMUNICATIONS NETWORK country: KR admin-c: IA82-KR tech-c: IM82-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Seoul Mapo-gu Maebongsan-ro 75 address: HCN country: KR phone: +82-2-1877-8000 e-mail: [email protected] nic-hdl: IA82-KR mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Seoul Mapo-gu Maebongsan-ro 75 address: HCN country: KR phone: +82-2-1877-8000 e-mail: [email protected] nic-hdl: IM82-KR mnt-by: MNT-KRNIC-AP remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

low
First detected 1 year ago · Last seen 3 months ago
Appeared in 8 threat reports