IOC Radar
IPMediumSignal 54/100

115.21.205.37

Location
Korea, Republic ofKorea, Republic of
Incheon, Gyeonggi-do
ASN
AS4766
Kornet
First Seen
Mar 3, 2025
Last Seen
May 10, 2026
Mar 3
First Seen
467d ago
May 10
Last Seen
34d ago
15
Reports
source reports
54%
Confidence
medium
1/91
VirusTotal
detections
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

88 techniques

Network Information

CountryKRKorea, Republic of
RegionIncheon, Gyeonggi-do
ASNAS4766
OrganizationKornet

IP Category

VPN
VPN exit node

Feed Intelligence Summary

15 reports54% confidence
15
Source reports
54%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotaptasiaattackattempted exploitationaustraliaautomated attackbad reputationbotnetbotnet activitybotnet activity detectedbotnet activity detectionbotnet indicatorsbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc&c communicationc2c2 communicationcisco devicecommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostscompromised systemcompromised systemscowrie detectioncowrie honeypotcredential accesscredential compromisecredential harvestingcredential stuffingcredential theftdata encryptiondata exfiltrationdata store exposuredatabase securityddosddos activityddos attackddos attacksddos botnetdecoy systemdenial of servicedevice managementdionaea detectiondionaea honeypotdistributed attacksdnsdns attackencryptionenterprise networkingeuropeexploitexploit attemptsexploitation activityexploitation attemptsfattfinlandfranceftpftp attacksftp brute forcegermanyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttp scanningidentity & access exploitationindicatorindicators of compromiseinformation technologyinitial accessinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackit infrastructurekorea, republic ofkrlamplamp exploit attemptslateral movementlogin attemptmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware indicatorsmirai botnetmssqlmssql brute forcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork-based attack attemptsnorth americaoceaniap0fpassword attackpassword attacksphishingphishing attackphishing campaignphishing trappolandpossible malware propagationprocess injectionprotocol exploitationrdp attacksreconnaissanceremote accessremote servicesresearchedresource hijackingscanscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetserver exploitationservice scansftp attacksftp attemptsip brute forcesmb brute forcesmtpsmtp attackssmtp brute forcesocial engineeringsoftware developmentsouth koreaspamspam botnetspam campaignsspam sendingsql injectionssh attackssh attacksssh monitoringt1003t1003.001t1003.002t1003.003t1003.004t1003.005t1003.006t1003.007t1003.008t1005t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1068t1070t1070.001t1070.002t1070.003t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.002t1078.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1555.001t1555.002t1555.003t1555.004t1555.005t1555.006t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1568.002t1571t1573t1573.001t1573.002t1590t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpottraffic anomalyudp scanunauthorized accessunauthorized access attemptunited statesurlsvnc protocolvoipvoip attackvpnvpn ipvulnerability scanweb application attackweb attackweb exploitationweb traffic

Activity Timeline

1 total obs
May 10May 10

Threat Activity Heatmap

· Peak: 2026-05-10
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
15
Reports
First seenMar 3, 2025
Last seenMay 10, 2026
GeolocationKR
CountryKorea, Republic of
LocationIncheon, Gyeonggi-do
ASNAS4766
OrgKornet
Coords37.3654, 127.1220
VPN

VirusTotal

1/ 91vendors flagged
1% detection rateJun 9, 2026

WHOIS

raw
inetnum: 115.0.0.0 - 115.23.255.255 netname: KORNET descr: Korea Telecom country: KR admin-c: IM667-AP tech-c: IM667-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2019-04-29T04:00:27Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 115.0.0.0 - 115.23.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 15 threat reports