IOC Radar
IPMediumSignal 72/100

115.21.72.248

Location
Korea, Republic ofKorea, Republic of
Yangcheon-gu, Gyeonggi-do
ASN
AS4766
Kornet
First Seen
Sep 6, 2025
Last Seen
May 30, 2026
Sep 6
First Seen
289d ago
May 30
Last Seen
23d ago
21
Reports
source reports
72%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryKRKorea, Republic of
RegionYangcheon-gu, Gyeonggi-do
ASNAS4766
OrganizationKornet

Feed Intelligence Summary

21 reports72% confidence
21
Source reports
72%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningaggressive-detectionapacheapache attackerasiaattackaustraliaauthenticationauthentication abuseauthentication attackauthentication-attemptsautomated attackautomated attacksautomated threatbad reputationbad web botblocklist_allblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2 trafficcisco devicecivil servicescliftoncloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommunication protocolcompromised credentialsconnection-resetcowrie honeypotcredential accesscredential guessingcredential harvestingcredential stuffingcredential-stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandionaea honeypotemerging threatsenterprise networkingeuropeexfiltrationexploitexploit kitexploitation activityexploited hostfailed loginfattftpftp brute forceftp brute-forcegovernment technologyhackinghoneytrap honeypothttp scannerhttpsidentity & access exploitationindicatorinformation technologyinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot targetedipv4it infrastructurekill-chain exploitationkill-chain reconnaissancekorea, republic ofkrlamplinux systemslinux-server-attackslow-riskmailoney honeypotmalaysiamalicious activitymalicious sftp activitymalicious ssh activitymalicious-activitymalwaremalware behaviourmalware capturemalware distributionnetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnoticeoceaniaosintp0fpassword attackspassword-guessingphishingphishing attackphishing trapping of deathport-scanningportscanprotocol exploitationprotocol-probingpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceredis honeypotregulatory agenciesremote accessremote servicesresearchedresource hijackingscanscannerscannerssecurity operationssecurity policysensor-taggedsentrypeer botnetservice scansftp attacksip scanningsipvicious scanningsocial engineeringsocradar honeypotsoftware developmentsoftware exploitationsouth koreaspamsshssh attackssh monitoringssh scanningt-pott1021t1021.004t1027t1040t1041t1046t1053t1059t1059.003t1071t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1552.001t1566t1566.001t1566.002t1566.003t1567t1588t1589t1589.002t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunauthorized access attemptunited kingdomvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb exploitationweb serversweb spamweb traffic

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
21
Reports
First seenSep 6, 2025
Last seenMay 30, 2026
GeolocationKR
CountryKorea, Republic of
LocationYangcheon-gu, Gyeonggi-do
ASNAS4766
OrgKornet
Coords37.3654, 127.1220

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force SSH on DigitalOcean Toronto (CA) honeypot
raw
inetnum: 115.0.0.0 - 115.23.255.255 netname: KORNET descr: Korea Telecom country: KR admin-c: IM667-AP tech-c: IM667-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2019-04-29T04:00:27Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 115.0.0.0 - 115.23.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 23 days ago
Appeared in 21 threat reports