IOC Radar
IPMediumSignal 100/100

118.44.172.84

Location
South KoreaSouth Korea
Chungju, North Chungcheong
ASN
AS4766
Chungbukbonbujang
First Seen
Dec 26, 2024
Last Seen
Feb 20, 2026
Dec 26
First Seen
536d ago
Feb 20
Last Seen
115d ago
18
Reports
source reports
99%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryKRSouth Korea
RegionChungju, North Chungcheong
ASNAS4766
OrganizationChungbukbonbujang

Feed Intelligence Summary

18 reports99% confidence
18
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningadbhoney honeypotasiaatif feedattackauto-generated securitybanlist feedbinary defensebotnetbrute forcebrute force attackcisco devicecommand and controlcommunication protocolconpot honeypotcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdatabase securitydecoy systemdevice managementdionaea honeypotdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingics securityindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceiot/ics attackkorea (the republic of)korea, republic ofkrmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemanualnetworknetwork infrastructurenetwork scanningnetwork securitynetwork service scanningpassword attacksphishing attackprocess injectionreconnaissanceremote servicesresearchedresource hijackingscannersecurity policysentrypeer botnetsftp attacksip brute forcesocial engineeringsouth koreassh attackssh monitoringt1021t1021.001t1040t1041t1046t1053.005t1055t1059t1059.004t1071.001t1078t1078.002t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1587.001t1588t1588.002t1590.001t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat intelligencethreat preventionvoipvoip attack

Activity Timeline

1 total obs
Feb 20Feb 20

Threat Activity Heatmap

· Peak: 2026-02-20
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
18
Reports
First seenDec 26, 2024
Last seenFeb 20, 2026
GeolocationKR
CountrySouth Korea
LocationChungju, North Chungcheong
ASNAS4766
OrgChungbukbonbujang
Coords36.6370, 127.4339

VirusTotal

Not checked

WHOIS

description
Unknown source type: miniprint
raw
inetnum: 118.32.0.0 - 118.63.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:21:59Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 118.32.0.0 - 118.63.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 18 threat reports