IOC Radar
IPMediumSignal 56/100

118.70.182.193

Location
VietnamVietnam
Hanoi, Hanoi
ASN
AS18403
Vietnam Internet Network Information Center
First Seen
Oct 30, 2020
Last Seen
Jun 13, 2026
Oct 30
First Seen
2066d ago
Jun 13
Last Seen
13d ago
20
Reports
source reports
56%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
56%
Signal Score
56 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

41 techniques

Network Information

CountryVNVietnam
RegionHanoi, Hanoi
ASNAS18403
OrganizationVietnam Internet Network Information Center

Feed Intelligence Summary

20 reports56% confidence
20
Source reports
56%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotaptasiaattackaustraliaauthentication-attemptsautomated attacksbad reputationbad web botbanner-grabbingblocklistblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebruteforcec2cisco devicecommand & controlcommand and controlcommunication protocolcommunity-sharedconpot honeypotcowrie honeypotcowrie interactionscredential accesscredential harvestingcredential stuffingcredential-stuffingdata exfiltrationdata store exposuredatabase attacksdatabase exploitation attemptdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaea honeypotdionaea interactionsdistributed attackselasticpot honeypotelasticsearch monitoringenterprise networkingexploitexploitation activityexploited hostfattfatt signaturesftpftp brute forceftp brute-forcehackinghoneytrap honeypothoneytrap interactionshttp probinghttp scannerics securityidentity & access exploitationimapimap attackindicatorindustrial control systemsinfected hostinitial accessinjection activityinjection attacksiot attacksiot device targetingiot securityiot/ics attackipphoney honeypotlamplinux-server-attackslogin failuremailoney honeypotmailoney interactionsmalicious activitymalicious softwaremalicious-activitymalwaremalware behaviourmalware botnet activitymalware capturemalware distributionnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork scanningnetwork securitynetwork trafficoceaniap0fp0f signaturespassword attackpassword attackspassword-guessingphishingphishing attackphishing trapping of deathport-scanningprocess injectionprotocol exploitationreconnaissanceredis honeypotremote accessremote servicesresearchedresource hijackingscanscannerscripting attackssensor-taggedsentrypeer botnetsentrypeer interactionsservice scansftp attacksipsip brute forcesip scanningsmtpsmtp attackersmtp probingsocial engineeringspamsshssh attackssh brute-forcessh monitoringsuricata alertst-pott1021t1021.001t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1552.001t1563t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotvietnamvnvoipvoip attackvulnerability scanvulnerability-exploitationweb app attackweb application attackweb application attacksweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
56
SIGNAL
Signal Score
56%
Confidence
20
Reports
First seenOct 30, 2020
Last seenJun 13, 2026
GeolocationVN
CountryVietnam
LocationHanoi, Hanoi
ASNAS18403
OrgVietnam Internet Network Information Center
Coords20.9947, 105.8000

VirusTotal

Not checked

WHOIS

description
Score: 100/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:hacking, abuseipdb:multi-reported, abuseipdb:reported, abuseipdb:ssh. 118.70.182.193 classified as malware delivery infrastructure dropping payloads on compromised hosts (high confidence). Origin: enriched. Observed activity: 1 command sessions (1 commands), 1 malware samples. Listed on: AbuseIPDB (brute-force, critical, hacking).

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 13 days ago
Appeared in 20 threat reports