IOC Radar
IPMediumSignal 38/100

121.130.79.75

Location
Korea, Republic ofKorea, Republic of
Seongdong-gu, 11
ASN
AS4766
Korea Telecom
First Seen
Mar 12, 2025
Last Seen
Apr 1, 2026
Mar 12
First Seen
468d ago
Apr 1
Last Seen
83d ago
10
Reports
source reports
38%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
38%
Signal Score
38 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryKRKorea, Republic of
RegionSeongdong-gu, 11
ASNAS4766
OrganizationKorea Telecom

Feed Intelligence Summary

10 reports38% confidence
10
Source reports
38%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningasiaattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptc2c2 communicationcommand & controlcommand and controlcommunication protocolcompromised devicecompromised hostcompromised systemcredential accesscredential stuffingdata exfiltrationdata store exposureddosddos attacksddos participationdecoy systemdenial of servicedistributed attacksexploit activityexploitation activityexploited hosthackingidentity & access exploitationindicatorinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackkorea (the republic of)korea, republic ofkrmalicious activitymalicious domainmalicious network activitymalicious softwaremalwaremirai botnetnetworknetwork attacksnetwork intrusionnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficpassword attacksprocess injectionprotocol exploitationransomwarereconnaissanceresearchedscanscannersecurity policyself-signedservice scansocradar honeypotsouth koreassh attackt1021.001t1021.002t1040t1046t1055t1056.001t1059.001t1071t1071.001t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566t1573t1573.001t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodeweb application attackweb exploitation

Activity Timeline

1 total obs
Apr 1Apr 1

Threat Activity Heatmap

· Peak: 2026-04-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
38
SIGNAL
Signal Score
38%
Confidence
10
Reports
First seenMar 12, 2025
Last seenApr 1, 2026
GeolocationKR
CountryKorea, Republic of
LocationSeongdong-gu, 11
ASNAS4766
OrgKorea Telecom
Coords37.5478, 127.0842

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 23 Telnet. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 121.128.0.0 - 121.159.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:22:00Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 121.128.0.0 - 121.159.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 10 threat reports