IOC Radar
IPMediumSignal 55/100

121.170.218.142

Location
Korea, Republic ofKorea, Republic of
Geumcheon-gu, Gyeonggi-do
ASN
AS4766
Korea Telecom
First Seen
Dec 18, 2021
Last Seen
Jun 7, 2026
Dec 18
First Seen
1640d ago
Jun 7
Last Seen
7d ago
31
Reports
source reports
55%
Confidence
medium
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryKRKorea, Republic of
RegionGeumcheon-gu, Gyeonggi-do
ASNAS4766
OrganizationKorea Telecom

Feed Intelligence Summary

31 reports55% confidence
31
Source reports
55%
Confidence score
Category tags
abuseabuseipdbaccessaccess controlaccount accessaccount compromiseaccount enumerationactive scanactive scanningadbhoney attacksadbhoney honeypotadresse ipapiapplication layer protocolasiaatif feedattackattack_vector:brute_forceattacker-ipauthenticationauthentication abuseauthentication attackauthentication_protocolauto-generated securityazure adbad reputationbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblocklistblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2 communicationc2 servercisco devicecisco exploitation attemptscloud account securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommentcommunication protocolcompromised credentialscompromised hostcompromised hostsconpot honeypotcowriecowrie detectedcowrie honeypotcowrie ssh attackscredential accesscredential brute forcecredential brute forcingcredential compromisecredential harvestingcredential stuffingcredential_accesscredit card servicesctacyber securitydata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdefensedenial of servicedevice managementdionaeadionaea detecteddionaea honeypotdionaea malware collectiondistributed attacksemailemerging threatsenterprise networkingentra ideuropeexecutable fileexploitation activityexploitation attemptexploited hostfin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftpftp brute forcegame_servergermanygithubgroupshackingheralding probinghoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttpshunterics securityidentity & access exploitationimagesimapimap attackimap brute forceindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniociot securityiot/ics attackit infrastructurekorea (the republic of)korea, republic ofkrlamplamp stack exploitationlateral movementloginlogin attacklogin attemptlogin brute forcemail servermailoney email attacksmailoney honeypotmalaysiamalicious activitymalicious hostmalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmicrosoft entramicrosoft entra idmultiple accountsmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork layer protocolnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork:tcpnextraynorth americanull scanopen port identificationopenctipassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackphishing trappngpolandpop3 brute forcepossible malware probesprocess injectionprotocol exploitationprotocol:imapprotocol:pop3protocol:saslprotocol:smtppythonransomwarereconnaissanceremote accessremote servicesremote_accessresearchedresource hijackingrtbhsaslsasl authenticationsasl brute forcescannerscannersscanning activityscriptsecurity operationssecurity policysentrypeer botnetsentrypeer probingservice enumerationservice scansftpsftp attacksipsip brute forcesip scanningslugsmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringsoftware developmentsouth koreaspamsshssh attackssh monitoringstaging_serversurface webswedensyn scant1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1134t1187t1190t1195.001t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583.001t1587.001t1588t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner web attackstcptcp brute forcetcp protocoltcp scantcp/22telecommunicationstelnettelnet threatthreatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunited kingdomunited statesvalid accountsvalidatorvncvnc protocolvoidtrapvoipvoip attackvulnerability scanwealth managementweb application attackweb application scanningweb exploitationweb spamweb trafficxmas scan

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
31
Reports
First seenDec 18, 2021
Last seenJun 7, 2026
GeolocationKR
CountryKorea, Republic of
LocationGeumcheon-gu, Gyeonggi-do
ASNAS4766
OrgKorea Telecom
Coords37.4444, 126.8650

VirusTotal

Not checked

WHOIS

description
List of SSH attacking IPs detected by Rimba Siber honeypot.
raw
inetnum: 121.160.0.0 - 121.191.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:22:01Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 121.160.0.0 - 121.191.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://purplesynapz.com/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, ip.txt, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 7 days ago
Appeared in 31 threat reports