IPMediumSignal 79/100

`122.138.218.90`

Location

China

Jilin, Jilin

ASN

AS4837

CNC Group CHINA169 Jilin Province Network

First Seen

May 29, 2025

Last Seen

Aug 6, 2025

May 29

First Seen

391d ago

Aug 6

Last Seen

322d ago

Reports

source reports

79%

Confidence

medium

Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

79%

Signal Score

79 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

42 techniques

Network Information

Country

China

RegionJilin, Jilin

ASNAS4837

OrganizationCNC Group CHINA169 Jilin Province Network

Feed Intelligence Summary

17 reports79% confidence

Source reports

79%

Confidence score

Category tags

abuseaccess controlactive scanningantispamasiaattackblacklisted ipsbotnetbotnet activitybrute forcebrute force attackchinacommand and controlcommand executioncredential accesscredential stuffingdata encryptiondata exfiltrationdatabase securityddosdecoy systemdenial of servicedhcpdhcp scandistributed attackselasticsearchelasticsearch scanexploit attemptsftpftp brute forcehttp brute forceimapimap scanindicatorinformation gatheringinitial accesslateral movementldapldap brute forcelog4jmalicious activitymalicious softwaremalwaremalware propagationmalware scanningmemcache scanmssqlmssql brute forcenetworknetwork monitoringnetwork probingnetwork protocolnetwork scanningnetwork securityntpntp scanoracleoracle brute forceoracle databasepassword attackspostgres brute forceprocess injectionprotocol exploitationreconnaissanceredis brute forceremote accessremote servicesresearchedscanscannersecurity policyserver exploitationsmb scansmtp brute forcesnmp scansocks5socks5 proxysocks5 scansql injectionsql injection attemptsssh attackt1018t1021t1021.001t1021.002t1040t1046t1055t1059t1059.003t1059.005t1068t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1210t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1588t1595t1595.001t1595.002t1595.003telnet threatthreat actorthreat intelligencethreat preventionvnc protocolvnc scanweb application attackweb exploitation

Activity Timeline

1 total obs

Aug 6Aug 6

Threat Activity Heatmap

· Peak: 2025-08-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Threat ScoreHigh Risk

SIGNAL

Signal Score

79%

Confidence

Reports

First seenMay 29, 2025

Last seenAug 6, 2025

GeolocationCN

CountryChina

LocationJilin, Jilin

ASNAS4837

OrgCNC Group CHINA169 Jilin Province Network

Coords45.6167, 122.8167

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

medium

First detected 1 year ago · Last seen 10 months ago

Appeared in 17 threat reports