IOC Radar
IPMediumSignal 100/100

123.23.10.83

Location
VietnamVietnam
Hanoi, 50
ASN
AS45899
Vietnam Posts and Telecommunications Group
First Seen
Apr 1, 2025
Last Seen
Jan 31, 2026
Apr 1
First Seen
437d ago
Jan 31
Last Seen
132d ago
9
Reports
source reports
99%
Confidence
medium
9/91
VirusTotal
detections
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

72 techniques

Network Information

CountryVNVietnam
RegionHanoi, 50
ASNAS45899
OrganizationVietnam Posts and Telecommunications Group

Feed Intelligence Summary

9 reports99% confidence
9
Source reports
99%
Confidence score
Category tags
/32 ip addressabuseaccess attemptaccess controlaccount accessaccount discoveryaccount profilingaccount takeoveractive scanningamadeyapplication accessarmasciiasiaasyncratattackattack campaignattack vector: networkattempted compromiseauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication: brute forceautomated attackautomated brute forcebackdoorbankingbase64base64-loaderbitbucketbookingbotnetbotnetdomainbrute forcebrute force attackbrute force attemptbrute force attemptscensyscobaltstrikecoinminercommand and controlcommand executioncommunication protocolcommunication technologiescompromise attemptcompromise credentialscompromised credentialsconfigconnected devicescredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential theft attemptcredentialscredit card servicescryptocurrency threatscryptojackingcvecvssdarkclouddarktortilladarkvisionratdata exfiltrationdbatloaderddosddos attacksddosagentdecoy systemdevice managementdistributed attacksdlldragonforceelfencodedenterprise securityeuropeeurope/asiaexeexploit public-facing applicationextensionexternal originexternal remote servicesfailed authenticationfailed loginfakecaptchafinancefinancial servicesfinancial technologyfloodergafgytgodloadergroupedguloaderhajimehtaindicatorindustrial iotinformation stealerinfostealerinfrastructure impairmentingress tool transferinitial accessinternet of thingsiocsiotiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attacklateral movementlazaruslnklog analysisloginlogin attacklogin attemptlogin attemptslogin brute forcelogin brute-forcelogin brutinglogin credentialslogin failurelummastealermalicious activitymalicious powershell activitymalicious softwaremalwaremeterpretermipsmirai botnetmobile carriersmobile networksmodiloadermoobotmozimozi linkmsixmtnnetworknetwork accessnetwork attacksnetwork behaviornetwork boundarynetwork brute forcenetwork devicenetwork enumerationnetwork exploitationnetwork intrusionnetwork intrusion attemptnetwork intrusion detectionnetwork loginnetwork login attemptnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork servicenetwork service exploitationnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnorth americaopendirorcusratos credential dumpingpassword attackpassword attackspassword brute forcepassword crackingpatch managementpayment processingphemedronestealerphishing attackphishing campaignpovertystealerprocess injectionprotocol exploitationps1quasarratransomwarerarratreconnaissanceredlinestealerremcos trojanremcosratremote accessremote access abuseremote access attemptremote access serviceremote access trojanremote authenticationremote loginremote serviceremote servicesresearchedresource hijackingrev-base64-loaderrussiasaint helena, ascension and tristan da cunhascanning activityscriptscripting attackssecurity operationssingle ipsingle ip attacksingle ip sourcesingle sourcesingle source ipsliversmart devicessmartloadersnakekeyloggersocial engineeringsoftware vulnerabilitiesssh attackssh servicesshdkitstealcstealerstolen credentialssystem accesst1005t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1048t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1086t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1204t1204.002t1486t1496t1499.002t1499.003t1547t1550t1550.002t1550.003t1555t1555.001t1555.002t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003t1567t1573t1574t1588t1588.002t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003tcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencetrojan malwareua-wgetukraineunauthorized accessunauthorized access attemptunauthorized loginunited statesunited states ipunited states sourceurlsurls httpus /32us based attackus based attackerus based attackersus ip addressus ip sourceus sourceus source ipus-based attackusa ip addressuser discoveryuser enumerationuser executionvalid accountsvidarviet namvietnamvisionwealth managementweekwsgidavxenoratxml-opendirxmrigxwormzip

Activity Timeline

1 total obs
Jan 31Jan 31

Threat Activity Heatmap

· Peak: 2026-01-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
9
Reports
First seenApr 1, 2025
Last seenJan 31, 2026
GeolocationVN
CountryVietnam
LocationHanoi, 50
ASNAS45899
OrgVietnam Posts and Telecommunications Group
Coords10.2344, 106.3841

VirusTotal

9/ 91vendors flagged
10% detection rateJun 8, 2026

WHOIS

description
IP addresses associated with URL injected into SSH honeypot
raw
inetnum: 123.16.0.0 - 123.31.255.255 netname: VNPT-VN descr: Vietnam Posts and Telecommunications Group descr: No 57, Huynh Thuc Khang Street, Lang Ha ward, Dong Da district, Ha Noi City country: VN admin-c: PTH13-AP tech-c: PTH13-AP status: ALLOCATED PORTABLE mnt-by: MAINT-VN-VNNIC mnt-lower: MAINT-VN-VNPT mnt-routes: MAINT-VN-VNPT last-modified: 2018-01-25T03:55:17Z mnt-irt: IRT-VNNIC-AP source: APNIC irt: IRT-VNNIC-AP address: Ha Noi, VietNam phone: +84-24-35564944 fax-no: +84-24-37821462 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NTTT1-AP tech-c: NTTT1-AP auth: # Filtered mnt-by: MAINT-VN-VNNIC last-modified: 2025-09-04T05:18:22Z source: APNIC person: Pham Tien Huy address: VNPT-VN country: VN phone: +84-24-37741604 e-mail: [email protected] nic-hdl: PTH13-AP mnt-by: MAINT-VN-VNPT last-modified: 2017-11-19T07:06:20Z source: APNIC route: 123.23.0.0/20 descr: VietNam Post and Telecom Corporation (VNPT) descr: VNPT-AS-AP country: VN origin: AS45899 remarks: mailto: [email protected] notify: [email protected] mnt-by: MAINT-VN-VNPT last-modified: 2010-08-10T08:20:16Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 9 threat reports