IPMediumSignal 58/100
125.135.169.171
Location
Korea, Republic ofChangwon, 48
ASN
AS4766
Kornet
First Seen
Apr 30, 2026
Last Seen
May 22, 2026
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionChangwon, 48
ASNAS4766
OrganizationKornet
Feed Intelligence Summary
7 reports58% confidence
7
Source reports
58%
Confidence score
Category tags
abusech-urlhaus-c2cactive scanaptarmasiabad reputationbad web botbotnet activitybotnet campaignsc2coinminercommand & controlcryptocurrencyddosddos attackdropped-by-amadeydropped-by-phorpiexelfexeexecutable filegafgytindicatorinfostealerkashmirblackkinsingkorea, republic ofkrm68kmalwaremass scanningmipsmiraimoobotmozinetworkopendirphp vulnerabilityphpunitpowerpcrarredtailremote code executionremusstealerresearchedrustystealerscams & fraudscannerscriptself-signedshsmartloadersmoke loadersouth koreasparcsuperhsysrvt1018t1027t1046t1059t1059.004t1071t1071.001t1082t1083t1087t1105t1133t1190t1505t1505.003t1595t1595.002t1608t1608.001threat actorua-wgetvulnerability scanweb application securityx86zip
Activity Timeline
May 22May 22
Threat Activity Heatmap
· Peak: 2026-05-22LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
7
Reports
First seenApr 30, 2026
Last seenMay 22, 2026
GeolocationKR
CountryKorea, Republic of
LocationChangwon, 48
ASNAS4766
OrgKornet
Coords35.2733, 128.6530
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 125.128.0.0 - 125.159.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:22:02Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 125.128.0.0 - 125.159.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://urlhaus.abuse.ch/browse/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 month ago · Last seen 1 month ago
Appeared in 7 threat reports