IOC Radar
IPMediumSignal 36/100

125.137.82.118

Location
Korea, Republic ofKorea, Republic of
Suseong-gu, Gyeonggi-do
ASN
AS4766
Korea Telecom
First Seen
Dec 23, 2024
Last Seen
Apr 12, 2026
Dec 23
First Seen
538d ago
Apr 12
Last Seen
62d ago
12
Reports
source reports
36%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
36%
Signal Score
36 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

50 techniques

Network Information

CountryKRKorea, Republic of
RegionSuseong-gu, Gyeonggi-do
ASNAS4766
OrganizationKorea Telecom

IP Category

Proxy
Proxy server

Feed Intelligence Summary

12 reports36% confidence
12
Source reports
36%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningasiaattackbad reputationbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptc2c2 communicationcommand & controlcommand and controlcommunication protocolcompromised hostscredential accesscredential stuffingdata exfiltrationdata store exposureddosddos attacksddos preparationdecoy systemdistributed attacksexploit attemptsexploitation activityftp brute forcehttp scanninghttps scanningidentity & access exploitationindicatorinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackkorea, republic oflateral movementmalicious activitymalicious network activitymalicious softwaremalwaremalware distributionmirai botnetnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork service scanningpassword attacksprocess injectionprotocol exploitationproxyproxy activityreconnaissanceresearchedscanscannersecurity policyservice scansmtp scanningsouth koreassh attackt1003t1005t1016t1018t1021t1021.002t1040t1043t1046t1047t1053t1053.005t1055t1056t1056.001t1059t1059.001t1071t1071.001t1071.002t1071.004t1078t1083t1090t1090.001t1090.002t1090.003t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1497t1499.001t1499.002t1499.003t1550t1552t1555t1556t1565t1573t1595t1595.001t1595.002t1595.003tcp protocoltelnet threatthreat actorthreat intelligencethreat preventiontor node

Activity Timeline

1 total obs
Apr 12Apr 12

Threat Activity Heatmap

· Peak: 2026-04-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
36
SIGNAL
Signal Score
36%
Confidence
12
Reports
First seenDec 23, 2024
Last seenApr 12, 2026
GeolocationKR
CountryKorea, Republic of
LocationSuseong-gu, Gyeonggi-do
ASNAS4766
OrgKorea Telecom
Coords37.3589, 127.1150
Proxy

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 23 Telnet. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
inetnum: 125.128.0.0 - 125.159.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:22:02Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 125.128.0.0 - 125.159.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 12 threat reports