IOC Radar
IPMediumSignal 62/100

125.139.124.120

Location
Korea, Republic ofKorea, Republic of
Daejeon, Gyeonggi-do
ASN
AS4766
Kornet
First Seen
Mar 11, 2024
Last Seen
Jun 2, 2026
Mar 11
First Seen
821d ago
Jun 2
Last Seen
8d ago
27
Reports
source reports
62%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

61 techniques

Network Information

CountryKRKorea, Republic of
RegionDaejeon, Gyeonggi-do
ASNAS4766
OrganizationKornet

Feed Intelligence Summary

27 reports62% confidence
27
Source reports
62%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount accessaccount compromiseaccount discoveryaccount enumerationaccount lockoutaccount profilingaccount takeoveraccount takeover attemptactive scanactive scanningactive-attackadresse ipaptasiaatif feedattackattack source ipattacker ip addressesattacker-ipauthenticationauthentication abuseauthentication attackauthentication attemptauthentication brute forceauthentication failure analysisauthentication-failureauto-generated securityazure adbad reputationbad web botbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebruteforcec2 communicationc2 serverchinacloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud securitycloud service attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscowriecowrie datacowrie honeypotcredential accesscredential attackcredential brute forcecredential compromisecredential harvestingcredential stuffingcredential-accesscredential-dumpingcredential-harvestingcredit card servicesctadata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdenial of servicedigital oceandistributed attacksemail-protocolenv-huntingeuropeexploitation activityexploited hostexternal reconnaissanceexternal remote servicesfailed authenticationfinancefinancial servicesfinancial technologyfinlandfnt-secure-sentinelfnt-sentinelfoods and drinksfrancefraud ordersftpftp brute forceftp brute-forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial access preparationinjection activityinternet facing assetsintrusion detectioniocipv4ipv4 iocipv4 scanningipv4-indicatorsit infrastructurejapankorea (the republic of)korea, republic ofkrlateral movementlcialogin attacklogin attemptlogin attemptsmail servermalaysiamalicious activitymalicious softwaremalicious-ipmalwaremalware distributionmanualmicrosoft entra idmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork brute forcenetwork enumerationnetwork intrusionnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-protocolnginxnorth americaopenctipassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote access attemptremote servicesremote-accessresearchedresource hijackingrtbhsaslsasl authenticationsasl brute forcescams & fraudscannerscannersscanning activitysecurity alertsecurity eventsecurity operationssecurity policyservice scansftp access attemptsftp attacksingaporesmb brute forcesmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsoftware developmentsouth koreaspamsshssh attackssh monitoringssh-brutet-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1567t1573t1573.001t1583.006t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tcp attacktcp brute forcetcp protocoltcp scantcp scanningtcp/iptelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodetpotturkeyudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptsunauthorized-accessunited kingdomunited statesvalid accountsvoidtrapvulnerability scanwealth managementwebweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
27
Reports
First seenMar 11, 2024
Last seenJun 2, 2026
GeolocationKR
CountryKorea, Republic of
LocationDaejeon, Gyeonggi-do
ASNAS4766
OrgKornet
Coords37.3654, 127.1220

VirusTotal

Not checked

WHOIS

description
Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
raw
inetnum: 125.128.0.0 - 125.159.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:22:02Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 125.128.0.0 - 125.159.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://list.rtbh.com.tr/output.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 8 days ago
Appeared in 27 threat reports