IOC Radar
IPMediumSignal 51/100

14.215.183.79

Location
ChinaChina
Guangzhou, Guangdong
ASN
AS4134
Chinanet GD
First Seen
Apr 25, 2024
Last Seen
Apr 23, 2026
Apr 25
First Seen
780d ago
Apr 23
Last Seen
51d ago
7
Reports
source reports
51%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

65 techniques

Network Information

CountryCNChina
RegionGuangzhou, Guangdong
ASNAS4134
OrganizationChinanet GD

Feed Intelligence Summary

7 reports51% confidence
7
Source reports
51%
Confidence score
Category tags
aaaaabuseactiveactive relatedactive scanactive scanningaddressall domainall ipv4analysis dateanalyzeappleappleidaptascii textasiaautomated attackbad reputationbodybotnetbotnet activitybrute forcechinachromeck idclassclickclick-based attackcncode executioncommandcommand and controlcommand executioncookiecredential accesscredential guessingcredential harvestingcredential stuffingctadata exfiltrationdata store exposuredata uploaddefense evasiondeletedelphidevelopment attdistributed attacksdockemailsenter scenumerationexcludeexclude innexclude suggesexcluded icexcluded iocsexploit public-facing applicationexploitation activityextraextrifailedfailed login attemptsfilesfiles ipfindfind sugtfonelabformatftp brute forcehostnarhostnar hostnarhttp attackhttp brute forcehttpshybrididentity & access exploitationiframeincludeinclude datainclude reviewincluded i0included icincluded iocsincluder reviewindicatorinjectioninjection activityinput validation bypassinvalid pointeriocsiosiot securityipadipodipv4ituneslateral movementlazaruslearnlibrary loadelocalmacmacairmacairaustraliamalicious linksmalicious softwaremalwaremanually addmedium riskmitre attmobile threatmonitored targetmost playedmovedmsiemulch virtuamusicmusic streamsmysql brute forcename tacticsnetworknetwork enumerationnetwork intrusionnetwork scanningnetwork securitynext associatedno matchno matchmenorth americaonlvopen thpasswordpathpath traversalphishingphishing attackplayed songsportiana oneypotential compromisepresent aprprocess injectionprotocol exploitationransomwareread creconnaissancerecord valuereferences xrelated pulsesrelated tagsremote accessremote servicesresearchedreview excludereview iocreview locsreview ocsrgbarole titlesa awarenesssabeysamuel tuachssamuel tulachsapevsar cutsc typescanning activityscriptscript urlsse httpsearch otxservice executionservice modsmtp brute forcesocial engineeringsocradarsoftware exploitationsongsspanspawnsssh attackstackstop datastreamstreamsstringssugges datasuggested ossystem discoveryt1018t1020.001t1021t1021.001t1027t1031t1035t1036.004t1040t1045t1046t1053t1055t1055.012t1055.012 list plantingt1057t1059t1069t1069.002t1071t1071.001t1076t1078t1082t1105t1110t1110.002t1119t1129t1143t1155t1187t1189t1190t1203t1204t1204.001t1204.002t1480t1480 executiont1486t1496t1499.002t1499.003t1553t1553.002t1563t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1583t1583.001t1585.001t1588t1590t1591t1591.001t1591.002t1592t1595t1595.001t1595.002t1595.003targettcp includetelnet threatthreat actortor nodetraffic redirectedtulachtwittertyp datatypetype hostnartype indicatorunicodeunitedunited statesunity engineuny teadeuser executionweb application attackweb application exploitationweb securitywritex vercelyara detectionsyoutube

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
7
Reports
First seenApr 25, 2024
Last seenApr 23, 2026
GeolocationCN
CountryChina
LocationGuangzhou, Guangdong
ASNAS4134
OrgChinanet GD
Coords23.1317, 113.2660

VirusTotal

Not checked

WHOIS

description
CC=CN ASN=AS4134 chinanet
raw
inetnum: 14.208.0.0 - 14.223.255.255 netname: CHINANET-GD descr: CHINANET Guangdong province network descr: Data Communication Division descr: China Telecom country: CN admin-c: CH93-AP tech-c: IC83-AP abuse-c: AC1573-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- notify: [email protected] mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-GD mnt-irt: IRT-CHINANET-CN last-modified: 2021-06-15T08:06:06Z source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-24 mnt-by: MAINT-CHINANET last-modified: 2025-09-04T00:59:42Z source: APNIC role: ABUSE CHINANETCN country: ZZ address: No.31 ,jingrong street,beijing address: 100032 phone: +000000000 e-mail: [email protected] admin-c: CH93-AP tech-c: CH93-AP nic-hdl: AC1573-AP remarks: Generated from irt object IRT-CHINANET-CN remarks: [email protected] was validated on 2025-04-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-24T03:21:54Z source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: [email protected] address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN mnt-by: MAINT-CHINANET last-modified: 2022-02-28T06:53:44Z source: APNIC person: IPMASTER CHINANET-GD nic-hdl: IC83-AP e-mail: [email protected] address: NO.18,RO. ZHONGSHANER,YUEXIU DISTRIC,GUANGZHOU phone: +86-20-87189274 fax-no: +86-20-87189274 country: CN mnt-by: MAINT-CHINANET-GD remarks: IPMASTER is not for spam complaint,please send spam complaint to [email protected] abuse-mailbox: [email protected] last-modified: 2021-05-12T09:06:58Z source: APNIC
references
https://www.virustotal.com/graph/gb04f3081a63f45ad943d1b5f7b4f102c290a0e3376444152b5ca8048a0d3a6b7, https://x.com/KulinskiArkadi/status/1896514212723327162, https://www.virustotal.com/graph/g9f3821574ace42c59ed87c3f1f7faa39f1394db9238244e2b3b8d01158b2d423, https://www.virustotal.com/gui/file/574f35c7b1e018c39162a6e2c857ef39563f92b2a89ccefdd9d4149a99dfd624/behavior

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 month ago
Appeared in 7 threat reports