IOC Radar
IPMediumSignal 78/100

14.33.83.154

Location
Korea, Republic ofKorea, Republic of
Suwon, 41
ASN
AS4766
Kornet
First Seen
Feb 11, 2026
Last Seen
Jun 12, 2026
Feb 11
First Seen
131d ago
Jun 12
Last Seen
10d ago
17
Reports
source reports
78%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
78%
Signal Score
78 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryKRKorea, Republic of
RegionSuwon, 41
ASNAS4766
OrganizationKornet

Feed Intelligence Summary

17 reports78% confidence
17
Source reports
78%
Confidence score
Category tags
abuseactive scanactive scanningaptasiaattackaustraliaauthentication failureautomated attackbad reputationbad web botblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attemptbruteforceciscocisco devicecisco exploitation attemptcisco exploitation attemptscommunication protocolcompromised hostcowriecowrie datacowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea honeypotenterprise networkingenumerationexploitexploitation activityexploited hostfattftpftp brute forceftp brute-forcehackinghoneytrap honeypothttp floodhttp scanneridentity & access exploitationindicatorinfoinformation technologyinitial accessinjection activityiot botnetiot securityiot targetedirc botnetit infrastructurekorea, republic ofkrlogin attemptmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware communicationnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork traffic analysisnoticeoceaniaopenctip0fpassword attacksphishingphishing attackphishing trapping of deathportscanpotential botnet infectionprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote servicesresearchedresource hijackingscannerscannersscanning activitysensor-taggedsentrypeer activitysentrypeer botnetservice scansftpsftp attacksipsip brute forcesip scanningsmtpsocradar honeypotsoftware developmentsouth koreasshssh attackssh monitoringt1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.004t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204t1486t1496t1499.001t1499.002t1499.003t1563t1565t1595t1595.001t1595.002t1595.003tannertcp protocoltelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotvoipvoip attackvulnerability scanweb application attackweb exploitationweb traffic

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
78
SIGNAL
Signal Score
78%
Confidence
17
Reports
First seenFeb 11, 2026
Last seenJun 12, 2026
GeolocationKR
CountryKorea, Republic of
LocationSuwon, 41
ASNAS4766
OrgKornet
Coords37.2345, 127.1968

VirusTotal

Not checked

WHOIS

raw
inetnum: 14.32.0.0 - 14.63.255.255 netname: KORNET descr: Korea Telecom country: KR admin-c: IM667-AP tech-c: IM667-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2025-11-03T08:14:01Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 14.32.0.0 - 14.63.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 10 days ago
Appeared in 17 threat reports