IOC Radar
IPMediumSignal 50/100

14.39.41.171

Location
Korea, Republic ofKorea, Republic of
Yongsan-gu, 11
ASN
AS4766
Kornet
First Seen
Mar 15, 2024
Last Seen
Apr 7, 2026
Mar 15
First Seen
817d ago
Apr 7
Last Seen
64d ago
25
Reports
source reports
50%
Confidence
medium
5/91
VirusTotal
detections
Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Network Information

CountryKRKorea, Republic of
RegionYongsan-gu, 11
ASNAS4766
OrganizationKornet

Feed Intelligence Summary

25 reports50% confidence
25
Source reports
50%
Confidence score
Category tags
abuseabuseipdbaccessaccount accessaccount compromiseaccount discoveryaccount enumerationaccount lockoutaccount profilingaccount takeoveraccount takeover attemptactive scanactive scanningadbhoney attacksadbhoney honeypotapiasiaatif feedattackaustraliaauthenticationauthentication attackauthentication attacksauthentication brute forceauthentication bypassauto-generated securityazure adbad reputationbanlist feedbelgiumbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsc2 communicationc2 servercisco devicecisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommentcommunication protocolcompromised credentialscompromised hostcompromised hostsconpot honeypotcowriecowrie detectedcowrie honeypotcowrie ssh attackscredential accesscredential brute forcecredential compromisecredential harvestingcredential stuffingcredential-accessctadata exfiltrationdata store exposuredata theftdatabase securityddosdecoy systemdevice managementdionaeadionaea detecteddionaea honeypotdionaea malware analysisdionaea malware collectiondistributed attackselasticpot honeypotelasticsearch monitoringemailemail-protocolenterprise networkingeuropeexecutable fileexploit scanningexploitation activityexploited hostfail2ban logsfail2ban triggerfail2ban triggeredfailed authenticationfinlandfoods and drinksfraud ordersftp brute forcegithubgroupshackingheralding attack patternheralding probinghoneytrap honeypothttp brute forcehttpshunterics securityidentity & access exploitationimagesimapimap attackimap brute forceindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinjection activityintrusion detectioniociot securityiot/ics attackit infrastructurekorea (the republic of)korea, republic ofkrlamplamp stack exploitationlateral movementlogin attacklogin attemptmail servermailoney email attacksmailoney honeypotmalaysiamalicious activitymalicious hostmalicious payload detectionmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualnetworknetwork accessnetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork-protocolnorth americaoceaniapassword attackpassword attacksphishingphishing attackphishing trappngpop3 brute forcepossible malware probesprocess injectionpythonpython script activityransomwarereconnaissanceremote accessremote access attemptremote servicesresearchedresource hijackingrtbhsaslsasl authenticationsasl authentication attacksasl brute forcescams & fraudscannerscannersscanning activityscriptsecurity operationsself-signedsentrypeer botnetsentrypeer probingservice scansftpsftp attacksipsip brute forcesip scanningslugsmtpsmtp attackersmtp brute forcesmtp probingsocial engineeringsoftware developmentsouth koreaspamsshssh attackssh monitoringsurface webt1021t1021.001t1021.002t1021.003t1021.004t1040t1041t1046t1055t1059t1059.001t1059.004t1068t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1195.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1550.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1583.001t1583.006t1587.001t1588t1588.004t1589t1589.002t1590.001t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner web attackstargeting databasetcp brute forcetcp protocoltcp protocol attacktelecommunicationsthreatthreat actorthreat detectionthreat intelligencetor nodeunited kingdomunited statesus source ipvalid accountsvalidatorvncvnc protocolvoipvoip attackvulnerability scanweb application scanning

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
25
Reports
First seenMar 15, 2024
Last seenApr 7, 2026
GeolocationKR
CountryKorea, Republic of
LocationYongsan-gu, 11
ASNAS4766
OrgKornet
Coords37.5944, 126.9864

VirusTotal

5/ 91vendors flagged
5% detection rateJun 8, 2026

WHOIS

description
List of SSH attacking IPs detected by Rimba Siber honeypot.
raw
inetnum: 14.32.0.0 - 14.95.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-03-30T06:39:01Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 14.32.0.0 - 14.95.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://jamesbrine.com.au/vultrwarsaw-ssh-bruteforce-ip-list-2024-04-10/, https://jamesbrine.com.au

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 25 threat reports