IPMediumSignal 100/100
14.55.31.98
Location
South KoreaJeonju, Jeollabuk-do
ASN
AS4766
Kornet
First Seen
Sep 26, 2022
Last Seen
Apr 7, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountrySouth Korea
South KoreaRegionJeonju, Jeollabuk-do
ASNAS4766
OrganizationKornet
Feed Intelligence Summary
17 reports99% confidence
17
Source reports
99%
Confidence score
Category tags
access controlaccount compromiseactive scanactive scanningaerospace & defenseasiaattackauto-generated securityautomotive manufacturingbotnetbotnet activitybrute forcebrute force attackbrute force attemptcivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolcommunication technologiescredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos attacksdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedistributed attackselectronics manufacturingexploit attemptsexploitation activityftp brute forcegovernment technologyhttp brute forceidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninitiator ipinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackkorea, republic oflateral movementloginmalicious activitymalicious softwaremalwaremalware propagationmalware scanningmanufacturing technologymilitary operationsmirai botnetmobile carriersmobile networksnational securitynetworknetwork attacksnetwork probingnetwork scanningnetwork securitynetwork service scanningnextraypassword attacksphishingphishing attackprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlreconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingscanscannersecurity operationssecurity policyservice scansmtp brute forcesocial engineeringsouth koreasql injection attemptsssh attacksupply chain attacksupply chain managementt1021t1021.001t1021.002t1040t1046t1055t1059t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1588t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp/23telecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor node
Activity Timeline
Apr 7Apr 7
Threat Activity Heatmap
· Peak: 2026-04-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC) represents an immediate and significant threat to organizational security. With a perfect score of 100.0 and no whitelist status, the IP address 14.55.31.98 is strongly associated with malicious activities such as network scanning, brute-force attacks, and potential remote access attempts. If left unaddressed, connections to or from this IP could lead to unauthorized system access, data exfiltration, service disruption, or the deployment of ransomware. Its cont…
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
17
Reports
First seenSep 26, 2022
Last seenApr 7, 2026
GeolocationKR
CountrySouth Korea
LocationJeonju, Jeollabuk-do
ASNAS4766
OrgKornet
Coords35.8396, 127.0671
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 14.32.0.0 - 14.95.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-03-30T06:39:01Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 14.32.0.0 - 14.95.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://jamesbrine.com.au/vultrwarsaw-telnet-bruteforce-ip-list-2023-10-07/, https://jamesbrine.com.au
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 2 months ago
Appeared in 17 threat reports