IPMediumSignal 77/100

`156.243.244.27`

Location

Japan

Tokyo, Tokyo

ASN

AS61112

Akile LTD

First Seen

Jan 29, 2025

Last Seen

Mar 30, 2026

Jan 29

First Seen

497d ago

Mar 30

Last Seen

72d ago

Reports

source reports

77%

Confidence

medium

14/91

VirusTotal

detections

Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

77%

Signal Score

77 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

38 techniques

Network Information

Country

Japan

RegionTokyo, Tokyo

ASNAS61112

OrganizationAkile LTD

Feed Intelligence Summary

16 reports77% confidence

Source reports

77%

Confidence score

Category tags

abuseactive scanactive scanningadversary simulation toolaptasiabad reputationbeaconbeaconing activitybotnetbotnet activitybrute forcec2c2 frameworkcensyscobaltstrikecommand & controlcommand and controlcommunication protocolcredential harvestingcredential stuffingctadata exfiltrationdata store exposuredistributed attacksexploitation activityexternal network scanexternal reconnaissanceidentity & access exploitationindicatorinformation gatheringinfrastructure acquisitionreconnaissanceinjection activityjapanjplateral movementlateral movement techniquesmalicious softwaremalwaremanualnetworknetwork attacksnetwork discoverynetwork probingnetwork reconnaissancenetwork scanningnorth americapayload deploymentpayload generationpenetration testing toolphishingphishing attackpost-exploitationpost-exploitation activitiespotential vulnerability scanpotential vulnerability scanningprocess injectionransomwarereconnaissanceresearchedscannerservice discoveryshellcodesocial engineeringt1003t1016t1018t1027t1040t1041t1046t1047t1055t1059t1059.001t1071t1071.001t1078t1083t1090t1090.001t1105t1190t1210t1486t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1567t1573t1573.001t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003tcp protocolthreat actortor nodeunited statesunknown portvulnerability scan

Activity Timeline

1 total obs

Mar 30Mar 30

Threat Activity Heatmap

· Peak: 2026-03-30

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, signals a significant and active threat that demands immediate attention. With a high score of over 76, it is strongly associated with command and control (C2) infrastructure, particularly linked to Cobalt Strike, a versatile penetration testing tool frequently leveraged by sophisticated threat actors for malicious campaigns. The potential impact on an organization includes data manipulation, denial of service attacks, unauthorized data exfilt…

Threat ScoreHigh Risk

SIGNAL

Signal Score

77%

Confidence

Reports

First seenJan 29, 2025

Last seenMar 30, 2026

GeolocationJP

CountryJapan

LocationTokyo, Tokyo

ASNAS61112

OrgAkile LTD

Coords35.6895, 139.6923

VirusTotal

14/ 91vendors flagged

15% detection rateJun 3, 2026

WHOIS

description: Host scanning unknown application ports (Web, SMB, SSH, TELNET, ... are in other pulses). Details in pulse
raw: inetnum: 156.0.0.0 - 156.255.255.255 netname: ERX-NETBLOCK descr: Early registration addresses remarks: ------------------------------------------------------ remarks: Important: remarks: remarks: Networks in this range were allocated by InterNIC remarks: prior to the formation of Regional Internet remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC. remarks: remarks: Address ranges from this historical space have now remarks: been transferred to the appropriate RIR database.remarks: remarks: If your search has returned this record, it means the remarks: address range is not administered by APNIC. remarks: remarks: Instead, please search one of the following databases: remarks: remarks: - AfriNIC (Africa) remarks: website: http://www.afrinic.net/ remarks: command line: whois.afrinic.net remarks: remarks: - ARIN (Northern America) remarks: website: http://www.arin.net/ remarks: command line: whois.arin.net remarks: remarks: - LACNIC (Latin America and the Carribean) remarks: website: http://www.lacnic.net/ remarks: command line: whois.lacnic.net remarks: remarks: - RIPE NCC (Europe) remarks: website: http://www.ripe.net/ remarks: command line: whois.ripe.net remarks: remarks: For information on the Early Registration Transfer remarks: (ERX) project, see: remarks: remarks: http://www.apnic.net/db/erx remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: APNIC-HM mnt-lower: APNIC-HM status: ALLOCATED PORTABLE last-modified: 2015-08-28T00:31:25Z source: APNIC mnt-irt: IRT-APNIC-AP irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP auth: # Filtered remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 mnt-by: APNIC-HM last-modified: 2023-08-18T00:42:38Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC

`156.243.244.27`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy