IOC Radar
IPMediumSignal 40/100

175.123.187.93

Location
Korea, Republic ofKorea, Republic of
Seoul, Seoul-teukbyeolsi
ASN
AS9318
broadNnet
First Seen
Dec 1, 2024
Last Seen
Mar 28, 2026
Dec 1
First Seen
569d ago
Mar 28
Last Seen
87d ago
16
Reports
source reports
40%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryKRKorea, Republic of
RegionSeoul, Seoul-teukbyeolsi
ASNAS9318
OrganizationbroadNnet

Feed Intelligence Summary

16 reports40% confidence
16
Source reports
40%
Confidence score
Category tags
abuseaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningasiaattackaustraliaauthenticationauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptcommand and controlcommunication protocolcommunication technologiescompromised credentialscompromised hostcowrie honeypotcredential accesscredential stuffingctadata exfiltrationdata store exposureddosdecoy systemdenial of servicedistributed attackseuropeexfiltrationexploit attemptsexploitation activityfail2ban eventftpftp brute forcehttp brute forcehttp scanneridentity & access exploitationindicatorinitial accessinjection activityiockorea (the republic of)korea, republic ofkrlateral movementlogin attackmalicious activitymalicious softwaremalwaremalware propagationmalware scanningmobile carriersmobile networksnetworknetwork accessnetwork intrusionnetwork probingnetwork scanningnetwork traffic analysisoceaniapassword attackpassword attacksprocess injectionreconnaissanceremote accessremote servicesresearchedscannerscanning activitysecurity operationssecurity policysftp attacksmtp brute forcesouth koreasql injection attemptsssh attackssh monitoringt1021t1021.001t1040t1041t1046t1055t1059t1071t1071.001t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1210t1486t1496t1497t1499.002t1499.003t1563t1565t1567t1573t1588t1589.002t1595t1595.001t1595.002t1595.003targeting databasetelecom servicestelecommunicationsthreat actorthreat intelligencethreat preventiontor nodetpotceunauthorized accessunited kingdomvulnerability scanweb traffic

Activity Timeline

1 total obs
Mar 28Mar 28

Threat Activity Heatmap

· Peak: 2026-03-28
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
40
SIGNAL
Signal Score
40%
Confidence
16
Reports
First seenDec 1, 2024
Last seenMar 28, 2026
GeolocationKR
CountryKorea, Republic of
LocationSeoul, Seoul-teukbyeolsi
ASNAS9318
OrgbroadNnet
Coords37.6210, 126.9393

VirusTotal

Not checked

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 175.112.0.0 - 175.127.255.255 netname: broadNnet descr: SK Broadband Co Ltd admin-c: IM670-AP tech-c: IM670-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T00:38:20Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Seoul Jung-gu Toegye-ro 24 country: KR phone: +82-80-828-2106 e-mail: [email protected] nic-hdl: IM670-AP mnt-by: MNT-KRNIC-AP last-modified: 2021-10-05T05:20:03Z source: APNIC inetnum: 175.112.0.0 - 175.127.255.255 netname: broadNnet-KR descr: SK Broadband Co Ltd country: KR admin-c: IM12-KR tech-c: IM12-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Seoul Jung-gu Toegye-ro 24 address: SK Namsan Green Bldg. country: KR phone: +82-80-828-2106 e-mail: [email protected] nic-hdl: IM12-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 16 threat reports