IOC Radar
IPMediumSignal 62/100

175.193.100.79

Location
Korea, Republic ofKorea, Republic of
Gwangjin-gu, 11
ASN
AS4766
Kornet
First Seen
May 27, 2025
Last Seen
Aug 23, 2025
May 27
First Seen
392d ago
Aug 23
Last Seen
303d ago
11
Reports
source reports
62%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

52 techniques

Network Information

CountryKRKorea, Republic of
RegionGwangjin-gu, 11
ASNAS4766
OrganizationKornet

Feed Intelligence Summary

11 reports62% confidence
11
Source reports
62%
Confidence score
Category tags
abuseaccess controlactive scanningasiaattackbotnetbotnet activity detectedbrute forcebrute force attackc2c2 communicationcommand and controlcommunication technologiescompromised hostcompromised systemcredential accesscredential stuffingdata exfiltrationddosddos attacksdenial of servicedistributed attacksexploitexploit attemptsftp brute forcehttp brute forceindicatorinfected hostinfrastructure acquisitionreconnaissanceingress tool transferinternet of thingsintrusion detectioniot botnetiot/ics attackkorea, republic oflateral movementmalicious activitymalicious communicationmalicious domainsmalicious ipsmalicious linksmalicious payloadmalicious softwaremalwaremalware propagationmalware scanningmirai botnetmobile carriersmobile networksnetworknetwork beaconingnetwork intrusionnetwork probingnetwork scanningnetwork securitynetwork traffic analysispassword attacksphishingprocess injectionratreconnaissanceremote accessremote servicesresearchedscannersecurity policysmtp brute forcesocradar honeypotsouth koreasql injection attemptsssh attackt1005t1016t1018t1021t1021.001t1040t1041t1046t1047t1053t1055t1057t1059t1068t1071t1071.001t1071.004t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1204t1204.001t1210t1486t1490t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566t1566.003t1573t1573.001t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003telecom servicestelecommunicationsthreat actorthreat intelligencethreat preventiontrojan malwarevulnerabilityweb security

Activity Timeline

1 total obs
Aug 23Aug 23

Threat Activity Heatmap

· Peak: 2025-08-23
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
11
Reports
First seenMay 27, 2025
Last seenAug 23, 2025
GeolocationKR
CountryKorea, Republic of
LocationGwangjin-gu, 11
ASNAS4766
OrgKornet
Coords37.5415, 127.0252

VirusTotal

Not checked

WHOIS

raw
inetnum: 175.192.0.0 - 175.215.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:22:08Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 175.192.0.0 - 175.215.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 months ago
Appeared in 11 threat reports