IOC Radar
IPMediumSignal 88/100

183.109.166.220

Location
Korea, Republic ofKorea, Republic of
Jeonju, 45
ASN
AS4766
Kornet
First Seen
May 29, 2025
Last Seen
Mar 12, 2026
May 29
First Seen
378d ago
Mar 12
Last Seen
90d ago
12
Reports
source reports
88%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
88%
Signal Score
88 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

77 techniques

Network Information

CountryKRKorea, Republic of
RegionJeonju, 45
ASNAS4766
OrganizationKornet

Feed Intelligence Summary

12 reports88% confidence
12
Source reports
88%
Confidence score
Category tags
abuseaccess controlaccess credential exploitationaccount compromiseactive scanninganomalous network connectionsasiaattackauthentication attacksblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsc&cc2c2 serverchina mobilecloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand and controlcommand executioncommunication protocolcommunication technologiescompany limitedcompromised hostscompromised servercompromised systemcompromised systemscowrie honeypotcowrie ssh attackcredential accesscredential stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptdata theftddosddos attackddos attacksdecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdionaea honeypotdistributed attacksenumerationeuropeexfiltrationexploitexploit attemptsexploitation attemptsfattftpftp brute forcehackinghk abusehandlerhoneytrap activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghurricane usimpactindicatorinitial accessinternet of thingsintrusion detectioniociot botnetiot/ics attackkorea, republic oflamplateral movementmailoney honeypotmalicious activitymalicious domainmalicious ip activitymalicious ip addressesmalicious linksmalicious network activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmirai botnetmobile carriersmobile networksnetworknetwork attacksnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisp0fp0f os fingerprintingpassword attackpassword attackspassword crackingpgp signphishingphishing attackphishing trappolandpossible botnet activitypossible malware distributionprivilege escalationprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote servicesresearchedresource developmentresource hijackingscanscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsftp attacksmtpsmtp brute forcesmtp scanningsocradar honeypotsoftware exploitationsouth koreaspamsql injection attemptsssh attackssh monitoringsuricata alertt1005t1016t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1048t1053t1055t1056t1056.001t1059t1059.001t1059.007t1065t1068t1070t1070.001t1070.002t1070.003t1070.004t1070.005t1070.006t1070.007t1071t1071.001t1071.004t1076t1078t1078.001t1078.002t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204t1204.001t1210t1486t1496t1497t1499.001t1499.002t1499.003t1547.001t1547.009t1555t1555.003t1563t1564t1565t1566t1566.001t1566.002t1566.003t1573t1588t1592t1595t1595.001t1595.002t1595.003tannertcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttpotus abuseus nonevoip attackvultr infrastructureweb attackweb exploitationweb securityweb traffic

Activity Timeline

1 total obs
Mar 12Mar 12

Threat Activity Heatmap

· Peak: 2026-03-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
88
SIGNAL
Signal Score
88%
Confidence
12
Reports
First seenMay 29, 2025
Last seenMar 12, 2026
GeolocationKR
CountryKorea, Republic of
LocationJeonju, 45
ASNAS4766
OrgKornet
Coords35.8237, 127.1476

VirusTotal

Not checked

WHOIS

description
The following is the full text of the DShield.org block list, compiled by the organisation's own staff and copyrighted by its own developers, subject to copyright and other conditions, and is copyrighted. Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 12 threat reports