IOC Radar
IPMediumSignal 93/100

207.56.138.28

Location
United StatesUnited States
Redmond, Kowloon
ASN
AS54801
NTT America, Inc.
First Seen
Dec 11, 2025
Last Seen
May 6, 2026
Dec 11
First Seen
182d ago
May 6
Last Seen
36d ago
15
Reports
source reports
93%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
93%
Signal Score
93 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

72 techniques

Network Information

CountryUSUnited States
RegionRedmond, Kowloon
ASNAS54801
OrganizationNTT America, Inc.

Feed Intelligence Summary

15 reports93% confidence
15
Source reports
93%
Confidence score
Category tags
abcdoorabuseabuse.ch-threatfoxabusech-threatfox-c2cactive scanningadversary behaviorafricaalibaba cloud networkany.run analysisapplication layer protocolaptapt activityasiaasyncratattackauditauto-generatedautomated analysisautomated sweepbde score 85bde score 85+bde score: highbeaconbotnetbotnet activitybritish indian ocean territorybrute forcebrute force attemptsc2c2 activityc2 communicationc2 frameworkc2 frameworksc2 infrastructurec2 serverc2-infrastructurec2_infrastructurecertchinaclient executioncobalt strikecobalt strike c2cobalt strike frameworkcobalt_strikecode executioncommand & controlcommand and controlcommand executioncommand-and-controlcommunication channelcompromised domainscompromised host indicationscompromised hostscompromised ipscompromised systemconnections ipcredential accesscredential dumpingcredential harvestingcredential stuffingcredential theftcredential-accessdata encryptiondata exfiltrationdata exfiltration attemptdata theftdata transferdcratdcrat malwareddosddos attacksdeimosc2deimosc2 c2deimosc2 frameworkdistributed attacksdropped fileencrypted channeleurope/asiaexecutable deliveryexfiltrationexploit targetingexploitationextortionfortimail quarantineftp brute forcehavochavoc c2havoc frameworkhavoc rathigh bde scorehong konghookhook malwarehook rathttp brute forcehttp/https traffichttpsindiaindicatorindonesiainfrastructure acquisitionreconnaissanceinitial-accessinternet of thingsintrusion detectioniociocsiot botnetiot/ics attackjapankimsukylateral movementmainmalicious activitymalicious domainmalicious domainsmalicious ipsmalicious ispmalicious linksmalicious network trafficmalicious softwaremalicious spam campaignmalicious trafficmalwaremalware activity detectedmalware analysismalware beaconmalware campaign activitymalware campaign analysismalware campaign detectionmalware distributionmalware distribution campaignmalware familiesmalware familymalware frameworkmalware indicatorsmalware infectionmanualmeterpretermirai botnetmirai c2moobotmoobot malwarenetsupportmanagernetsupportmanager ratnetsupportmanager-ratnetsupportmanager_ratnetworknetwork communicationnetwork connectionsnetwork indicatorsnetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynetwork sniffingnetwork traffic analysisnorth americanoticeofficial noticeopendiros credential dumpingosintosint-volleyphishingphishing attackphishing emailplatform win32possible malware distributionpost-exploitationpost-exploitation activityprocess injectionpython backdoorquasar ratransomwareratrat activityreconnaissancereconnaissance activityregistry run keysremcos trojanremote accessremote access toolremote access toolsremote access trojanremote code executionremote file copyremote servicesremote-access-trojanresearchedretail tradermsrussiarussian federationscannersecurity operationsself-signed certificateself-signed certificatesself-signed-certificateself-signed_certificateself_signed_certificatesilver foxsliversocial engineeringsocradarsoftware exploitationsouth africassh attacksslssl certificatesstartup folderstealcstixsystem disruptiont1003t1005t1016t1021t1021.001t1027t1040t1041t1053t1053.005t1055t1056.001t1059t1059.001t1059.003t1059.004t1060t1070.004t1071t1071.001t1071.004t1076t1078t1083t1095t1102t1105t1106t1110t1110.002t1113t1115t1132t1140t1189t1190t1193t1203t1204t1204.001t1204.002t1210t1211t1219t1484t1486t1490t1496t1497t1499.001t1499.002t1499.003t1547.001t1555t1565t1566t1566.001t1566.002t1566.003t1568t1569.002t1571t1573t1573.001t1584t1587.001t1590.001t1595t1595.001t1595.002t1595.003t1598tencent networkthreat actorthreat intelligencethreat intelligence feedthreatfox feedtriageturkeytwitterunited statesunknown malwareunknown-malwareunknown_malwareusvalleyratvalleyrat malwarevalleyrat trojanvidarvidar stealerweb securitywinos 4.0xwormxworm malware

Activity Timeline

1 total obs
May 6May 6

Threat Activity Heatmap

· Peak: 2026-05-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
93
SIGNAL
Signal Score
93%
Confidence
15
Reports
First seenDec 11, 2025
Last seenMay 6, 2026
GeolocationUS
CountryUnited States
LocationRedmond, Kowloon
ASNAS54801
OrgNTT America, Inc.
Coords22.3193, 114.1690

VirusTotal

Not checked

WHOIS

description
CC=US ASN=AS2914 ntt america inc.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 months ago · Last seen 1 month ago
Appeared in 15 threat reports