IOC Radar
IPMediumSignal 44/100

211.239.213.13

Location
Korea, Republic ofKorea, Republic of
Gwacheon-si, Gyeonggi-do
ASN
AS9848
Sejong
First Seen
Oct 28, 2022
Last Seen
Feb 12, 2026
Oct 28
First Seen
1338d ago
Feb 12
Last Seen
135d ago
5
Reports
source reports
44%
Confidence
medium
Found in 5 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
44%
Signal Score
44 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

7 techniques

Network Information

CountryKRKorea, Republic of
RegionGwacheon-si, Gyeonggi-do
ASNAS9848
OrganizationSejong

Feed Intelligence Summary

5 reports44% confidence
5
Source reports
44%
Confidence score
Category tags
active scanaddonahnlab tipanna paulaappdataappleasecasiaawareness monthbotizbotnetbotnet activitybrand phishingbyovdc2 protocolc2 serverschemical sectorcloud securitycobalt strikecode issuescommand & controlcommand and controlcontainer securitycrowdstrikecyberdata exfiltrationdata store exposuredemodistributed attacksdockerelbieelbieransomwareexploitation activityexposefalcon fusionfalcon platformfalsefigurefooterfrom emailgithubheadershttpindicatorinitechinjection activityjaeson schultzjumpkaseyakillnetkorea, republic ofkrlazarus targetsmalicious softwaremalspam emailmalwaremalware asmarkmsi filenetworkopenpartphishingpipeplinkplugxprocess injectionpullputtypythonransomwarerapitresearchedrioqhse labsshadowpad c2shadowpad c2ssignsmtpsolarwindssouth koreaspamspyderstarstrongsupply chain attackt1055t1071.001t1486t1496t1499.002t1499.003t1565talos irtargettechthreat actorthreat analysisthreat sourcethreat source newslettertor nodetruetwitterundelivered dhlverifyvmwarevoicevulnerability scanwinntizip archive

Activity Timeline

1 total obs
Feb 12Feb 12

Threat Activity Heatmap

· Peak: 2026-02-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
44
SIGNAL
Signal Score
44%
Confidence
5
Reports
First seenOct 28, 2022
Last seenFeb 12, 2026
GeolocationKR
CountryKorea, Republic of
LocationGwacheon-si, Gyeonggi-do
ASNAS9848
OrgSejong
Coords37.5112, 126.9741

VirusTotal

Not checked

WHOIS

raw
inetnum: 211.239.192.0 - 211.239.255.255 netname: SEJONG descr: SEJONG NETWORKS country: KR admin-c: IM686-AP tech-c: IM686-AP status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2024-09-10T08:50:11Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: 12 Gwacheon-daero 7-gil, Gwacheon-si, Gyeonggi-do country: KR phone: +82-2-1688-2200 e-mail: [email protected] nic-hdl: IM686-AP mnt-by: MNT-KRNIC-AP last-modified: 2024-09-10T08:42:02Z source: APNIC inetnum: 211.239.192.0 - 211.239.255.255 netname: SEJONG-KR descr: SEJONG NETWORKS country: KR admin-c: IA10-KR tech-c: IM10-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: 12 Gwacheon-daero 7-gil, Gwacheon-si, Gyeonggi-do address: (Galhyeondong) country: KR phone: +82-2-1688-2200 e-mail: [email protected] nic-hdl: IA10-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: 12 Gwacheon-daero 7-gil, Gwacheon-si, Gyeonggi-do address: (Galhyeondong) country: KR phone: +82-2-1688-2200 e-mail: [email protected] nic-hdl: IM10-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
2021-09-21-Curriculo-IOCs.txt, 2627534.misp-json, https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html, https://github.com/carbonblack/active_c2_ioc_public/blob/main/shadowpad/shadowpad_202210.tsv, https://blog.talosintelligence.com/threat-source-newsletter-oct-27-2022/, https://thehackernews.com/2022/10/researchers-expose-over-80-shadowpad.html, https://raw.githubusercontent.com/carbonblack/active_c2_ioc_public/main/shadowpad/shadowpad_202210.tsv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 4 months ago
Appeared in 5 threat reports