IOC Radar
IPMediumSignal 64/100

220.124.231.28

Location
Korea, Republic ofKorea, Republic of
Jeju City, Gyeonggi-do
ASN
AS4766
Kornet
First Seen
Sep 21, 2024
Last Seen
Jun 15, 2026
Sep 21
First Seen
640d ago
Jun 15
Last Seen
8d ago
20
Reports
source reports
64%
Confidence
medium
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Network Information

CountryKRKorea, Republic of
RegionJeju City, Gyeonggi-do
ASNAS4766
OrganizationKornet

Feed Intelligence Summary

20 reports64% confidence
20
Source reports
64%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount enumerationactive scanactive scanningadresse ipaptasiaattackazure adbad reputationbankingbelgiumblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute-forcebruteforcec2cloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcompromised hostcredential accesscredential harvestingcredential stuffingcredit card servicesdata exfiltrationdata store exposureddosddos attackddos preparationdecoy systemdenial of servicedistributed attacksemaileuropeexploitation activityexploited hostfinancefinancial servicesfinancial technologyfinlandfranceftp brute forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationimapimap attackindicatorinfrastructure acquisitionreconnaissanceinjection activityintrusion detectionkorea, republic ofkrlateral movementlogin attemptmalicious activitymalicious softwaremalwaremanualmicrosoft entra idmultiple usersnetworknetwork enumerationnetwork intrusionnetwork scanningnetwork securitynetwork traffic analysisnorth americapassword attackpassword attackspassword crackingpayment processingphishingphishing attackpolandprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscannersscanning activitysecurity operationssecurity policysmb brute forcesmtpsmtp attackersmtp brute forcesocial engineeringsouth koreasshssh attackt1016.001t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588.004t1590.001t1592t1595t1595.001t1595.002t1595.003tcp scantelnet threatthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized access attemptunited statesvulnerability scanwealth managementweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 15Jun 15

Threat Activity Heatmap

· Peak: 2026-06-15
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
20
Reports
First seenSep 21, 2024
Last seenJun 15, 2026
GeolocationKR
CountryKorea, Republic of
LocationJeju City, Gyeonggi-do
ASNAS4766
OrgKornet
Coords37.3654, 127.1220

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 8 days ago
Appeared in 20 threat reports