IOC Radar
IPMediumSignal 63/100

220.158.234.135

Location
BangladeshBangladesh
Phnom Penh, Phnom Penh
ASN
AS38623
VIETTEL (CAMBODIA) PTE., LTD
First Seen
Jul 1, 2025
Last Seen
Jun 5, 2026
Jul 1
First Seen
347d ago
Jun 5
Last Seen
8d ago
12
Reports
source reports
63%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

83 techniques

Network Information

CountryBDBangladesh
RegionPhnom Penh, Phnom Penh
ASNAS38623
OrganizationVIETTEL (CAMBODIA) PTE., LTD

Feed Intelligence Summary

12 reports63% confidence
12
Source reports
63%
Confidence score
Category tags
active scanactive scanningapacheaptasiaattackauthentication attacksautomotive manufacturingbackdoorbad reputationbangladeshblacklisted ip addressbookwormbotnetbotnet activitybotnet iocsbrute forcebrute force attackbrute force attemptsbrute-force attackbrute_forcebuilding constructionbusyboxc&cc2c2 communicationc2 servercambodiacertcisco devicecode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication technologiescompromise attemptcompromised devicecompromised hostcompromised systemconductconnected devicesconstruction materialsconstruction safetyconstruction technologycredential accesscredential attackcredential harvestingcredential stuffingcredential theftcredential_accesscryptocurrencycryptominingcve exploitationcve scansdata exfiltrationdata store exposuredata theftdatabase securityddosddos attacksddos preparationdecoy systemdenial of servicedevice managementdistributed attacksdns attackdownloaderdownloader ipdraytekelectronics manufacturingelfenterprise networkingenterprise networkseurope/asiaevasionevasion techniquesexecutable fileexploitexploit attemptexploit public-facing applicationexploitationexploitation activityexploitsftpftp brute forcegayfemboy botnetget requestgs494gs523hasheshttp brute forcehttp scanneridentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninfected systeminformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinput validation bypassinternet of thingsintrusion detectioniociocsiocs rondodoxiot analyticsiot applicationsiot botnetiot devicesiot exploitationiot malwareiot platformsiot securityiot/ics attackit infrastructurelateral movementlinuxloaderloader-as-a-servicemalicious activitymalicious communicationmalicious softwaremalicious web activitymalicious website activitymalwaremalware distributionmalware infectionmalware loadermanufacturing technologymediamexicomirai botnetmirai internetmirai payloadmobile carriersmobile networksmortemorte malwaremorte payloadnetworknetwork activitynetwork attacksnetwork devicenetwork infrastructurenetwork intrusionnetwork propagationnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork_reconnaissancenewly created domainsnorth americaorchardpassword attackpassword attackspath traversalpayloadpdnsphishingphishing attackphishing domainplugxpostpost requestprocess injectionprocess manufacturingpropagation and controlprotocol exploitationquality controlransomwarereconnaissanceremote accessremote access attackremote access trojanremote code executionremote servicesresearchedroutersaint helena, ascension and tristan da cunhascannerscanning activityscripting attackssearchsecurity operationsservice scanshell uploadsiemsmart devicessmtp brute forcesocial engineeringsoftware developmentsoftware exploitationsohosoho devicessoho routerssourcessh attacksupply chain attacksupply chain managementsyn port scansyn scansystemd service exploitationt1003t1005t1016t1016.001t1016.002t1021t1021.001t1021.004t1027t1036t1040t1046t1048t1053t1053.005t1055t1059t1059.003t1059.004t1059.005t1059.007t1068t1070t1071t1071.001t1071.002t1071.004t1076t1078t1078.001t1078.002t1078.003t1078.004t1082t1102t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1203t1204t1205.001t1486t1496t1497t1497.001t1498t1498.001t1499t1499.001t1499.002t1499.003t1547t1562t1563t1565t1566t1566.001t1566.002t1566.003t1568t1569t1569.001t1569.002t1571t1573t1583t1587t1587.001t1588t1588.006t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltelecom servicestelecommunicationstelnet threatthingsthreat actorthreat intelligencetor nodetplinktraffic analysisturkeyua-wgetudp port scanunauthorized accessunauthorized access attemptunited statesupnpvulnerabilityvulnerability scanweb application attackweb application exploitationweb attackweb crawlerweb crawlingweb exploitweb exploitationweb trafficwebsite threatxss

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
12
Reports
First seenJul 1, 2025
Last seenJun 5, 2026
GeolocationBD
CountryBangladesh
LocationPhnom Penh, Phnom Penh
ASNAS38623
OrgVIETTEL (CAMBODIA) PTE., LTD
Coords0.0000, 0.0000

VirusTotal

Not checked

WHOIS

description
CC=BD ASN=AS38623 viettel
raw
inetnum: 220.158.234.0 - 220.158.234.255 netname: ZIPNET-BD descr: ZIPNET Limited country: BD admin-c: AT1134-AP tech-c: AT1134-AP abuse-c: AT1134-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-KH-VIETTELCAMBODIA mnt-irt: IRT-VIETTEL-CAMBODIA-KH last-modified: 2021-08-27T00:31:33Z source: APNIC irt: IRT-VIETTEL-CAMBODIA-KH address: e-mail: [email protected] abuse-mailbox: [email protected] admin-c: VAT6-AP tech-c: VAT6-AP auth: # Filtered remarks: [email protected] was validated on 2025-08-04 mnt-by: MAINT-KH-VIETTELCAMBODIA last-modified: 2025-09-04T05:29:37Z source: APNIC role: Alif Technologies address: 604, South Goran, Road No-30, Khilgaon, Dhaka-1219 country: BD phone: +880-1732212221 e-mail: [email protected] admin-c: AT1134-AP tech-c: AT1134-AP nic-hdl: AT1134-AP notify: [email protected] mnt-by: MAINT-ALIF-TECH-BD last-modified: 2020-06-28T15:10:05Z source: APNIC route: 220.158.234.0/24 origin: AS38623 descr: VIETTEL (CAMBODIA) PTE., LTD VIETTEL (Cambodia) PTE.,LTD #199, Mao Tse Toung St.(245) mnt-by: MAINT-KH-VIETTELCAMBODIA last-modified: 2021-11-05T09:52:04Z source: APNIC
references
https://www.cloudsek.com/blog/botnet-loader-as-a-service-infrastructure-distributing-rondodox-and-mirai-payloads, https://www.fortinet.com/blog/threat-research/iot-malware-gayfemboy-mirai-based-botnet-campaign, Cyber Threat Advisory - The Rise of Morte Malware Botnet Expansion Across SOHO, IoT, and Enterprise Networks.pdf, Loader as Service.pdf, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://cybersecuritynews.com/new-stealthy-malware-exploiting-cisco-tp-link/, https://1275.ru/ioc/indikatory-komprometatsii-botneta-mirai-obnovlenie-za-24-07-2025_13402, https://1275.ru/ioc/indikatory-komprometatsii-botneta-mirai-obnovlenie-za-04-07-2025_12679, https://1275.ru/ioc/indikatory-komprometatsii-botneta-mirai-obnovlenie-za-03-07-2025_12664, https://1275.ru/ioc/indikatory-komprometatsii-botneta-mirai-obnovlenie-za-02-07-2025_12637

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 8 days ago
Appeared in 12 threat reports