IOC Radar
IPMediumSignal 44/100

221.147.112.22

Location
Korea, Republic ofKorea, Republic of
Seoul, 11
ASN
AS4766
Korea Telecom
First Seen
Oct 9, 2024
Last Seen
Apr 7, 2026
Oct 9
First Seen
613d ago
Apr 7
Last Seen
68d ago
18
Reports
source reports
44%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
44%
Signal Score
44 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Network Information

CountryKRKorea, Republic of
RegionSeoul, 11
ASNAS4766
OrganizationKorea Telecom

Feed Intelligence Summary

18 reports44% confidence
18
Source reports
44%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningasiaattackauthentication abuseauthentication attemptsauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptc2 servercisco devicecommand & controlcommand and controlcommunication protocolcompromised hostscowriecowrie honeypotcowrie honeypot datacowrie interactionscredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredata theftddosddos attacksdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksenterprise networkingenumerationexploitexploit attemptsexploitationexploitation activityfailed login attemptsftp brute forcegithubhackinghoneytrap honeypothttp brute forceidentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinitial accessinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackkorea, republic ofkrlamplamp server attacklateral movementlateral movement techniquesloginmailoney honeypotmalicious activitymalicious network activitymalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemalware distributionmalware propagationmalware scanningmanualmirai botnetmysqlnetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnginxpassword attackpassword attackspassword sprayingphishingphishing attackphishing trappotential exploit attemptspotential intrusionpotential malware uploadprocess injectionprotocol exploitationpythonransomwarereconnaissanceremote accessremote service exploitationremote servicesresearchedresource developmentscanscannerscripting attackssecurity policyserverservice scansftpsftp attacksftp exploit attemptslugsmtp brute forcesocial engineeringsocradar honeypotsouth koreaspamsql injection attemptssshssh attackssh monitoringsurface webt-pott1005t1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1056.001t1059t1059.001t1059.004t1059.007t1068t1071t1071.001t1076t1078t1078.001t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195.002t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp/23telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunauthorized accessunauthorized access attemptunited statesus ip addressvulnerabilityvulnerability scanweb application attackweb attackweb exploitation

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
44
SIGNAL
Signal Score
44%
Confidence
18
Reports
First seenOct 9, 2024
Last seenApr 7, 2026
GeolocationKR
CountryKorea, Republic of
LocationSeoul, 11
ASNAS4766
OrgKorea Telecom
Coords37.5462, 127.1401

VirusTotal

Not checked

WHOIS

description
dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw
inetnum: 221.144.0.0 - 221.168.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-06T02:32:54Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 221.144.0.0 - 221.168.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 18 threat reports