IPMediumSignal 59/100

`221.153.11.149`

Location

Korea, Republic of

Yongin-si, Gyeonggi-do

ASN

AS4766

Korea Telecom

First Seen

Dec 23, 2024

Last Seen

Apr 7, 2026

Dec 23

First Seen

537d ago

Apr 7

Last Seen

67d ago

Reports

source reports

59%

Confidence

medium

5/91

VirusTotal

detections

Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

59%

Signal Score

59 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

63 techniques

Network Information

Country

Korea, Republic of

RegionYongin-si, Gyeonggi-do

ASNAS4766

OrganizationKorea Telecom

Feed Intelligence Summary

13 reports59% confidence

Source reports

59%

Confidence score

Category tags

abuseaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningasiaattackaustraliaauthentication abuseauthentication-attemptsautomated attackautomated attacksbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptc2c2 communicationcanadacisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised credentialscompromised devicecompromised hostcompromised systemcowriecowrie datacowrie honeypotcowrie honeypot datacredential accesscredential harvestingcredential stuffingcredential-stuffingctadata encryptiondata exfiltrationdata store exposuredatabase attackddosddos attackddos attacksddos participationdecoy systemdenial of servicedevice managementdigital oceandionaea honeypotdistributed attacksencryptionenterprise networkingenumerationeuropeexploitexploit activityexploit attemptsexploitationexploitation activityexploited hostfattfinlandfranceftpftp brute forcegermanygithubhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinfrastructure acquisitionreconnaissanceinitial accessinitiator ipinjection activityinternet of thingsintrusion detectioniociot botnetiot device targetingiot securityiot targetediot/ics attackipv4 scanningjapankorea (the republic of)korea, republic ofkrlamplateral movementlinux-server-attacksloginlogin attacklogin attemptmailoney honeypotmalicious activitymalicious domainmalicious network activitymalicious sftp activitymalicious softwaremalicious ssh activitymalicious-activitymalwaremalware behaviourmalware capturemalware propagationmalware scanningmanualmirai botnetmysqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork trafficnginxnorth americaoceaniap0fpassword attackpassword attackspassword sprayingpassword-guessingphishingphishing attackphishing trappolandport-scanningpotential malware uploadprocess injectionprotocol exploitationpublicly accessible infrastructurepythonransomwarerdp scanningreconnaissanceremote accessremote servicesresearchedresource developmentresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserverservice scansftpsftp attacksftp exploit attemptsip brute forcesip scanningslugsmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotsouth koreaspamsql injection attemptssshssh attackssh monitoringsurface websystem accesst1005t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1056.001t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1078.001t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195.002t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1552.001t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp/23telecommunicationstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetorontotpottpotceudp scanunauthorized accessunauthorized access attemptunited kingdomunited statesvoipvoip attackvulnerabilityvulnerability scanvultr cloud infrastructureweb application attackweb exploitweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

59%

Confidence

Reports

First seenDec 23, 2024

Last seenApr 7, 2026

GeolocationKR

CountryKorea, Republic of

LocationYongin-si, Gyeonggi-do

ASNAS4766

OrgKorea Telecom

Coords37.4206, 127.1267

VirusTotal

5/ 91vendors flagged

5% detection rateJun 8, 2026

WHOIS

description: dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw: inetnum: 221.144.0.0 - 221.168.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-06T02:32:54Z source: APNIC irt: IRT-KRNIC-KR address: Jeollanam-do Naju-si Jinheung-gil e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2021-06-15T06:21:49Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 221.144.0.0 - 221.168.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. changed: [email protected] source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] source: KRNIC
references: https://github.com/telekom-security/tpotce

`221.153.11.149`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy