IOC Radar
IPMediumSignal 43/100

221.168.209.249

Location
Korea, Republic ofKorea, Republic of
Suwon, Gyeonggi-do
ASN
AS4766
Kornet
First Seen
Apr 28, 2024
Last Seen
Apr 5, 2026
Apr 28
First Seen
774d ago
Apr 5
Last Seen
67d ago
13
Reports
source reports
43%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryKRKorea, Republic of
RegionSuwon, Gyeonggi-do
ASNAS4766
OrganizationKornet

Feed Intelligence Summary

13 reports43% confidence
13
Source reports
43%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotasiaattackauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force ftpbrute force sshc2certcommand & controlcommand and controlcommunication protocolcowriecowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos attacksdecoy systemdionaeadionaea activitydionaea honeypotdirectory traversaldistributed attacksemailexploit attemptsexploitation activityexploited hostftp brute forcegithubhackingheralding activityhoneytrap activityhoneytrap honeypotidentity & access exploitationindicatorinjection activityinternet of thingsiot botnetiot securityiot/ics attackkorea, republic ofkrlamplamp exploitation attemptsmailoney activitymailoney honeypotmalicious activitymalicious email activitymalicious softwaremalwaremalware behaviourmalware capturemirai botnetnetworknetwork scanningnetwork securitynetwork service scanningphishingphishing attackphishing trapprocess injectionpythonransomwarereconnaissanceresearchedresource hijackingscannersentrypeer activitysentrypeer botnetservice scansftpsftp activitysftp attacksipsip brute forcesip scanningslugsocial engineeringsocradarsouth koreasshssh attackssh monitoringsurface webt1021t1021.001t1021.002t1021.004t1021.006t1021.007t1040t1041t1055t1059t1059.004t1068t1071.001t1078t1110t1110.001t1110.002t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat detectionthreat intelligencetor nodevoipvoip attackweb application attack

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
13
Reports
First seenApr 28, 2024
Last seenApr 5, 2026
GeolocationKR
CountryKorea, Republic of
LocationSuwon, Gyeonggi-do
ASNAS4766
OrgKornet
Coords37.5112, 126.9741

VirusTotal

Not checked

WHOIS

description
2025-02-20T01:19:39.204Z Honeypot : Adbhoney : EventID/src_ip/src_url: adbhoney.session.connect221.168.209.249
raw
inetnum: 221.144.0.0 - 221.168.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-06T02:32:54Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-04-10T04:49:23Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 221.144.0.0 - 221.168.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 13 threat reports