IOC Radar
IPMediumSignal 64/100

222.97.11.71

Location
Korea, Republic ofKorea, Republic of
Sasang-gu, Busan
ASN
AS4766
Korea Telecom
First Seen
Jun 28, 2024
Last Seen
Jun 12, 2026
Jun 28
First Seen
729d ago
Jun 12
Last Seen
15d ago
18
Reports
source reports
64%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

52 techniques

Network Information

CountryKRKorea, Republic of
RegionSasang-gu, Busan
ASNAS4766
OrganizationKorea Telecom

Feed Intelligence Summary

18 reports64% confidence
18
Source reports
64%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningasiaattackaustraliaauthentication abuseauthentication attackauthentication attemptauthentication_failuresautomated attacksbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2c2 servercisco devicecivil servicescloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommunication protocolcompromised hostcompromised hostscowrie datacowrie honeypotcredential accesscredential harvestingcredential stuffingcredential_stuffingctadata encryptiondata exfiltrationdata store exposuredata theftdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaea honeypotdistributed attacksencryptionenterprise networkingeuropeexploitexploit attemptexploitation activityexploited hostfattfinlandfranceftpftp brute forceftp brute-forcegermanygovernment technologyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniociot botnetiot securityiot targetediot/ics attackipv4ipv4 attacksit infrastructurekorea, republic ofkrlamplamp stacklateral movementlinux systemsloginlogin attacklogin attemptlogin failuremailoney honeypotmalicious activitymalicious ipmalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemalware distributionmanualmiraimirai botnetnetworknetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americaoceaniap0fpassword attackpassword attackspassword sprayingpassword_guessingphishingphishing attackphishing trappolandportscanpotential compromiseprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote access attemptremote servicesremote_accessresearchedresource hijackingscanscannerscannersscanning activitysecurity policysensor-taggedsentrypeer botnetservice scansftp attacksmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentsouth koreaspamsshssh attackssh monitoringt-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1056.001t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1077t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566.001t1566.002t1566.003t1573t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003tannertcptcp protocoltcp scantcp/23telecommunicationstelnettelnet threattelnetdthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptsunited statesvoipvoip attackvulnerability scanvulnerability-exploitationvultrwarsawweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

· Peak: 2026-06-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
18
Reports
First seenJun 28, 2024
Last seenJun 12, 2026
GeolocationKR
CountryKorea, Republic of
LocationSasang-gu, Busan
ASNAS4766
OrgKorea Telecom
Coords35.1017, 129.0300

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force TELNET on Vultr Paris (France) honeypot
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 15 days ago
Appeared in 18 threat reports