IOC Radar
IPMediumSignal 77/100

42.53.245.189

Location
ChinaChina
Shenyang, Liaoning
ASN
AS4837
China Unicom Liaoning Province Network
First Seen
Apr 11, 2026
Last Seen
May 12, 2026
Apr 11
First Seen
64d ago
May 12
Last Seen
33d ago
7
Reports
source reports
77%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

3 techniques

Network Information

CountryCNChina
RegionShenyang, Liaoning
ASNAS4837
OrganizationChina Unicom Liaoning Province Network

Feed Intelligence Summary

7 reports77% confidence
7
Source reports
77%
Confidence score
Category tags
abusech-urlhaus-c2cactive scanactive scanningarcarmasciiasiabad reputationbase64-loaderbotnet activitybrute forcebrute force attackerbrute-forcebruteforcec2chinacommand & controldropped-by-amadeydropped-by-gcleanerelfencodedexeexecutable fileexploitation activityexploited hostgafgytguloaderhackinghajimehtaindicatorinfostealerisolodaratluamalwaremipsmiraimozimsinetworkopendirphantomgatephantomstealerportscanpowershellps1pureratransomwareratreconnaissanceremcosratresearchedrev-base64-loaderrmmrustystealersaint helena, ascension and tristan da cunhasantastealerscams & fraudscannerscannersservice scansmartloadersparcstealersuperht1595.001t1595.002t1595.003telnetua-mshtaua-wgetvidarvipkeyloggervultrx86x86-64xwormzigclipper

Activity Timeline

1 total obs
May 12May 12

Threat Activity Heatmap

· Peak: 2026-05-12
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
7
Reports
First seenApr 11, 2026
Last seenMay 12, 2026
GeolocationCN
CountryChina
LocationShenyang, Liaoning
ASNAS4837
OrgChina Unicom Liaoning Province Network
Coords41.8048, 123.4330

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force TELNET on Vultr Tokyo (Japan) honeypot
raw
inetnum: 42.52.0.0 - 42.55.255.255 netname: UNICOM-LN descr: UNICOM Liaoning Province Network descr: China Unicom descr: No.21, Jin-Rong Street descr: Beijing 100033 country: CN admin-c: CH444-AP tech-c: ZB17-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2025-01-22T13:06:37Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-10-17 mnt-by: MAINT-CNCGROUP last-modified: 2025-11-18T00:26:20Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-10-17 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-10-17T02:26:56Z source: APNIC person: CNCGroup Hostmaster nic-hdl: CH444-AP e-mail: [email protected] address: No.21,Financial Street address: Beijing,100033,P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CN-CUCGROUP last-modified: 2017-09-05T06:36:14Z source: APNIC person: ZHAO BO address: 96,JieFang Road ChangChun 130021 China. country: CN phone: +86-431-8925217 fax-no: +86-431-8925190 e-mail: [email protected] nic-hdl: ZB17-AP mnt-by: MAINT-CHINANET-JL last-modified: 2008-09-04T07:30:04Z source: APNIC route: 42.52.0.0/14 descr: China Unicom Liaoning Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2011-03-02T05:24:02Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 1 month ago
Appeared in 7 threat reports