IOC Radar
IPMediumSignal 40/100

60.13.7.123

Location
ChinaChina
Lanzhou, Gansu
ASN
AS4837
CNC Group CHINA169 Gansu Province Network
First Seen
Mar 29, 2021
Last Seen
Jun 2, 2026
Mar 29
First Seen
1902d ago
Jun 2
Last Seen
12d ago
12
Reports
source reports
40%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
40%
Signal Score
40 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

44 techniques

Network Information

CountryCNChina
RegionLanzhou, Gansu
ASNAS4837
OrganizationCNC Group CHINA169 Gansu Province Network

Feed Intelligence Summary

12 reports40% confidence
12
Source reports
40%
Confidence score
Category tags
abuseactive scanactive scanningaptasiaattackaustraliaauto-generated securitybad reputationbotnetbotnet activitybrute forcebrute force attackbrute-forcec2chinacncommand & controlcommand and controlcommunication protocolcompromised hostcowrie honeypotcowrie ssh honeypotcredential accesscredential brute-forcecredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase securityddosdecoy systemdefault credential abusedenial of servicedionaea honeypotdistributed attacksencryptionexploitexploitation activityexploitation attemptsexploited hostfattftpftp brute forcehackinghoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/sidentity & access exploitationindicatorinitial accessinjection activityiot device exploitationiot securityiot targetedkazakhstankaznetlamplamp server attacklamp stack attacklateral movementlinux servermailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemodbusmssqlnetworknetwork attacksnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork traffic analysisoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trappossible botnet activitypossible mirai variantpossible reconnaissance activityprocess injectionprotocol exploitationreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetserver exploitationservice scansftp activitysftp attackslugsmtpsmtp brute forcesql injectionssh attackssh monitoringsurface webt1018t1021t1021.001t1021.002t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1077t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1573t1583t1583.001t1583.002t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat-intelligencetor nodetpotudp port scanunauthorized access attemptunauthorized loginvoipvoip attackvulnerability scanweb app attackweb application attackweb application attacksweb attackweb exploitationweb traffic

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
40
SIGNAL
Signal Score
40%
Confidence
12
Reports
First seenMar 29, 2021
Last seenJun 2, 2026
GeolocationCN
CountryChina
LocationLanzhou, Gansu
ASNAS4837
OrgCNC Group CHINA169 Gansu Province Network
Coords36.0614, 103.8340

VirusTotal

Not checked

WHOIS

description
Information from proprietary sensors in the KazNET
raw
inetnum: 60.13.0.0 - 60.13.63.255 netname: UNICOM-GS descr: China Unicom Gansu province network descr: China Unicom country: CN admin-c: CH1302-AP tech-c: YH137-AP abuse-c: AC1718-AP status: ALLOCATED PORTABLE remarks: service provider remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-GS mnt-routes: MAINT-CNCGROUP-RR mnt-irt: IRT-CU-CN last-modified: 2023-10-21T03:36:18Z source: APNIC irt: IRT-CU-CN address: No.21,Financial Street address: Beijing,100033 address: P.R.China e-mail: [email protected] abuse-mailbox: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP auth: # Filtered remarks: [email protected] was validated on 2025-02-24 mnt-by: MAINT-CNCGROUP last-modified: 2025-02-24T06:16:57Z source: APNIC role: ABUSE CUCN country: ZZ address: No.21,Financial Street address: Beijing,100033 address: P.R.China phone: +000000000 e-mail: [email protected] admin-c: CH1302-AP tech-c: CH1302-AP nic-hdl: AC1718-AP remarks: Generated from irt object IRT-CU-CN remarks: [email protected] was validated on 2025-02-24 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-02-24T06:17:45Z source: APNIC person: ChinaUnicom Hostmaster nic-hdl: CH1302-AP e-mail: [email protected] address: No.21,Jin-Rong Street address: Beijing,100033 address: P.R.China phone: +86-10-66259764 fax-no: +86-10-66259764 country: CN mnt-by: MAINT-CNCGROUP last-modified: 2017-08-17T06:13:16Z source: APNIC person: yun hu nic-hdl: YH137-AP e-mail: [email protected] address: 5/F Kaida Building 88 Qingyang Road Chengguan District,Lanzhou 730000,P.R. China phone: +86-931-2162064 fax-no: +86-931-2190000 country: CN mnt-by: MAINT-CNCGROUP-GS last-modified: 2008-09-04T07:30:40Z source: APNIC route: 60.13.0.0/18 descr: CNC Group CHINA169 Gansu Province Network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR last-modified: 2008-09-04T07:54:44Z source: APNIC
references
https://threats.kz

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 12 days ago
Appeared in 12 threat reports