IOC Radar
IPMediumSignal 54/100

8.210.75.218

Location
Hong KongHong Kong
Hong Kong, Hong Kong
ASN
AS45102
Hong Kong
First Seen
Jun 26, 2024
Last Seen
Jun 7, 2026
Jun 26
First Seen
713d ago
Jun 7
Last Seen
3d ago
10
Reports
source reports
54%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Network Information

CountryHKHong Kong
RegionHong Kong, Hong Kong
ASNAS45102
OrganizationHong Kong

Feed Intelligence Summary

10 reports54% confidence
10
Source reports
54%
Confidence score
Category tags
active scanningadvanced persistent threataerospace & defenseagainst presentai applicationsai infrastructureai researchai solutionsalibabaamosandroid appandroid bankingandroid trojananti-debugginganti-vmaptartificial intelligenceasiaatomic macosatomic macos stealerbeyondbotnetbrute forcebrute_forcec2 communicationc2 serverchinachina-nexus aptcloud computingcloud migrationcloud securitycloud servicescloud storagecode executioncommand and controlcommand executioncommunication protocolcommunication technologiescommunications networkscomputer securitycomputer visioncontactcredential accesscredential dumpingcredential harvestingcredential stuffingcredential theftcredential_accesscritical infrastructurecryptocurrency threatscryptojackingcvecyber attackscyber espionagecyber newscyber riskcyber security newscyber security updatescyber updatesdata breachdata encryptiondata exfiltrationdata poisoningdeep learningdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydemodiseasedistributed attacksdll injectiondmitry kalinindownload filedriver loadingemergency servicesencrypted communicationenergyenergy distributionenergy systemsexploitextortionfileless malwarefilesfinancefinancial systemsfindftpftp brute forcefuturegithubgoogle drivegovernment facilitiesgpkigpuhacker newshacking newshong konghookhookshow to hackhttp scannerhttpshybridicmpimpactin the wildindicatorindonesiainformation securityinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinsideinsiktinsikt groupinstallit infrastructurejuniperkalininkernel exploitkilllateral movementlauncherlearnlinuxmachine learningmacosmalicious activitymalicious downloadmalicious softwaremalwaremalware distributionmanualmarkopolomedusamicromilitary operationsmobilemobile carriersmobile networksmobile securitymodel poisoningmopsledmulti-cloud managementnational securitynatural language processingnetworknetwork device compromisenetwork intrusion attemptnetwork reconnaissancenetwork scanningnetwork securitynetwork_reconnaissancenewsnormal filenvidiaoil & gasphishingphishing attackpower generationpower systemsprocess injectionprotectprotocol exploitationpythonransomwarercereconnaissancerecorded futureregistry run keysremote accessremote access toolremote code executionremote servicesrenewable energyreportsreptileresearchedresource hijackingrhttpproxyriskrootkitscheduled tasksecurity operationssingaporesmallsocial engineeringsoftware developmentsoftware exploitationsoftware vulnerabilitysoumnibotsouth koreassh attackstealcstealerstopsuomisupply chainsupply chain vulnerabilitysystem disruptiont1003t1005t1014t1021t1021.001t1027t1036t1040t1041t1049t1053t1055t1056t1059t1059.004t1064t1068t1071t1071.001t1074t1076t1078t1090t1095t1105t1110t1110.002t1134t1140t1190t1192t1199t1203t1205t1210t1219t1486t1490t1496t1499t1499.002t1499.003t1505t1542t1543t1547t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1573t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003t1601tacacstacacs servertelecom servicestelecommunicationstelnet threatthe hacker newsthreat actorthreat intelligencetinyshelltokentransportation networkstrend microtrend visiontriton inference servertwitteruefi bootkitunauthorized accessunc3886uploadurlsvmwarevoicevortaxvulnerabilitywater systemsweb trafficwmi event subscriptionwritezero-day vulnerability

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
10
Reports
First seenJun 26, 2024
Last seenJun 7, 2026
GeolocationHK
CountryHong Kong
LocationHong Kong, Hong Kong
ASNAS45102
OrgHong Kong
Coords22.2908, 114.1501

VirusTotal

Not checked

WHOIS

description
CC=HK ASN=AS45102 alibaba (us) technology co. ltd.
raw
inetnum: 8.210.0.0 - 8.210.255.255 netname: AlibabaCloud_HK descr: Aliyun Computing Co.LTD country: HK admin-c: ASEP1-AP tech-c: ASEP1-AP abuse-c: AA1926-AP status: ALLOCATED NON-PORTABLE mnt-by: MAINT-ASEPL-SG mnt-irt: IRT-ASEPL-SG last-modified: 2025-07-15T08:03:33Z source: APNIC irt: IRT-ASEPL-SG address: 1 Raffles Place # 59-00 One Raffles Place, Tower One Singapore, Singapore e-mail: [email protected] abuse-mailbox: [email protected] admin-c: ASEP1-AP tech-c: ASEP1-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-14 mnt-by: MAINT-ASEPL-SG last-modified: 2025-04-14T07:19:15Z source: APNIC role: ABUSE ASEPLSG country: ZZ address: 1 Raffles Place # 59-00 One Raffles Place, Tower One Singapore, Singapore phone: +000000000 e-mail: [email protected] admin-c: ASEP1-AP tech-c: ASEP1-AP nic-hdl: AA1926-AP remarks: Generated from irt object IRT-ASEPL-SG remarks: [email protected] was validated on 2025-04-14 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-14T07:19:41Z source: APNIC role: Alibabacom Singapore E-Commerce Private Limited a address: 1 Raffles Place #59-00 One Raffles Place, Tower One Singapore, Singapore country: SG phone: +86-571-85022088 fax-no: +86-571-85022088 e-mail: [email protected] admin-c: ASEP1-AP tech-c: ASEP1-AP nic-hdl: ASEP1-AP mnt-by: MAINT-ASEPL-SG last-modified: 2025-07-01T06:25:24Z source: APNIC route: 8.210.75.0/24 origin: AS134963 descr: Alibaba.com Singapore E-Commerce Private Limited 8 Shenton Way, #45-01 AXA Tower, Singapore 068811 mnt-by: MAINT-ASEPL-SG last-modified: 2020-01-20T07:41:59Z source: APNIC route: 8.210.75.0/24 origin: AS45102 descr: Alibaba.com Singapore E-Commerce Private Limited 8 Shenton Way, #45-01 AXA Tower, Singapore 068811 mnt-by: MAINT-ASEPL-SG last-modified: 2020-01-20T07:03:20Z source: APNIC
references
https://cloud.google.com/blog/topics/threat-intelligence/uncovering-unc3886-espionage-operations, Cyber Threat Advisory - Chained Vulnerabilities in NVIDIA Triton Expose AI Servers to Remote Code Execution.pdf, https://www.trendmicro.com/en_us/research/25/g/revisiting-unc3886-tactics-to-defend-against-present-risk.html, https://thehackernews.com/2024/04/new-android-trojan-soumnibot-evades.html

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 days ago
Appeared in 10 threat reports