IOC Radar
IPMediumSignal 61/100

86.48.12.64

Location
JapanJapan
Tokyo, Tokyo
ASN
AS136787
Packethub S.A
First Seen
Sep 30, 2022
Last Seen
Apr 19, 2026
Sep 30
First Seen
1353d ago
Apr 19
Last Seen
56d ago
12
Reports
source reports
61%
Confidence
medium
9/91
VirusTotal
detections
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryJPJapan
RegionTokyo, Tokyo
ASNAS136787
OrganizationPackethub S.A

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

12 reports61% confidence
12
Source reports
61%
Confidence score
Category tags
active scanagent teslaanna paulaasiabackdoorblnwxbodybox javascriptbrute forcebrute_forcebuttoncasecat telecomccth asnas9335ccvn asnas38731ccvn asnas45899certchina chopperchoppercht compamycisco securecisco talosck mappingclosecloud infrastructurecode executioncode injectioncommand executioncompany logocredential accesscredential harvestingcredential stuffingcredential_accessdata accessdata copyingdata exfiltrationdata store exposuredata transferdch vdefault webdefense evasiondenmarkdesktopdumpenterprise securityeuropeexchange serverexploitexploitation activityfindfooterformfrom emailftpgithubgtschashheader dropdownheadersidentity & access exploitationimpactindicatorinformation technologyinfrastructure acquisitionreconnaissanceinjection activityinput validation bypassiociocsipv4it infrastructurejapanlinkmainmalicious powershell activitymalicious softwaremalspam emailmalwaremanualmetadata analysismitre attmsi filename resourcenetworknetwork securitynetwork_reconnaissancenodo tornordvpnopenpatch managementpath traversalphishingphishing attackprocess injectionproductprotocol exploitationproxyproxynotshellpublic companyransomwareredteamreloadremote accessremote servicesreportresearchedscriptscripting attacksserverssnakesnakekeyloggersocial engineeringsocial media securitysoftware developmentsoftware exploitationsoftware vulnerabilitiesspamspanssh attackstart1003.001t1005t1021t1021.001t1027t1030t1040t1047t1049t1055t1059t1059.001t1059.003t1070.004t1071.001t1076t1078t1086t1087.001t1105t1110t1110.002t1133t1190t1203t1204.002t1486t1560.001t1563t1565t1566.001t1566.002t1566.003t1570t1586.002t1587.001t1590.001t1595t1620tatic idteamtelnet threatthreat actorthreat inteltor nodetrashturkeyurlsvnpt corpvpnvulnerability scanweb applianceweb application attackweb application exploitationwebshellwritezero dayzip archive

Activity Timeline

1 total obs
Apr 19Apr 19

Threat Activity Heatmap

· Peak: 2026-04-19
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This indicator of compromise (IOC) represents a significant and immediate threat to organizational security. Its association with multiple threat intelligence feeds and various malicious activities underscores its potential for severe impact, ranging from system exploitation to data exfiltration. The IP address, identified as 86.48.12.64, has been linked to sophisticated malware families, including various webshells and exploits, suggesting it serves as an infrastructure component for command an…

Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
12
Reports
First seenSep 30, 2022
Last seenApr 19, 2026
GeolocationJP
CountryJapan
LocationTokyo, Tokyo
ASNAS136787
OrgPackethub S.A
Coords55.7123, 12.0564
ProxyVPN

VirusTotal

9/ 91vendors flagged
10% detection rateJun 3, 2026

WHOIS

raw
inetnum: 86.0.0.0 - 86.255.255.255 netname: RIPE-CIDR-BLOCK descr: Not allocated by APNIC remarks: ------------------------------------------------------ remarks: remarks: Important: remarks: remarks: Details of networks in this range are not registered remarks: in the APNIC Whois Database. remarks: remarks: Please search the RIPE Whois Database, which contains remarks: details of IP addresses allocated in Europe, the remarks: Middle East, and northern Africa: remarks: remarks: website: http://www.ripe.net/perl/whois remarks: command line: whois.ripe.net remarks: remarks: ------------------------------------------------------ country: AU admin-c: IANA1-AP tech-c: IANA1-AP mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-APNIC-AP status: ALLOCATED PORTABLE last-modified: 2008-09-04T06:51:29Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC
references
2021-09-21-Curriculo-IOCs.txt, https://github.com/threatlabz/iocs/blob/main/apt36/c2s.txt, https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations, .\2611819.misp-json.json, https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html, http://206.188.196.77:8080/themes.aspx, https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/, https://malwarebytes.app.box.com/s/1omglp7u2cuzgeff9dfrf13yndf6duz0, http://blog.talosintelligence.com/2022/09/threat-advisory-exchange-server-vulns.html, https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html, https://borncity.com/win/2022/09/30/exchange-server-werden-ber-0-day-exploit-angegriffen-29-sept-2022/, https://thehackernews.com/2022/09/warning-new-unpatched-microsoft.html, https://www.bleepingcomputer.com/news/security/new-microsoft-exchange-zero-days-actively-exploited-in-attacks/, https://www.greynoise.io/blog/microsoft-exchange-proxynotshell-vulnerability?utm_campaign=Mass%20Exploitation%20Alert%20-%20Microsoft%20Exchange%20Server%20-%20CVE-2022-41040&utm_medium=email&_hsmi=227925924&_hsenc=p2ANqtz--xpgvnJNbAuCUgwUCJ1wGhK6NV4mF9u-m9e0g-KGfcW20fQ3koC3xBfTG9uxUD8rE5-PUEJb5mw6bc9x6X2zSW0Lf_RlZjqsNPs9Z3vZOOvrx3F98&utm_content=227925924&utm_source=hs_email, https://api.greynoise.io/v3/tags/8bf9b766-bf0f-452f-80bf-1d0903847793/ips?format=txt&token=rYZCpLOTf6UnUbBoUpF3Q&utm_campaign=Mass%20Exploitation%20Alert%20-%20Microsoft%20Exchange%20Server%20-%20CVE-2022-41040&utm_medium=email&_hsmi=227925924&_hsenc=p2ANqtz--ujthM4Itg00FinU2PE-4yiPY8cxxyCg1GQVjFND8nTCMNCcfbZTJaPFJP5JiRoJYq70bGAvYVzXyLZwu6WLEMhid-vuZsGA7SkhpiHQVBpLcZYao&utm_content=227925924&utm_source=hs_email, https://community.riskiq.com/article/957f38af

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 1 month ago
Appeared in 12 threat reports