IOC Radar
IPMediumSignal 48/100

88.198.101.58

Location
GermanyGermany
Falkenstein, Saxony
ASN
AS24940
vpsGOD infotech
First Seen
Mar 27, 2021
Last Seen
May 18, 2026
Mar 27
First Seen
1902d ago
May 18
Last Seen
24d ago
10
Reports
source reports
48%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

16 techniques

Network Information

CountryDEGermany
RegionFalkenstein, Saxony
ASNAS24940
OrganizationvpsGOD infotech

Feed Intelligence Summary

10 reports48% confidence
10
Source reports
48%
Confidence score
Category tags
a41apt campaignacademic institutionsactive scananelapartaptapt groupapt sha256apt10asiaautomotive manufacturingbrute forcecertcicadacicada aptcisa kevcivil servicesclinical researchcobalt strikecommand and controlcommand executioncommunication technologiescommunications sectorcontactcorporate lawcr4tcredential harvestingcredential stuffingcyberespionage campaigndata exfiltrationdata store exposurededll sideloadingdllsigloaderdrug developmentdrug manufacturingdunequixoteecipekac loadereclipseeducationeducation sectoreducational resourceseducational serviceseducational technologyelectronics manufacturingenterprise securityeu cyber policieseuropeexploit avaliableexploitation activityfirstfodcha samplefyantifyanti loadergermanygovernment technologyhealthcare innovationhigher educationidentity & access exploitationin the wildindicatorindustrial automationindustrial iotindustrial productioninfrastructure acquisitionreconnaissanceingress tool transferinjection activityint2etwitter1 1intellectual property lawiocindicatoriot securityjqueryk-12 educationlaw practicelegallegal consultinglegal researchlegal serviceslegal services sectorlegal technologymalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmanualmanufacturing technologymedical researchmetasploitmicrosoft docsmobile carriersmobile networksmoreeggs sha256mspsnbtscannetworkngosnorth americap8ratp8rat versionpatch managementpharmaceutical and medicine manufacturingpharmaceutical supply chainphishingphishing attackpowershellprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policyquality controlquasarratransomwareregional securityregulatory agenciesregulatory complianceresearchedscripting attackssigloadersigloader2ndsocial engineeringsoftware vulnerabilitiessupply chain attacksupply chain managementt regdwordt1055t1059.001t1071.001t1078t1086t1105t1204.002t1486t1565t1566t1566.001t1566.002t1566.003t1569.002t1587.001t1590.001ta410 iptelecom servicestelecommunicationsthreat actortor nodeturkeyulrsvulnerability scanwmiexec

Activity Timeline

1 total obs
May 18May 18

Threat Activity Heatmap

· Peak: 2026-05-18
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, represents a critical threat intelligence finding that warrants immediate attention. Its identification across numerous reputable threat intelligence feeds, including AlienVault OTX, Cisco-Talos, and Kaspersky, underscores its widespread detection and confirmed malicious nature. The IOC is strongly associated with sophisticated advanced persistent threat (APT) groups, specifically Lazarus Group and Stone Panda, known for their high-impact cybe…

Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
10
Reports
First seenMar 27, 2021
Last seenMay 18, 2026
GeolocationDE
CountryGermany
LocationFalkenstein, Saxony
ASNAS24940
OrgvpsGOD infotech
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

raw
inetnum: 88.198.101.56 - 88.198.101.63 netname: HOS-138997 descr: vpsGOD infotech country: DE admin-c: SV8741-RIPE tech-c: SV8741-RIPE status: ASSIGNED PA remarks: vpsgod.com mnt-by: HOS-GUN created: 2020-07-25T01:23:38Z last-modified: 2023-07-16T14:20:29Z source: RIPE # Filtered person: Suraj - vpsGOD address: 6/13-E,Thanparathalai vilai veedu address: 629165 Marthandam address: INDIA phone: +914651273626 nic-hdl: SV8741-RIPE mnt-by: HOS-GUN created: 2023-07-16T14:20:29Z last-modified: 2023-07-16T14:20:29Z source: RIPE # Filtered route: 88.198.0.0/16 descr: HETZNER-RZ-NBG-BLK4 origin: AS24940 org: ORG-HOA1-RIPE mnt-by: HOS-GUN created: 2006-01-02T08:59:04Z last-modified: 2006-01-02T08:59:04Z source: RIPE organisation: ORG-HOA1-RIPE org-name: Hetzner Online GmbH country: DE org-type: LIR address: Industriestrasse 25 address: D-91710 address: Gunzenhausen address: GERMANY phone: +49 9831 5050 fax-no: +49 9831 5053 admin-c: MF1400-RIPE admin-c: GM834-RIPE admin-c: HOAC1-RIPE admin-c: MH375-RIPE admin-c: SK2374-RIPE admin-c: SK8441-RIPE abuse-c: HOAC1-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: HOS-GUN mnt-by: RIPE-NCC-HM-MNT mnt-by: HOS-GUN created: 2004-04-17T11:07:58Z last-modified: 2022-11-22T18:32:44Z source: RIPE # Filtered
references
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks, https://www.lac.co.jp/lacwatch/report/20201201_002363.html

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 24 days ago
Appeared in 10 threat reports