IOC Radar
IPMediumSignal 30/100

43.247.135.53

Location
Hong KongHong Kong
Kwun Tong, Kwun Tong District
ASN
AS932
VH Global Limited
First Seen
Nov 28, 2024
Last Seen
Jun 6, 2026
Nov 28
First Seen
558d ago
Jun 6
Last Seen
3d ago
9
Reports
source reports
30%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

70 techniques

Network Information

CountryHKHong Kong
RegionKwun Tong, Kwun Tong District
ASNAS932
OrganizationVH Global Limited

Feed Intelligence Summary

9 reports30% confidence
9
Source reports
30%
Confidence score
Category tags
academic institutionsaptapt groupaptsarsenalasiaazure adbackdoorbankingbotnetbrute ratelc domainsc serversc2cec juniperchinachina-nexus aptcivil servicescobaltcobalt strikecommand and controlcommunications networksconsumer goodscredential accesscredit card servicescritical infrastructurecss errorcustom malwarecustom toolsdata exfiltrationdatabase securitydefense systemsdevelops customdistributed attacksdll sideloadingearth lamiaeducational resourceseducational serviceseducational technologyemergency servicesenergy systemsfinancefinancial servicesfinancial systemsfinancial technologyfleet managementformatfreight servicesgovernment facilitiesgovernment technologyhigher educationhong konginformation technologyingress tool transferinjection attacksinput validation bypassit infrastructurek-12 educationkrustyloaderlateral movementmalicious softwaremalwaremaritime transportmulti-industry targetingnation-state actornetworkpassenger transportationpath traversalpayment processingpersistence mechanismphishingprocess injectionproxypublic administrationpublic facing applicationpublic infrastructurepublic policypublic-facing systems exploitrail transportrefreshregulatory agenciesremote accessremote access trojanresearchedretail tradesapsap netweaverscripting attacksservicesliversliver frameworksoftware developmentsorrysta-0048supply chain attackt1003t1005t1016t1018t1021t1021.001t1021.002t1027t1033t1036t1041t1047t1053t1053.005t1055t1055.001t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1070t1071t1071.001t1078t1078.003t1087t1090t1105t1133t1136.001t1140t1189t1190t1199t1203t1204.002t1210t1213t1486t1496t1499.002t1499.003t1505t1505.003t1547t1547.001t1555t1565t1566t1566.001t1569.002t1573t1574t1583.001t1583.003t1587.001t1590t1592t1592.001t1592.002t1592.003t1595.001t1595.002t1608.001t1608.002threattransportation and warehousingtransportation infrastructuretransportation networkstransportation technologytrojan malwareunc5174vshellwater systemswealth managementweb application exploitationweb attackweb exploitationwebshell

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
9
Reports
First seenNov 28, 2024
Last seenJun 6, 2026
GeolocationHK
CountryHong Kong
LocationKwun Tong, Kwun Tong District
ASNAS932
OrgVH Global Limited
Coords22.2578, 114.1657

VirusTotal

Not checked

WHOIS

description
Earth Lamia, a China-linked APT group, is actively targeting organizations in Brazil, India, and Southeast Asia by exploiting SQL injection vulnerabilities and critical flaws in public-facing systems.
raw
inetnum: 43.247.132.0 - 43.247.135.255 netname: VHGLOBALLIMITED-HK descr: VH Global Limited country: HK org: ORG-VGL5-AP admin-c: VGLA4-AP tech-c: VGLA4-AP status: ALLOCATED PORTABLE abuse-c: AV506-AP remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-VHGLOBALLIMITED-HK mnt-routes: MAINT-VHGLOBALLIMITED-HK mnt-irt: IRT-VHGLOBALLIMITED-HK last-modified: 2023-03-27T05:51:00Z source: APNIC irt: IRT-VHGLOBALLIMITED-HK address: UNIT 83 3/F YAU LEE CENTER NO.45 HOI YUEN ROAD, KWUN TONG KL 999077 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: VGLA4-AP tech-c: VGLA4-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-05 remarks: [email protected] was validated on 2025-03-05 mnt-by: MAINT-VHGLOBALLIMITED-HK last-modified: 2025-03-05T04:19:09Z source: APNIC organisation: ORG-VGL5-AP org-name: VH Global Limited org-type: LIR country: HK address: UNIT 83 3/F YAU LEE CENTER NO.45 HOI YUEN ROAD phone: +85257042087 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:18:37Z source: APNIC role: ABUSE VHGLOBALLIMITEDHK country: ZZ address: UNIT 83 3/F YAU LEE CENTER NO.45 HOI YUEN ROAD, KWUN TONG KL 999077 phone: +000000000 e-mail: [email protected] admin-c: VGLA4-AP tech-c: VGLA4-AP nic-hdl: AV506-AP remarks: Generated from irt object IRT-VHGLOBALLIMITED-HK remarks: [email protected] was validated on 2025-03-05 remarks: [email protected] was validated on 2025-03-05 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-03-05T04:19:25Z source: APNIC role: VH Global Limited administrator address: UNIT 83 3/F YAU LEE CENTER NO.45 HOI YUEN ROAD, KWUN TONG KL 999077 country: HK phone: +85257042087 e-mail: [email protected] admin-c: VGLA4-AP tech-c: VGLA4-AP nic-hdl: VGLA4-AP mnt-by: MAINT-VHGLOBALLIMITED-HK last-modified: 2023-08-27T05:17:24Z abuse-mailbox: [email protected] source: APNIC route: 43.247.135.0/24 origin: AS6134 descr: VH Global Limited UNIT 83 3/F YAU LEE CENTER NO.45 HOI YUEN ROAD mnt-by: MAINT-VHGLOBALLIMITED-HK last-modified: 2024-10-15T06:24:47Z source: APNIC route: 43.247.135.0/24 origin: AS932 descr: VH Global Limited UNIT 83 3/F YAU LEE CENTER NO.45 HOI YUEN ROAD mnt-by: MAINT-VHGLOBALLIMITED-HK last-modified: 2024-10-15T06:24:23Z source: APNIC
references
https://www.trendmicro.com/en_us/research/25/e/earth-lamia.html, https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures, https://documents.trendmicro.com/assets/txt/earth_lamia_iocs_v2CeWlPie.txt, https://threatfox.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 days ago
Appeared in 9 threat reports