IOC Radar
IPMediumSignal 53/100

45.13.199.209

Location
JapanJapan
Osaka, Osaka
ASN
AS4785
Xtom
First Seen
Sep 25, 2024
Last Seen
Jun 20, 2026
Sep 25
First Seen
636d ago
Jun 20
Last Seen
3d ago
15
Reports
source reports
53%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

198 techniques

Network Information

CountryJPJapan
RegionOsaka, Osaka
ASNAS4785
OrganizationXtom

Feed Intelligence Summary

15 reports53% confidence
15
Source reports
53%
Confidence score
Category tags
70+ organizations affectedabout_catsabuseactive scanactive scanningactivity daptapt groupapt15armasciiasiaasyncratautomotive manufacturingbackdoorbackdoorsbad reputationbadjokebankingbatbotnetbotnet activitybrute forcebrute_forcec2certchinachina-nexus threat actorchina-nexus threat actorschinese aptchinese hackerscivil servicescode injectioncoinminercommand & controlcommand and controlcommand executioncommunication technologiescplcredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicescritical sectorscryptocurrencycyber threat intelligencecyber threatscybercriminal partnershipsdata breachdata encryptiondata exfiltrationdata store exposuredata theftddosddos attacksdedecoydiscorddistributed attacksdlldouble extortiondownloaderdropped-by-privateloaderelectronics manufacturingelfencodedencryptioneuropeeurope/asiaevasive techniquesevasive ttpsexeexecutable fileexploitation activityextortionfailfinancefinancial motivationfinancial servicesfinancial technologyftpfunksecgafgytgenerative aigenericgermanyghostlockerghostsecgoreshellgovernment technologyguloaderhammerhasheshtaidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninfinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinfrastructure compromiseingress tool transferiniinitial accessinjection activityinternet of thingsiot botnetiot securityiot/ics attackiproyalit infrastructureit services compromisejapanjpkatz stealerkillseclateral movementliclinklnkloaderlummastealermalicious powershell activitymalicious softwaremalwaremalware developmentmanualmanufacturing technologymarsstealermassloggermediametasploitmeterpretermipsmirai botnetmobile carriersmobile networksmozimuddywaternation-state activitynetsupportmodulesnetsupportratnetworknetwork intrusionnetwork probingnetwork securitynetwork_reconnaissancenimbo-c2opendiroperational relay boxpayment processingpdfpersistence mechanismsphishingphishing attackpolitical motivationprocess injectionprocess manufacturingprotocol exploitationps1public administrationpublic infrastructurepublic policypumppumpedpurelogstealerpurplehazequality controlquasarratransomwareratreconnaissancereconnaissance activityredlinestealerregulatory agenciesrekooberemcos trojanremcosratremote accessremote servicesresearchedrev-base64-loaderrst cloudscanning activityscripting attackssecurity operationssentinelone labssentinelone targetedshellscriptskuldsliversmoke loadersocial engineeringsoftware developmentsouthssh attacksshdkitstealcstrongsummarysupply chain attacksupply chain compromisesupply chain managementsystem disruptiont1003t1003.001t1003.005t1005t1016t1020t1021t1021.001t1027t1027.002t1027.003t1027.006t1036t1040t1041t1047t1048t1048.003t1049t1053t1053.005t1055t1055.001t1055.002t1055.004t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059.008t1068t1070t1071t1071.001t1071.004t1076t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1086t1087t1087.001t1087.002t1090t1090.001t1090.002t1090.003t1095t1105t1110t1110.002t1112t1113t1124t1127t1132t1133t1134t1134.001t1134.002t1134.004t1135t1136t1136.001t1136.002t1140t1189t1190t1195t1195.002t1199t1202t1203t1204t1204.001t1204.002t1207t1210t1211t1213t1213.001t1213.002t1213.003t1213.005t1218t1218.002t1218.003t1218.004t1218.005t1218.007t1218.011t1219t1486t1490t1496t1499.001t1499.002t1499.003t1505.003t1543t1547t1547.001t1547.009t1552t1553t1555t1555.003t1562t1562.001t1562.002t1563t1564t1564.001t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1574t1574.001t1574.002t1574.004t1574.006t1578t1578.001t1578.002t1583t1583.001t1583.003t1583.004t1584t1584.001t1584.002t1585t1585.001t1586t1586.001t1587t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1589t1590t1590.001t1590.002t1590.003t1590.004t1591t1591.001t1592t1592.001t1592.002t1592.004t1593t1593.001t1593.002t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.002t1597t1597.001t1598t1598.001t1598.003t1600t1601t1602t1608t1608.001t1608.002t1608.003t1608.004t1609t1611t1612t1613t1614t1614.001t1615t1619t1620t1622telecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreatstitletor nodetrojan malwareturkeyua-wgetunc5174vbsvidarvipkeyloggervulnerabilitiesvulnerability scanwealth managementweb exploitationxhidexmrigxwormzip

Activity Timeline

1 total obs
Jun 20Jun 20

Threat Activity Heatmap

· Peak: 2026-06-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
15
Reports
First seenSep 25, 2024
Last seenJun 20, 2026
GeolocationJP
CountryJapan
LocationOsaka, Osaka
ASNAS4785
OrgXtom
Coords34.6942, 135.5022

VirusTotal

Not checked

WHOIS

description
CC=DE ASN=AS3214 xtom gmbh
raw
inetnum: 45.0.0.0 - 45.255.255.255 netname: IANA-NETBLOCK-45 descr: This network range is not fully allocated to APNIC. descr: descr: If your whois search has returned this message, then you have descr: searched the APNIC whois database for an address that is descr: allocated by another Regional Internet Registry (RIR). descr: descr: Please search the other RIRs at whois.arin.net or whois.ripe.net descr: for more information about that range. country: AU admin-c: IANA1-AP tech-c: IANA1-AP abuse-c: AA1452-AP status: ALLOCATED PORTABLE remarks: For general info on spam complaints email [email protected]. remarks: For general info on hacking & abuse complaints email abuse@apnic .net. mnt-by: APNIC-HM mnt-lower: APNIC-HM mnt-irt: IRT-APNIC-AP last-modified: 2021-02-15T05:31:12Z source: APNIC irt: IRT-APNIC-AP address: Brisbane, Australia e-mail: [email protected] abuse-mailbox: [email protected] admin-c: HM20-AP tech-c: NO4-AP remarks: APNIC is a Regional Internet Registry. remarks: We do not operate the referring network and remarks: are unable to investigate complaints of network abuse. remarks: For information about IRT, see www.apnic.net/irt remarks: [email protected] was validated on 2020-02-03 auth: # Filtered mnt-by: APNIC-HM last-modified: 2025-11-18T00:26:21Z source: APNIC role: ABUSE APNICAP country: ZZ address: Brisbane, Australia phone: +000000000 e-mail: [email protected] admin-c: HM20-AP tech-c: NO4-AP nic-hdl: AA1452-AP remarks: Generated from irt object IRT-APNIC-AP remarks: [email protected] was validated on 2020-02-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-11-28T01:00:58Z source: APNIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-AP tech-c: IANA1-AP nic-hdl: IANA1-AP remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: MAINT-APNIC-AP last-modified: 2018-06-22T22:34:30Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 days ago
Appeared in 15 threat reports