DomainMediumSignal 0/100
abcd120807.3322.org
Location
United StatesFirst Seen
Feb 14, 2026
Last Seen
Feb 19, 2026
Found in 1 report. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags
Feed Intelligence Summary
1 report0% confidence
1
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched
Activity Timeline
Feb 19Feb 19
Threat Activity Heatmap
· Peak: 2026-02-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
This indicator, `abcd120807.3322.org`, has been identified with a negligible risk score of 0.0 and is explicitly marked as whitelisted. This categorization indicates that the domain is considered benign and poses no immediate threat to the organization. The presence of this indicator in threat intelligence feeds, despite its benign nature, does not inherently suggest malicious activity. Instead, its whitelisted status confirms its legitimate function within the broader internet landscape. Organi…
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
1
Reports
First seenFeb 14, 2026
Last seenFeb 19, 2026
VirusTotal
Not checked
WHOIS
- description
- Forensic analysis indicates a DocuSign-themed phishing campaign using a deliberately invalid X.509 PKI seal (“Broken Seal”) to trigger fail-open verification logic in automated handlers. The delivery mechanism bypasses Secure Email Gateway (SEG) reputation checks by using encrypted channels and human-gated infrastructure. The payload is a fileless Process Hollowing (RunPE) malware that injects into RWX memory of legitimate processes to evade disk-based EDR.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 4 months ago
Appeared in 1 threat report