IOC Radar
DomainMediumSignal 94/100

abwxjp5.me

Location
IndonesiaIndonesia
First Seen
Feb 5, 2026
Last Seen
Apr 29, 2026
Feb 5
First Seen
129d ago
Apr 29
Last Seen
46d ago
11
Reports
source reports
94%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Feed Intelligence Summary

11 reports94% confidence
11
Source reports
94%
Confidence score
Category tags
abuseactive scanactive scanningaerospace & defenseairlinealienvault_ransomwareaptapt groupasiabad reputationbaidubankingbotnet activitybrazilbrute forcecivil servicescobalt strikecommand and controlcommunication technologiescommunications networkscredential accesscredential harvestingcredential stuffingcredit card servicescritical infrastructurecustom loadercyber espionage campaigncyber threatscyberespionage campaigndailydata exfiltrationdata store exposuredefensedefense contractingdefense logisticsdefense systemsdefense technologydgadiaoyu loaderdknifeemergency servicesenergyenergy distributionenergy systemseuropeexploitationexploitation activityfigurefinancefinancial servicesfinancial systemsfinancial technologyfleet managementforeign affairsfreight servicesglobalglobal cyberespionage campaigngostgovernment facilitiesgovernment technologyhavocidentity & access exploitationindicatorindonesiainjection activityintelligence gatheringiot securityipv6240elateral movementlinux ebpf rootkitloaderloader malwaremalicious softwaremalwaremaritime transportmexicomilitary operationsmobile carriersmobile networksnation-state activitynational securityneo-regeorgnetworknetwork probingnorth americaoil & gaspassenger transportationpayment processingphishingphishing attackpolicepost-exploitation frameworkpower generationpower systemsprocess injectionpublic administrationpublic infrastructurepublic policyrail transportransomwareratrctea botnetreconnaissanceregulatory agenciesremote access toolremote access trojanrenewable energyresearchedrootkitscams & fraudshadowsliversocial engineeringsouth americasparkratspearphishingsta-1030state-sponsoredt1014t1018t1021.001t1021.002t1027t1046t1053t1055t1059t1059.001t1068t1071t1071.001t1078t1090t1090.003t1102t1105t1190t1195t1204t1204.001t1204.002t1486t1499.001t1505.003t1565t1566t1566.001t1566.002t1566.003t1569.002t1583.001t1583.003t1583.004t1584.001t1584.003t1584.004t1588.002t1595.001t1595.002t1595.003taiwantelecom servicestelecommunicationstgr-sta-1030threat actortor nodetradetransportation and warehousingtransportation infrastructuretransportation networkstransportation technologyunc6619unitunited kingdomvshellwater systemswealth managementyara

Activity Timeline

1 total obs
Apr 29Apr 29

Threat Activity Heatmap

· Peak: 2026-04-29
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
11
Reports
First seenFeb 5, 2026
Last seenApr 29, 2026

VirusTotal

Not checked

WHOIS

domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2025-03-20 00:00:00 Domain name: abwxjp5.me Domain registrar id: 1068 Domain registrar url: https://www.namecheap.com/ Expiry date: 2026-03-20 00:00:00 Name server 1: dns1.registrar-servers.com Name server 2: dns2.registrar-servers.com Query time: 2025-03-22 18:30:18 Registrant city: 1f8f4166599d23ee Registrant company: 4b7a0912c26a13e2 Registrant country: Iceland Registrant email: 29e2c061f3c9524es@ Registrant fax: 31d1617d95c9a75c Registrant name: 1f8f4166599d23ee Registrant phone: 31d1617d95c9a75c Registrant state: 3e0204199d8ebf9c Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2025-03-20 00:00:00
references
https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage, IOCs.3.csv, https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 months ago · Last seen 1 month ago
Appeared in 11 threat reports