IOC Radar
DomainMediumSignal 84/100

ach-uz.com

Location
UzbekistanUzbekistan
First Seen
Nov 29, 2025
Last Seen
Jun 18, 2026
Nov 29
First Seen
203d ago
Jun 18
Last Seen
2d ago
11
Reports
source reports
84%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

72 techniques

Feed Intelligence Summary

11 reports84% confidence
11
Source reports
84%
Confidence score
Category tags
academic institutionsactive scanactive scanningamaranth-dragonapi abuseaptapt activityapt groupapt24asiaattack vector: emailautomotive manufacturingautumn dragonbad reputationbankingbelarusbloody wolfbloody wolf groupbotnetbotnet activitybrand impersonationbrute forcecentral asiacivil servicescloud atlascommand and controlcommunication protocolconnected devicescredential accesscredential harvestingcredential stuffingcredential theftcredit card servicescustomer experiencecyber espionagecyber threatsdata exfiltrationdata store exposuredata theftddosddos attacksdecoydevice managementdigital commercedigital marketplacedistributed attacksdistribution managemente-commercee-commerce platformeducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingeuropeeurope/asiaevasive pandaexfiltrationexploitation activityf httpsfake websitefilehash:md5filehash:sha1filehash:sha256financefinancial servicesfinancial technologyfleet managementfraudfreight forwardingfreight servicesghoulsgovernment impersonationgovernment technologyhasheshealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhttp scannerhttpsidentity & access exploitationindicatorindicators of compromiseindustrial automationindustrial iotindustrial productioninformation technologyingress tool transferinitial accessinjection activityinternet of thingsinventory managementiot analyticsiot applicationsiot botnetiot malwareiot platformsiot securityiot targetingiot/ics attackipv4it infrastructurejar filejarsjava archive malwarejava loaderk-12 educationkazakhstankyrgyzstanlogistics technologymacos malwaremalicious softwaremalwaremalware type: ratmanufacturing technologymaritime transportmedical servicesmirai botnetnetherlandsnetsupport ratnetworknetwork scanningnotepad++online paymentonline retailonline shoppingoperation dreamjobpassenger transportationpatient carepayload: jar filepayment processingphishingphishing attackphishing attack campaignpossible reconnaissanceprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policyquality controlrail transportransomwareratrat: netsupport ratratsreconnaissanceregion: central asiaregulatory agenciesremote accessremote access trojanresearchedrussiarussianscams & fraudserbiaserviceshai-hulud campaignshipping servicessmart devicessocial engineeringsoftware developmentspear phishing campaignspear-phishingspearphishingstan ghoulsstrratsupply chain attacksupply chain compromisesupply chain managementsystembct1003.001t1014t1021.001t1027t1041t1048t1048.003t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.005t1059.007t1068t1071t1071.001t1071.004t1078t1078.001t1078.004t1083t1087t1105t1110t1113t1134.001t1134.002t1140t1189t1190t1192t1195.002t1199t1204t1204.002t1210t1219t1486t1496t1499.001t1499.002t1499.003t1543.003t1547t1547.001t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1569t1574t1583t1583.001t1583.004t1588t1588.002t1595t1595.001t1595.002t1595.003t1598t1598.003targeted attacksthreat actortor nodetransportation and warehousingtransportation infrastructuretransportation managementtransportation technologytrojan malwareturkeyuzbekuzbekistanwarehouse operationswater gamayunwealth managementweb application attackweb traffic

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **ach-uz.com**, originating from Uzbekistan, has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on November

Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
11
Reports
First seenNov 29, 2025
Last seenJun 18, 2026

VirusTotal

Not checked

WHOIS

description
Since late June 2025, Group-IB analysts observed a surge in spear-phishing emails across Central Asia. The attackers impersonate government agencies to gain the trust of their victims. This blog describes the techniques, tools and ongoing activity of the threat group known as Bloody Wolf.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 6 months ago · Last seen 2 days ago
Appeared in 11 threat reports