DomainMediumSignal 100/100

`anizom.com`

Location

United States

First Seen

Feb 4, 2025

Last Seen

Jun 5, 2026

Feb 4

First Seen

491d ago

Jun 5

Last Seen

5d ago

Reports

source reports

99%

Confidence

medium

Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

58 techniques

Feed Intelligence Summary

14 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseaddressaerospace & defenseaitm serveramos steakeramos stealeramtdanti-analysisanti-vmanydesk moduleapkaptarchive filearctic wolfarmasiaatomic httpsatomic stealerattackbackdoorbank securitybankingbcttbeizhubha006bitbucketblockbogusboinc c2bootkitty iocsbotnetbrazanbamboo c2burnsrat cc2c2 addressc2 communicationc2 domainc2 httpc2 httpsc2 ipc2 serverc2 serverscensyscheat enginechina-linked threat actorclientcloud computingcloud migrationcloud securitycloud servicescloud storagecloudycobalt strikecode executioncode injectioncode issuescode snippetscoinminercommand and controlcommand executioncommunication protocolcompromise notecomputer securitycopercredential accesscredential harvestingcredit card servicescthulhu stealercyber attackscyber newscyber security newscyber security updatescyber threatscyber updatesdamndarkracedatadata breachdata encryptiondata exfiltrationdatabase securityddos attacksdefanged filedefensedefense contractingdefense logisticsdefense systemsdefense technologydetailsdigital signaturedistributed attacksdll side-loadingdll sideloadingdonexdownload urldownloaderdropperduoyieffective hideeldoradoelfexeextortionfake captchafake chromefake chrome downloadfilefilesfinaldraft elffinancefinance and insurancefinance targetingfinancial institutionfinancial servicesfinancial technologyfindfingerprintfirstfirst seenfirst stagefooterfortunegh0stgh0st ratgh0stratghostgambitghostratghostrat playsghostsocksgithubgithub usersgmergoogle chromegoogle meetguidloaderhacker newshacking newshajimehasheshashes payloadhelldown linuxhidden rootkithong konghornshow to hackhtahta filehta md5hta scripthtmlhtml payloadhttp attackhttp scannericonindicatorindicators of compromiseindicatortypeinformation securityinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection attacksinternet of thingsiocsiocs filesiocs hashiocs helldowniocs maliciousiocs zipiot botnetiot/ics attackips httpsipv4ipv4 addressit infrastructurejs downloadkeyloggerl fileslandinglateral movementlatin americalearnlinkslinuxlnk fileloaderlockbitlumma payloadmainland chinamalicious activitymalicious linksmalicious softwaremalwaremalware c2malware hashmalware infection: valleyratmalware signingmekotio bankingmetastealermilitary operationsmintsloader c2mipsmirai botnetmlpeamoneromonitormozimsimsi filemulti-cloud managementna majesticna starknational securityneshtanetworknetwork ipnoopldr type1noopldr type2north americanymeriaoctoopendiropswat oesispanelpathloaderpayloadpayload hostpayload urlpayment processingpe filepersistence mechanismphishingphishing attackphishing urlsphobosphpsertphpsert variantpluginplugxplugx c2portspowershower c2process injectionpscppsexecpublicpullpurple foxquite solsjoasquocransomransomwareratratsreddelta c2redditregistry keysremcos trojanremcosratremote accessremote access trojanremote servicesresearchedrhadamanthys c2rustystealersaint helena, ascension and tristan da cunhasample sha256samplesscreen monitoringsearchsecurity operationsseenserver httpserversservice dllsetup.exe droppersftp attackshell commandsshmuel uzansilver foxsilver fox aptsimilar sha256sitesitessocial engineeringsoftware developmentsoftware exploitationsoftware integritysoftware vulnerabilitysolo airfieldssh accesssshdkitstarstealc c2stealc payloadsteamstopstrike loadersstrongstudio codesystem disruptionsystembct1003t1005t1007t1016t1021.001t1027t1027.002t1041t1053t1053.005t1055t1056.001t1057t1059t1059.001t1059.003t1059.005t1070t1071t1071.001t1071.004t1078t1082t1083t1105t1110.002t1113t1124t1133t1140t1190t1203t1204t1204.001t1218t1486t1490t1496t1497t1499.001t1499.002t1499.003t1543.003t1547t1547.001t1554.001t1554.003t1565t1566t1566.001t1566.002t1566.003t1569.002t1573t1574.002t1587.001t1590.001t1622tactic: executiontactic: exfiltrationtactic: impacttactic: initial accesstactic: persistencetaiwantencentthe hacker newsthreat actorthreat intelligencethreat labstls certificatetokentrend microtrojan malwaretrojanizedtrojanspytwittertype nameunited statesurlsurls httpurls httpsv4 removalvalleyratvalleyrat malware campaignvantvbshower c2versionversion bversion cversion dversion eviewvisual studiovmwarevssadmin deletewealth managementweb securityweb trafficwebdavwindows payloadxloaderzipmsi

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenFeb 4, 2025

Last seenJun 5, 2026

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

medium

First detected 1 year ago · Last seen 5 days ago

Appeared in 14 threat reports