IOC Radar
DomainMediumSignal 76/100

anldfaggmdbglen.top

First Seen
Jan 22, 2025
Last Seen
Apr 5, 2026
Jan 22
First Seen
509d ago
Apr 5
Last Seen
70d ago
9
Reports
source reports
76%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Feed Intelligence Summary

9 reports76% confidence
9
Source reports
76%
Confidence score
Category tags
active scanaddressaitm serveramos steakeramos stealeranydesk moduleaptarchive fileasyncratasyncrat familyatomic httpsatomic stealerattackbcttbha006blockboincboinc c2bootkitty iocsbotnetbotnet activitybrazanbamboo c2brute forceburnsrat cc2c2 addressc2 communicationc2 domainc2 httpc2 httpsc2 ipc2 serverc2 serverscheat enginecloudcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecobalt strikecode executioncode injectioncode issuescode snippetscommand & controlcommand and controlcommand executioncommunication protocolcompromise notecorporate lawcredential accesscredential harvestingcredential stuffingcthulhu stealercyber threatsdamndarkracedatadata exfiltrationdata store exposuredatabase securitydefanged filedetailsdgadigital signaturedistributed attacksdonexdownload urldownloaderdropperduoyieldoradoencryptionenergyenergy distributionexecutable fileexploitation activityfake captchafake chromefilefilesfinaldraft elffinancefinancial servicesfindfingerprintfirstfirst seenfirst stagefootergh0stratghostgambitghostsocksgithubgithub usersgmergoogle meetguidloaderhasheshashes payloadhelldown linuxhidden rootkithornshta filehta md5hta scripthtmlhtml payloadhttp attackhttp scannerhxxphxxp iochxxpshxxps iociconidentity & access exploitationindicatorindicatortypeinformation stealerinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinjection activityinjection attacksintellectual property lawiociocsiocs filesiocs hashiocs helldowniocs maliciousiocs zipips httpsipv4ipv4 addressit infrastructurejs downloadl fileslandinglatin americalaw practicelegallegal consultinglegal researchlegal serviceslegal technologylinkslinuxlnk fileloaderlockbitlumma payloadmalicious activitymalicious linksmalicious softwaremalwaremalware c2malware campaignmalware hashmalware signingmekotio bankingmintsloadermintsloader c2mintsloader malwaremlpeamoneromonitormsimsi filemulti-cloud managementna majesticna starkneshtanetworknetwork ipnoopldr type1noopldr type2oil & gasopswat oesispanelpathloaderpayloadpayload deliverypayload hostpayload urlphishingphishing attackphishing urlsphobosphpsertphpsert variantpluginplugxplugx c2portspower generationpower systemspowershower c2process injectionpscppsexecpublicpullquite solsjoasquocransomransomwareratreddelta c2redditregistry keysregulatory complianceremcos trojanremote accessremote access trojanremote servicesrenewable energyresearchedrhadamanthys c2sample sha256samplesscams & fraudsearchseenserver httpserversservice dllservice scansftp attackshell commandssimilar sha256sitesitessocial engineeringsoftware developmentsoftware integritysolo airfieldssh accessstarstealcstealc c2stealc payloadstrike loadersstrongstudio codesystembct1005t1021.001t1027t1041t1055t1059t1059.001t1059.003t1071t1071.001t1078t1105t1110.002t1189t1190t1204t1204.001t1219t1486t1496t1499.001t1499.002t1499.003t1547t1554.001t1554.003t1565t1566t1566.001t1566.002t1566.003t1569.002t1587.001t1590.001threat actortls certificatetokentor nodetrojanizedtrojanspytype nameurlsurls httpurls httpsv4 removalvantvbshower c2versionversion bversion cversion dversion eviewvisual studiovssadmin deleteweb application attackweb securityweb trafficwindows payloadzipmsi

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
9
Reports
First seenJan 22, 2025
Last seenApr 5, 2026

VirusTotal

Not checked

WHOIS

description
Command and Control domains for AsyncRAT. These domains are extracted from a number of sources, and are suspicious.
domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2025-01-25 00:00:00 Domain name: anldfaggmdbglen.top Domain registrar id: 3765 Domain registrar url: http://www.nicenic.net Expiry date: 2026-01-25 00:00:00 Name server 1: ns1.he.net Name server 2: ns2.he.net Query time: 2025-01-25 14:29:59 Registrant city: 1f8f4166599d23ee Registrant company: 1f8f4166599d23ee Registrant country: REDACTED FOR PRIVACY Registrant email: 29e2c061f3c9524es@ Registrant fax: 1f8f4166599d23ee Registrant name: 1f8f4166599d23ee Registrant phone: 1f8f4166599d23ee Registrant state: 1f8f4166599d23ee Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2025-01-25 00:00:00
references
https://www.esentire.com/blog/mintsloader-stealc-and-boinc-delivery, https://threatfox.abuse.ch/export/csv/recent/, Bootkitty, Glove-Stealer, Fake Discount Sites Exploit Black Friday, Helldown Ransomware, HawkEye Malware, PXA Stealer, Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack, BrazenBamboo, SpyGlace, RustyStealer and New Ymir Ransomware, PyPI-AIOCPA, Python NodeStealer, romcom-exploits-firefox-and-windows, Rockstar-Phishing, Silent Skimmer Gets Loud (Again), SteelFox Trojan, WezRat Malware, Avast-Anti-Root-KIt, Winos4.0 RAT, APT36, WolfsBane Backdoor, APT-K-47, Remcos RAT, babbleloader, Bitter APT, UAC-0194’s Exploitation of CVE-2024-43451 in Ukraine for Phishing, CloudScout_ Evasive Panda scouting cloud services, clickfix-tactic, Akira Ransomware, Bumblebee Malware, ELDORADO RANSOMWARE, Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan, Demodex rootkit, BugSleep Malware, HotPage.exe (malware), Qilin Ransomware, NOOPDOOR Malware, Shadowroot Ransomware, play ransomware, MALLOX RANSOMWARE, New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users, ACR Stealer, Suspicious Domains Exploiting the Recent CrowdStrike Outage!, Gh0stGambit, MEKOTIO BANKING TROJAN, TAG-100, Fake game sites lead to information stealers, Chrome Extensions Hijacked, 2.6 Million Users Impacted, macOS Users Targeted by the New Variant of Banshee Infostealer, Hundreds of fake Reddit sites push Lumma Stealer malware, GamaCopy APT Group Mimicking GamaRedon, InvisibleFerret Malware Leveraging Python for Targeted Attacks, Fake CAPTCHA Campaign That Spreads LUMMA Info Stealer, REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors, Phishing Campaigns Fuel Compiled AutoIt Malware Distribution, The great Google Ads heist_ criminals ransack advertiser accounts via fake Google ads, New Star Blizzard spear-phishing campaign targets WhatsApp accounts, RansomHub Affiliate leverages Python-based backdoor, Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques, Advanced Evasion Techniques Used by NonEuclid RAT, The Return of PlugX Malware with Fresh Tricks, The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts, Weaponized Software Targeting Chinese Organizations, Threat Surge as Lumma Stealer Expands Its Reach, Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain, MintsLoader_Stealc, North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks, North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware, Rat Race_ ValleyRAT Malware Targets Organizations with New Delivery Techniques, Salt Typhoon Target U.S. Telecom Networks, SecTopRAT, Stealers on the Rise, Snake Keylogger, AsyncRAT Reloaded, The BadPilot campaign_ Seashell Blizzard subgroup conducts multiyear global access operation, FatalRAT, SystemBC RAT Poses New Risks to Linux System, Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations, FERRET Malware Targets macOS in Sophisticated North Korean Attacks, Espionage Campaign Targeting South Asian Entities, Astral Stealer Strikes Again Stealing More Than Just Your Cookies, The New Ransomware Menace Vgod Gains Momentum, Microsoft Advertisers Phished via Malicious Google Ads, LegionLoader Malware Expands Global Reach, NEW.txt, From Stealers to Ransomware PureCrypter Delivers It All, New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs, FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux, LockBit Ransomware Attack Leveraging Cobalt Strike, Rspack_Compromised_Packages, SmokeLoader, Sock5Systemz-PROXY-AM, solana-backdoor, U.S. Organization in China Targeted by Attackers, UAC-0185 attacks warned by CERT-UA, BellaCpp, bootkitty(logofail), Visual Studio Code Remote tunnels, Cloud Atlas seen using a new tool in its attacks, Christmas-Themed LNK Files Used for Malware Delivery, DarkGate, MirrorFace Campain, horns-hooves, Developers Targeted by New ‘OtterCookie’ Malware with Fake Job Offers, NetSupport RAT and BurnsRAT, Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery, MUT-1244-GitHub, Phobos ransomware, Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data, PUMAKIT, OtterCookie used by Contagious Interview, Ransomware-Lockbit3-IOCs.csv, January 28th, 2025 - CryptoGen Cyber Threat Intelligence Advisory #6243 - Malware Campaign Targets Industries with MintsLoader Payloads
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 9 threat reports