IOC Radar
DomainMediumSignal 66/100

anyhostings.ru

Location
KazakhstanKazakhstan
First Seen
Apr 13, 2025
Last Seen
Feb 19, 2026
Apr 13
First Seen
433d ago
Feb 19
Last Seen
121d ago
8
Reports
source reports
66%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

90 techniques

Feed Intelligence Summary

8 reports66% confidence
8
Source reports
66%
Confidence score
Category tags
academic institutionsanydeskaptapt groupasiaasyncratautomotive manufacturingbelarusbotnetciscivil servicescode injectioncommand and controlcommand executioncredential accesscredential harvestingcredential theftcredentialaccesscrypto minercryptocurrency threatscryptojackingcryptominingcyber threat intelligencecyber threatscybercriminal partnershipsdata encryptiondata exfiltrationdata theftdataexfiltrationdecoydiscorddistributed attacksdll sideloadingdouble extortioneducational resourceseducational serviceseducational technologyelectronics manufacturingeuropeeurope/asiaextortionfinancefinancial motivationfinancial servicesfirstfunksecgenerative aighostlockerghostsecghoulsgovernment technologyhammerhigher educationindicatorindustrial automationindustrial enterprisesindustrial iotindustrial productionindustrial targetsindustrialtargetsinitial accessinput validation bypassironhuskyk-12 educationkatz stealerkazakhstankillseclateral movementlazaruslegitimate toolslibrarian ghoulslinkloadermalicious archivemalicious powershell activitymalicious softwaremalwaremalware descriptionsmalware developmentmalware technologiesmanufacturing technologymicrosoft edgeminermuddywaternetherlandsnetworknextnircmdpath traversalphishing attackpolitical motivationprivilege escalationprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policyquality controlransomwarerare werewolfregulatory agenciesremote accessresearchedresource hijackingrezetrst cloudrussiascripting attacksskuldsocial engineeringspear-phishingstrongsummarysupply chain attacksupply chain managementsystem disruptiont1003t1003.001t1003.005t1003.006t1016t1016.001t1016.002t1020t1021t1021.002t1021.004t1027t1027.003t1036t1036.005t1036.007t1036.009t1036.010t1041t1049t1053t1053.005t1055t1059t1059.001t1059.003t1059.005t1059.007t1070t1070.001t1070.004t1070.006t1071t1071.001t1078t1078.004t1082t1083t1086t1105t1106t1110t1133t1189t1190t1192t1195t1199t1204t1204.001t1204.002t1219t1485t1485.001t1486t1490t1496t1497t1497.001t1499.001t1499.002t1499.003t1543.003t1547t1547.001t1553t1555t1555.003t1558t1558.003t1562t1562.001t1562.004t1564t1564.001t1564.004t1565t1566t1566.001t1566.002t1566.003t1571t1573t1573.001t1574t1574.002t1583t1583.006t1588t1588.002targeted attackstask schedulingthird-party softwarethreatstitletray minimizertriggerweb application exploitationweb exploitationwinrarxmrig

Activity Timeline

1 total obs
Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **anyhostings.ru**, originating from Kazakhstan, has emerged as a significant indicator of compromise (IOC) associated with advanced persistent threat (APT) activities. First observed on April

Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
8
Reports
First seenApr 13, 2025
Last seenFeb 19, 2026

VirusTotal

Not checked

WHOIS

description
Librarian Ghouls, also known as "Rare Werewolf" or "Rezet," is an advanced persistent threat (APT) group that has been targeting entities in Russia and the CIS region. Active through May 2025, this group has exhibited persistent activity against Russian companies, utilizing legitimate third-party software in their attacks instead of developing custom malware. The attack strategy involves deploying command files and PowerShell scripts to achieve different malicious objectives like establishing remote access, stealing credentials, and installing an XMRig crypto miner.
domain rank
-1
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 8 threat reports