IOC Radar
DomainMediumSignal 29/100

aramex.bg

Location
British Indian Ocean TerritoryBritish Indian Ocean Territory
First Seen
Apr 12, 2025
Last Seen
Aug 20, 2025
Apr 12
First Seen
425d ago
Aug 20
Last Seen
295d ago
4
Reports
source reports
28%
Confidence
medium
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
28%
Signal Score
29 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Feed Intelligence Summary

4 reports28% confidence
4
Source reports
28%
Confidence score
Category tags
account compromiseafricaargentinaasiaaustraliabankingbanking malwarebanking trojanbotnetbrazilbritish indian ocean territorybulgariacanadachinachinese threat actorscivil servicescommand and controlcommunication technologiesconsumer goodscredential harvestingcredential theftcredit card servicescyber threatsdata exfiltrationdistributed attacksecrimeecrime groupeuropeeurope/asiafinancefinance and insurancefinancial institutionfinancial servicesfinancial technologyfleet managementfrancefraudfreight servicesgermanyglobal campaigngovernment technologyhosting provider: alibabahosting provider: tencentindiaindicatoritalyjapanmalicious softwaremalwaremaritime transportmexicomobile bankingmobile carriersmobile malwaremobile networksmobile phishingnetworknorth americaoceaniapassenger transportationpayment processingphishingphishing attackphishing kitprocess injectionpublic administrationpublic infrastructurepublic policyrail transportregulatory agenciesresearchedretail traderussiarussian federationsmishing triadsmssms phishingsocial engineeringsouth africasouth americaspaint1047t1055t1071t1071.001t1078t1189t1192t1195.002t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1567.001t1583t1583.001t1584t1584.001t1585t1585.002t1586t1586.002t1589t1589.002t1598t1598.003t1608t1608.004telecom servicestelecommunicationstransportation and warehousingtransportation infrastructuretransportation technologyunited kingdomunited stateswealth management

Activity Timeline

1 total obs
Aug 20Aug 20

Threat Activity Heatmap

· Peak: 2025-08-20
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **aramex.bg**, originating from the British Indian Ocean Territory, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on April

Threat ScoreLow Risk
29
SIGNAL
Signal Score
28%
Confidence
4
Reports
First seenApr 12, 2025
Last seenAug 20, 2025

VirusTotal

Not checked

WHOIS

domain rank
-1
raw
DNSSEC: inactive DOMAIN NAME: aramex.bg (aramex.bg) registration status: busy, active
references
https://www.silentpush.com/blog/smishing-triad
subdomains count
4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 months ago
Appeared in 4 threat reports