DomainMediumSignal 92/100

`arkanix.ru`

Location

United States

First Seen

Feb 19, 2026

Last Seen

May 30, 2026

Feb 19

First Seen

122d ago

May 30

Last Seen

23d ago

Reports

source reports

92%

Confidence

medium

Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

92%

Signal Score

92 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

76 techniques

Feed Intelligence Summary

11 reports92% confidence

Source reports

92%

Confidence score

Category tags

abuseabusech-threatfox-c2cactive scanactive scanningalienvault_ransomwareanalytics.dugganusa.com/api/v1/stix/masterarkanixarkanix stealerarkanixstealeratomicautomated analysisautomated attackautomated scanautomated threatautomated-analysisautomated-attackautomated_attackbad reputationbankbank securityblock-or-filter-listbot_activitybot_communicationbotnetbotnet activitybotnet_c2browser credential theftbrowser data theftbrute forcebrute force attackbrute force attemptbrute_forcec++c++ malwarec2c2 activityc2 communicationc2-activityc2_activitychromelevatorcloud atlascnc_servercnc_trafficcommand & controlcommand and controlcommand_and_controlcommercial bankingcommunication protocolcompromised ipcompromised systemscredential accesscredential stealingcredential stuffingcredential theftcryptocurrencycryptocurrency theftcryptocurrency threatscryptocurrency wallet theftcryptojackingcsirt-americas malwarecyber threatscyberthreatdata encryptiondata exfiltrationdata store exposuredata theftddosdelivering deerstealer infostealerdenial of servicedesktopdiesel vortexdiscorddistributed attacksdnsdns attackdropperdugganusa-researchencryptionevasive pandaexodusexploit attemptexploit public-facing applicationexploitation activityfalsefilefinancefinancial institutionfinancial servicesfirstftpftp brute forceftp brute-forceftp_bruteforcegame designgame developmentgame publishinggaminggaming account theftgaming industrygaming platformsgaming technologygithub.com/pduggusa/dugganusa-researchgrabbergreat ideashoneymytehttp bruteforcehttp probehttp probinghttp scanhttp scannerhttp_scanninghttpshttps probehttps scanidentity & access exploitationindicatorindicatorsinformation stealer activityinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityintrusion detectioniociot securityip-addressircknown malicious iplateral movementlaunchermaasmalicious downloadmalicious linksmalicious network activitymalicious softwaremalwaremalware beaconmalware communicationmalware detectionmalware distributionmalware indicatorsmalware-as-a-servicemobile gamingmuddywaternation-state activitynefilim ransomwarenetworknetwork activitynetwork attacksnetwork intrusion attemptnetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_activitynetwork_reconnaissancenetwork_trafficnorth americanovel iocnovel iocsnovel threat indicatornovel-iocpassword attackspassword crackingphishingport-scanpossible aptpossible botnet activitypossible malware activitypossible malware infectionpotential compromisepotential malwarepotential_malwareprecogprecog-enginepremiumpriorprocess injectionprotocol exploitationprotocol: tcpprotocol: udppythonpython malwarepython versionransomwarerdp bruteforcerecon activityreconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscannerscanning activitysecurity operationsservice scansmtpsmtp scanspamssh attackssh bruteforcessh_bruteforcet1003t1005t1014t1016t1018t1021t1021.001t1021.002t1027t1033t1036t1040t1041t1046t1047t1053t1055t1056t1056.001t1059t1059.001t1059.004t1059.006t1068t1071t1071.001t1076t1077t1078t1081t1082t1083t1087t1090t1102t1104t1105t1110t1110.001t1110.002t1110.003t1110.004t1113t1115t1132.001t1140t1176t1190t1204.001t1218t1486t1496t1497t1497.001t1499.001t1499.002t1499.003t1539t1552t1552.001t1555t1562t1562.001t1563t1565t1566t1566.001t1566.003t1573t1573.001t1587.001t1590.001t1595t1595.001t1595.002t1595.003tcp protocoltelnet threatthreat actorthreat intelligencetoneshelltor nodetrojantrojan malwareunauthorized access attemptunited statesvideo gamesweb securityweb traffic

Activity Timeline

1 total obs

May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **arkanix.ru** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, command and control (C

Threat ScoreHigh Risk

SIGNAL

Signal Score

92%

Confidence

Reports

First seenFeb 19, 2026

Last seenMay 30, 2026

VirusTotal

Not checked

WHOIS

description: A C++ and Python infostealer, dubbed Arkanix, has been developed and used by Kaspersky, a leading security firm, to spread and steal data from organisations across the globe.
domain rank: -1
raw: Create date: 2025-10-07 00:00:00 Domain name: arkanix.ru Expiry date: 2026-11-07 00:00:00 Name server 1: zara.ns.cloudflare.com Name server 2: uriah.ns.cloudflare.com Query time: 2025-10-09 14:56:40
references: https://securelist.com/arkanix-stealer/119006/, https://ltna.com.au/cyber, IOCs.2026.csv, https://analytics.dugganusa.com/api/v1/stix/master, https://github.com/pduggusa/dugganusa-research
subdomains count: 0

`arkanix.ru`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey