IOC Radar
DomainMediumSignal 100/100

asp.asphspes.com

First Seen
Apr 29, 2021
Last Seen
Jun 24, 2026
Apr 29
First Seen
1883d ago
Jun 24
Last Seen
yesterday
10
Reports
source reports
99%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

54 techniques

Feed Intelligence Summary

10 reports99% confidence
10
Source reports
99%
Confidence score
Category tags
active scanningactoradvanced persistent threataerospace & defenseaptapt campaignasian telecomattacks targetautomotive manufacturingbackdoorbackdoordiplomacybookwormbotnetbrute forcechinese aptcivil servicescode injectioncommand and controlcommunication technologiesconfigcredential accesscredential harvestingcredential stuffingdata exfiltrationdata theftddos attacksdefensedefense contractingdefense logisticsdefense systemsdefense technologydistributed attacksdll hijackingdll hijacking exploitationdll sideloadingdownloaderelectronics manufacturingfigureforeign affairsftp brute forcegolangghostgovernment technologygroup utilizesgunra ransomwarehashesindicatorindustrial automationindustrial iotindustrial productioninfrastructure acquisitionreconnaissanceingress tool transferinitial accessinternet of thingsiot botnetiot/ics attacklockbitlumma staelermalicious softwaremalwaremalware analysismalware configurationmanualmanufacturing industrymanufacturing technologymilitary operationsmirai botnetmirai payloadmobile carriersmobile networksmortemorte payloadnaikonnaikon aptnational securitynebulaenethoodnetworknetwork intrusionnetwork scanningnodejspayloadpayload decryptionpdnsphishingphishing attackplugxplugx backdoorplugx ratplugx variantprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policyquality controlrainyday malwareratrc4 encryptionreconnaissancerednovemberregulatory agenciesremote accessremote access trojanremote servicesresearchedscriptsself-signedsocial engineeringssh attacksupply chain managementsupply chain vulnerabilityt1003t1021t1021.001t1027t1036t1049t1053.005t1055t1056t1056.001t1059t1059.001t1059.003t1059.007t1068t1071t1071.001t1076t1082t1083t1105t1110t1110.002t1112t1133t1134t1140t1190t1202t1204t1204.001t1486t1496t1499.002t1499.003t1543.003t1547t1547.001t1563t1565t1566t1566.001t1566.002t1566.003t1573t1574t1574.001t1574.002t1587.001t1590.001t1595t1595.001t1595.002t1595.003talostelecom servicestelecommunicationstelecommunications industrythreatstop storytrojan malwareturianturian malwareunauthorized access attemptunknown threatweb exploitationxworm campaign

Activity Timeline

1 total obs
Jun 24Jun 24

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
10
Reports
First seenApr 29, 2021
Last seenJun 24, 2026

VirusTotal

Not checked

WHOIS

description
A campaign targeting telecommunications and manufacturing sectors in Central and South Asian countries has been discovered, delivering a new PlugX variant. The campaign, active since 2022, shows overlaps with RainyDay and Turian backdoors, including the abuse of legitimate applications for DLL sideloading and shared encryption methods. The new PlugX variant's configuration format resembles that of RainyDay, suggesting attribution to Naikon. Analysis of victimology and technical implementation indicates a potential connection between Naikon and BackdoorDiplomacy, possibly sourcing tools from the same vendor. The malware families use similar infection chains, loaders, and shellcode structures, with shared RC4 keys for payload decryption. This campaign highlights the evolving tactics of Chinese-speaking threat actors and the potential convergence of previously distinct groups.
raw
Create date: 2025-09-23 00:00:00 Domain name: asphspes.com Domain registrar id: 49 Expiry date: 2026-09-23 00:00:00 Name server 1: ns11.value-domain.com Name server 2: ns12.value-domain.com Name server 3: ns13.value-domain.com Query time: 2025-09-25 13:00:30 Update date: 2025-09-24 00:00:00

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 1 day ago
Appeared in 10 threat reports