IOC Radar
DomainMediumSignal 57/100

assetsqq.com

Location
Hong KongHong Kong
First Seen
May 4, 2025
Last Seen
Jun 19, 2026
May 4
First Seen
418d ago
Jun 19
Last Seen
7d ago
9
Reports
source reports
57%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Feed Intelligence Summary

9 reports57% confidence
9
Source reports
57%
Confidence score
Category tags
adversary-in-the-middleadversary-in-the-middle attackaitmaptapt group: thewizardsarp spoofingasiabackdoorbotnetcambodiachinacivil servicescommand and controlcommunication protocolcredential harvestingcredential theftcyber espionagedarknightsdata exfiltrationdata interceptiondistributed attacksdll sideloadingearth minotaurgovernment technologyhong konghttp scannerhttpsindicatoripv6ipv6 exploitationlateral movementmalicious softwaremalwaremalware: spellbindermalware: wizardnetman-in-the-middleman-in-the-middle attackmfa bypassmitmnetworknetwork manipulationnetwork sniffingnetwork spoofingphilippinesphishingphishing attackprocess injectionpublic administrationpublic infrastructurepublic policyregulatory agenciesremote accessresearchedrouter advertisement spoofingsession hijackingslaacslaac spoofingsocial engineeringsoftware updatesoftware update hijackingspellbinder toolt1005t1016t1021t1021.001t1027t1027.005t1041t1055t1059t1059.001t1059.003t1068t1071t1071.001t1071.004t1078t1080t1082t1087t1095t1105t1106t1110t1112t1133t1189t1190t1195t1195.001t1195.002t1202t1486t1496t1499.002t1499.003t1547.001t1550t1550.002t1550.003t1555t1557t1557.001t1558t1558.003t1558.004t1565t1566t1566.001t1566.002t1566.003t1571t1573.001t1587.001t1588.002t1588.006t1595thewizardsthewizards aptthreat actor: thewizardstraffic redirectionttpsunited arab emiratesupsecweb traffic

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **assetsqq.com**, originating from Hong Kong, has been identified as a critical indicator of compromise (IOC) associated with multiple cyber threats. First observed on May

Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
9
Reports
First seenMay 4, 2025
Last seenJun 19, 2026

VirusTotal

Not checked

WHOIS

description
TheWizards, a China-aligned APT group, employs Spellbinder, a lateral movement tool for adversary-in-the-middle attacks through IPv6 SLAAC spoofing. This technique allows them to intercept network traffic and redirect legitimate Chinese software updates to malicious servers. The group targets individuals, gambling companies, and entities in Southeast Asia, UAE, China, and Hong Kong. Their malware chain includes the WizardNet backdoor and utilizes DNS hijacking to deliver malicious updates. Evidence links TheWizards to Sichuan Dianke Network Security Technology Co., Ltd. (UPSEC), suggesting it may be a digital quartermaster for this APT group. The attackers use sophisticated tools and techniques to evade detection and maintain persistence on compromised systems.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 9 threat reports