IOC Radar
DomainMediumSignal 62/100

backab.ru

Location
NetherlandsNetherlands
First Seen
Aug 29, 2025
Last Seen
Jun 6, 2026
Aug 29
First Seen
285d ago
Jun 6
Last Seen
4d ago
11
Reports
source reports
62%
Confidence
medium
19/91
VirusTotal
detections
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Feed Intelligence Summary

11 reports62% confidence
11
Source reports
62%
Confidence score
Category tags
active scanningbotnetbrute forcec2command and controlcredential accesscredential harvestingcredential stealingcredential stuffingdata exfiltrationdata theftdetected malicious activitydistributed attackseuropeexploit deliveryfin scanftp brute forcehashmd5http attackhttp brute forceindicatorinfostealerinfrastructure acquisitionreconnaissanceioclummalumma stealermalicious linksmalicious softwaremalwaremalware distributionnetherlandsnetworknetwork scanningnull scanoperating systemphishingphishing attackprocess injectionreconnaissanceremote accessremote servicesresearchedself-signedsocial engineeringssh attacksyn scant1005t1016t1021t1021.001t1036t1041t1046t1055t1059t1069.001t1071t1071.001t1076t1078t1105t1110t1110.002t1190t1204.001t1486t1496t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1571t1573t1587.001t1590.001t1595t1595.001t1595.002t1595.003udp port scanweb securitywin32 malwarewindows malwarexmas scan

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **backab.ru** has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, command and control (C

Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
11
Reports
First seenAug 29, 2025
Last seenJun 6, 2026

VirusTotal

19/ 91vendors flagged
21% detection rateJun 7, 2026

WHOIS

description
Command and Control domains for Win32.Lumma. These domains are extracted from a number of sources, and are suspicious.
domain rank
-1
raw
Create date: 2025-08-28 00:00:00 Domain name: backab.ru Expiry date: 2026-09-28 00:00:00 Name server 1: c.ns.selectel.ru Name server 2: a.ns.selectel.ru Name server 3: d.ns.selectel.ru Name server 4: b.ns.selectel.ru Query time: 2025-08-30 23:51:32
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 4 days ago
Appeared in 11 threat reports