DomainMediumSignal 0/100
blog.crysys.hu
Location
ChinaFirst Seen
Feb 14, 2026
Last Seen
Feb 14, 2026
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags
Feed Intelligence Summary
2 reports0% confidence
2
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched
Activity Timeline
Feb 14Feb 14
Threat Activity Heatmap
· Peak: 2026-02-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
This indicator of compromise (IOC), `blog.crysys.hu`, has been explicitly whitelisted by multiple reputable threat intelligence services, including AlienVault OTX Feeds and AlienVault Ransomware-Firehol. With a threat score of 0.0, this domain is considered benign and poses no immediate risk to organizational assets. The whitelisting status indicates that while it may appear in some intelligence feeds, it is not associated with malicious activity. Therefore, its presence should not be interprete…
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
2
Reports
First seenFeb 14, 2026
Last seenFeb 14, 2026
VirusTotal
Not checked
WHOIS
- description
- Forensic analysis indicates a DocuSign-themed phishing campaign using a deliberately invalid X.509 PKI seal (“Broken Seal”) to trigger fail-open verification logic in automated handlers. The delivery mechanism bypasses Secure Email Gateway (SEG) reputation checks by using encrypted channels and human-gated infrastructure. The payload is a fileless Process Hollowing (RunPE) malware that injects into RWX memory of legitimate processes to evade disk-based EDR.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 4 months ago
Appeared in 2 threat reports