IOC Radar
DomainMediumSignal 68/100

campanole.com

Location
NetherlandsNetherlands
First Seen
Aug 14, 2025
Last Seen
Jun 19, 2026
Aug 14
First Seen
310d ago
Jun 19
Last Seen
yesterday
12
Reports
source reports
68%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Feed Intelligence Summary

12 reports68% confidence
12
Source reports
68%
Confidence score
Category tags
aerospace & defensealternate data streamalternate data streamsaptarchive utilityautomotive manufacturingbackdoorbankingbotnetc2 communicationcisa kevcommand and controlcommand injectioncommunication technologiescredential accesscredential harvestingcredit card servicescustom malwaredata accessdata copyingdata exfiltrationdata transferdatosdefensedefense contractingdefense logisticsdefense sector targetingdefense systemsdefense technologydeserializationdeserialization vulnerabilitydistributed attacksdistribution managementdll dropperdll injectionelectronics manufacturingeuropeeurope/asiaexploitexploit availableexploitationfinancefinance sector targetingfinancial servicesfinancial technologyfreight forwardingglobal limitedin the wildindicatorindustrial automationindustrial iotindustrial productioninformation technologyingress tool transferinput validation bypassinventory managementit infrastructurelateral movementlnk filelogistics sector targetinglogistics technologymalicious softwaremalwaremanufacturing sector targetingmanufacturing technologymeltingclaw c2military operationsmobile carriersmobile networksmythicmythic agentmythic c2 agentnational securitynetherlandsnetworkntfs adspaper werewolfpatch managementpath traversalpayment processingphishingphishing attackprocess injectionprocess manufacturingquality controlremote accessremote code executionresearchedromcomromcom aptromcom grouprussiarussia-alignedse caracterizashipping servicessnipbotsnipbot c2snipbot variantsocial engineeringsoftware developmentspearphishingsupply chain managementt1005t1021t1027t1030t1036.001t1041t1047t1055t1059t1059.001t1059.004t1068t1071t1071.001t1078t1087t1105t1113t1114.001t1133t1185t1189t1190t1202t1203t1204t1204.002t1210t1480t1486t1496t1497t1499.002t1499.003t1518t1546.015t1547t1547.001t1552.001t1555.003t1560t1565t1566t1566.001t1566.002t1566.003t1569t1573.002t1574t1583t1587.001t1587.004t1588t1588.002t1588.005t1588.006t1608targeted attack campaigntelecom servicestelecommunicationstransportation managementtrojan malwarevulnerabilitywarehouse operationswealth managementweb application exploitationwinrarzero-day exploit

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain campanole.com has emerged as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnets, exploits, malware, and phishing campaigns. First observed on August

Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
12
Reports
First seenAug 14, 2025
Last seenJun 19, 2026

VirusTotal

Not checked

WHOIS

domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2025-07-17 00:00:00 Domain name: campanole.com Domain registrar id: 69 Domain registrar url: http://tucowsdomains.com Expiry date: 2026-07-17 00:00:00 Query time: 2025-07-18 10:49:42 Registrant city: 1f8f4166599d23ee Registrant company: 1f8f4166599d23ee Registrant country: Saint Kitts and Nevis Registrant email: 9e99bb914e4a99a1s@ Registrant fax: 31d1617d95c9a75c Registrant name: 1f8f4166599d23ee Registrant phone: 31d1617d95c9a75c Registrant state: 5c1896d54f3bb30d Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2025-07-17 00:00:00
references
https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability, https://www.virustotal.com/graph/embed/ge238fa6bcd1645d1ab11e2d64ffa2a167587c9b8786b4f7d84857091b65f425e?theme=light, https://www.virustotal.com/gui/collection/8b60f30565ddb7af796a862047c3af75cc807a747cef528646185df44b326ff6
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 10 months ago · Last seen 1 day ago
Appeared in 12 threat reports