DomainHighVerifiedSignal 64/100

`clarendon.bookify.space`

First Seen

Jul 8, 2025

Last Seen

Mar 18, 2026

Jul 8

First Seen

340d ago

Mar 18

Last Seen

87d ago

Reports

source reports

64%

Confidence

high

Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

64%

Signal Score

64 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

140 techniques

Feed Intelligence Summary

4 reports64% confidence

Source reports

64%

Confidence score

Category tags

abuseadvanced persistent threatappleaptapt groupbingbotnetcivilcivil servicescivilian targetingcommand and controlcommunication technologiescompromised routercredential harvestingdata exfiltrationddos attacksdefense evasiondefense-evasiondistributed attacksdnselectronic health recordsenterprise securityexploitfirmware infectionfirmware modificationgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementindicatorinternet of thingsiosios malwareiot botnetiot/ics attacklazarus grouplinklinuxlinux malwaremacmalicious softwaremalwaremass surveillancemedical servicesmirai botnetmobilemobile carriersmobile malwaremobile networksmobile securitynetworkoperating systempatch managementpatient carepdfpdf exploitpegasuspegasus projectphishingphishing attackpoliceprocess injectionpublic administrationpublic infrastructurepublic policyregulatory agenciesresearchedsmssms exploitsocial engineeringsoftware vulnerabilitiesstatestate-promovedstate-sponsoredsupply chain attackt1003t1003.001t1003.004t1004t1005t1016t1018t1020t1021.001t1021.006t1027t1036t1037t1037.003t1041t1053t1055t1056t1059t1062t1064t1068t1069.001t1070t1071t1071.001t1071.004t1076t1078t1082t1084t1087t1110t1113t1130t1133t1156t1185t1187t1189t1190t1192t1193t1195t1199t1204t1204.002t1205t1210t1211t1212t1485t1486t1490t1491t1495t1496t1497t1499.002t1499.003t1505t1529t1530t1539t1543t1546t1547t1552t1553t1553.003t1555t1556t1557t1562t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1569t1571t1573t1574t1578t1580t1583t1584t1585t1586t1587t1587.003t1588t1589t1590t1591t1592t1593t1594t1595t1596t1596.001t1596.004t1597t1598t1599t1600t1601t1602t1602.001t1602.002t1606t1608t1609t1610t1611t1612t1613t1614t1615t1619t1620t1621t1622t1647t1648t1649t1650t1651t1652t1653t1654t1656t1657t1659t1665t1666targeted spyware campaigntargeted-attackstelecom servicestelecommunicationswindows malwarezero click exploitzero-day exploit

Activity Timeline

1 total obs

Mar 18Mar 18

Threat Activity Heatmap

· Peak: 2026-03-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), the domain `clarendon.bookify.space`, represents a significant and immediate threat to organizational security, evidenced by its high threat score of 64.12. This domain is strongly associated with sophisticated adversary groups like BackdoorDiplomacy and Lazarus Group, known for their advanced persistent threat capabilities and state-sponsored cyber espionage activities. Its involvement suggests potential use in various malicious operations, including command …

Threat ScoreMedium Risk

SIGNAL

Signal Score

64%

Confidence

Reports

First seenJul 8, 2025

Last seenMar 18, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

registrar: Go Daddy, LLC
description: Operation Endgame 2: Mass, permanent surveillance targeting civilians without warrants. Advanced tools infect devices via malicious links (WhatsApp/SMS/email) or PDFs with zero-day exploits. Clicking executes malware: Pegasus (Android/iOS) or Mirai (Linux/Windows), enrolling devices into a botnet. Infections are persistent, often replacing device/router firmware, requiring hardware changes. Malicious traffic hides via Google/Cloudflare DNS. Thousands of companies collaborate (Amazon, Google, Microsoft, Facebook, WhatsApp, Apple, etc.), providing servers, domains, and websites to mask attacks. This enables agencies to infect targets even when accessing legitimate services (e.g., logging into Amazon) if the browser is vulnerable. Attacks are targeted, evading firewalls, and expose private data, risking targets' physical safety. The operation involves multiple allied states.
raw: Creation Date: 2022-01-28T05:03:53.0Z DNSSEC: unsigned Domain Name: BOOKIFY.SPACE Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: HOPE.NS.CLOUDFLARE.COM Name Server: NICK.NS.CLOUDFLARE.COM Registrant Country: US Registrant Email: f651612a2f356ad3s@ Registrant Organization: b46a98a26fe2fd9f Registrant State/Province: 30bdd2917a604c83 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.4805058800 Registrar IANA ID: 146 Registrar URL: https://www.godaddy.com/ Registrar WHOIS Server: whois.godaddy.com Registrar: Go Daddy, LLC Registry Domain ID: D272343687-CNIC Registry Expiry Date: 2026-01-28T23:59:59.0Z Updated Date: 2024-06-11T06:57:09.0Z

`clarendon.bookify.space`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy