DomainHighVerifiedSignal 26/100

`drevos.ro`

Location

Saint Helena, Ascension and Tristan da Cunha

First Seen

Nov 20, 2025

Last Seen

Jun 6, 2026

Nov 20

First Seen

202d ago

Jun 6

Last Seen

4d ago

Reports

source reports

26%

Confidence

high

Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

26%

Signal Score

26 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

68 techniques

Feed Intelligence Summary

6 reports26% confidence

Source reports

26%

Confidence score

Category tags

active scanactive scanningadwareaptarchivearmasyncratattack chaintheattack_vectorattack_vector:deliveryautomated analysisautomated attackautomated detectionautomated threatautomated threat detectionautomated-attackbackdoorbad reputationbotnetbotnet activitybotnetdomainbrute forcebrute force attackbrute force attemptbrute force attemptsbrute_force_attackc2c2 activityc2 communicationcampaign:unknowncensyscobalt strikecobalt-strikecode executioncommand & controlcommand and controlcommand executioncommand_and_controlcommunication protocolcommunication technologiescompromised hostcompromised websitescredential accesscredential harvestingcredential stuffingcredential_accesscredential_stuffingcryptocurrencycryptocurrency threatscryptojackingcyber threat intelligencecyber_attackcyber_threat_activitydata encryptiondata exfiltrationdata store exposuredata_type:indicators_of_compromisedattormmddosddos attacksdelivery_mechanismdenial of servicedistributed attacksdownloaderdrive-by downloadsdropped-by-amadeydropperelfencryptioneuropeevent_type:malware_deliveryexeexecutable fileexploitexploit kitexploit kitsexploitationexploitation activityextortionfilefileless malwarefinanceftpftp brute forcefuerygafgytgeneric threat reportgotoresolvehajimehashhttp attackhttp brute forcehttp scannerhttp scanninghttp_traffichttpshttps scanninghxtpidentity & access exploitationimapimap brute forceindicatorindicatorsindicators of compromiseindicators_of_compromiseinfected documentsinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial access attemptsinitial_accessinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackjavascript injectionkeyloggerlateral movementloaderlogmein resolvem68kmacosmacos malwaremacro malwaremacsyncmalicious advertisingmalicious attachmentsmalicious documentmalicious domainmalicious downloadmalicious filemalicious linkmalicious linksmalicious powershell activitymalicious softwaremalicious_attachmentmalicious_codemalicious_filemalicious_payloadmalicious_urlmalvertisingmalwaremalware activitymalware analysismalware detectedmalware detectionmalware distributionmalware distribution campaignmalware hostingmalware indicatorsmalware iocsmalware_campaignmalware_distributionmd5metasploitmipsmirai botnetmobile carriersmobile networksmozinetworknetwork attacksnetwork indicatorsnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_activitynetwork_scanningnovel iocnovel-iocnovel_iocopendirpartyparty invitation phishingpassword attackspassword crackingpassword protected archivespassword: bluyspassword: lunexpassword: ryospayloadpayload deliveryphishingphishing attackphishing attackspossible aptpossible apt activitypossible malwarepossible malware infectionpotential malware activitypotential reconnaissancepowerpcpowershell abusepre-attackprecogprocess injectionprotocol exploitationransomwareratreconnaissanceremote accessremote access toolsremote servicesreport_source:ltna_cyberresearchedresource hijackingrmm exploitationromaniarootkitsaint helena, ascension and tristan da cunhasantastealerscams & fraudscannerscripting attackssecurity operationssecurity_indicatorssliversmb scanningsmtpsmtp brute forcesmtp scanningsocial engineeringsoftware exploitationsoftware_vulnerability_exploitationspamspam emailssparcssh attacksshdkitstealersuperhsupply chainsupply chain attacksystem disruptionsystembct1005t1016t1016.001t1018t1021t1021.001t1021.002t1027t1036t1040t1041t1046t1047t1048t1053t1055t1059t1059.001t1068t1071t1071.001t1076t1077t1078t1083t1086t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1192t1195t1203t1204t1204.001t1204.002t1219t1486t1490t1496t1499.001t1499.002t1499.003t1547t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1568.002t1569.002t1573t1583t1587.001t1590.001t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreat_actor:unknownthreat_feedthreat_intelligencethreat_type:malwaretor nodetrojan malwareua-wgetunauthorized access attemptunidentified threat actorunited statesunknown threat actorvidarvirusvulnerability scanwatering holeweb securityweb trafficwormwormswsgidavx86xml-opendirzipzoom meetingzoom meeting lure

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **drevos.ro**, originating from Saint Helena, Ascension and Tristan da Cunha, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on November

Threat ScoreLow Risk

SIGNAL

Signal Score

26%

Confidence

Reports

First seenNov 20, 2025

Last seenJun 6, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

registrar: Romarg SRL
description: LTNA Cyber provides additional enrichment for domain and URL indicators, including RIR and DNS intelligence, domain registration context, routing verification, BGP stream visibility, and GeoIP/ISP attribution. Learn more: https://ltna.com.au/cyber
domain rank: -1
raw: DNSSEC: Inactive Domain Name: drevos.ro Domain Status: OK Nameserver: ns1.romarg.com Nameserver: ns2.romarg.com Nameserver: ns3.romarg.com Nameserver: ns4.romarg.com Referral URL: www.inregistrare-domenii.ro Registered On: 2023-05-04 Registrar: Romarg SRL
subdomains count: 0

`drevos.ro`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy