DomainMediumSignal 79/100

`echojoy.xyz`

Location

Ukraine

First Seen

Feb 12, 2025

Last Seen

Apr 15, 2026

Feb 12

First Seen

484d ago

Apr 15

Last Seen

56d ago

Reports

source reports

79%

Confidence

medium

16/91

VirusTotal

detections

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

79%

Signal Score

79 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

82 techniques

Feed Intelligence Summary

8 reports79% confidence

Source reports

79%

Confidence score

Category tags

account discoveryaccount profilingaccount takeoveractive scanactive scanningad fraudad fraud campaignsamazonandroid tvasiabadboxbadbox malwarebelarusberbewbotnetbotnet activitybotnet operationsbrute forcebrute force attackc2certchinacivilcommand & controlcommand and controlcommunication channelcommunication technologiescompromised iot devicescompromised systemconnected devicesconsumer devicescredential accesscredential harvestingcredential stuffingcredential stuffing attackscredential theftcrimectvdata exfiltrationdata store exposuredata theftddosddos attacksdevice managementdistributed attacksdnsdns attackencrypted connectionsendgameenterprise securityeu cyber policieseuropeeurope/asiaexploitation activityfinancefirstformbook stealerfraudftp brute forcegooglehackershtml smugglinghtml_smugglinghttp brute forceidentity & access exploitationindicatorindustrial iotinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityintelligence agency surveillanceinternet of thingsiosiot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackit infrastructurelateral movementlaw enforcement surveillancelemon grouplinuxlogin attackmacmalicious softwaremalwaremalware campaignmediamirai botnetmobilemobile carriersmobile device hijackingmobile devicesmobile networksmobile securitymobile threatnetworknetwork communicationnetwork reconnaissancenetwork scanningnsonso groupoperating systemparagonpassword attackspatch managementpegasuspeoplephishingphishing attackpotential intrusionprocess injectionproxyreconnaissanceregional securityremote accessremote servicesresearchedresidential ipsresidential proxyresidential proxy usagerussiasamsungscams & fraudsdk spoofingsecurity operationssingaporeskynetsmart devicessocial engineeringsockssoftware developmentsoftware vulnerabilitiessonyssh attackstealersystem accesst1001t1005t1011t1016t1016.001t1016.002t1018t1019t1020t1021t1021.001t1021.006t1041t1047t1055t1055.001t1057t1059t1059.001t1059.003t1059.004t1059.007t1064t1069.001t1071t1071.001t1071.004t1076t1078t1078.004t1082t1088t1094t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1114.002t1133t1190t1192t1199t1202t1204t1204.001t1204.002t1218.001t1486t1496t1497t1499.002t1499.003t1547t1547.001t1553.004t1555t1563t1563.002t1565t1566t1566.001t1566.002t1566.003t1567t1567.001t1571t1573t1573.001t1573.002t1586t1587.001t1588t1590.001t1595t1595.001t1595.002t1595.003t1596.001t1596.004telecom servicestelecommunicationsthreat actorthreat intelligencetor nodetraffic maskingtriadatrojan downloadertrojan malwareturkeyukrainevalid accountsvulnerability scanwixyndx smart

Activity Timeline

1 total obs

Apr 15Apr 15

Threat Activity Heatmap

· Peak: 2026-04-15

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

The domain **echojoy.xyz** has emerged as a significant indicator of compromise (IOC) linked to a variety of malicious activities, including botnet operations, command and control (C

Threat ScoreHigh Risk

SIGNAL

Signal Score

79%

Confidence

Reports

First seenFeb 12, 2025

Last seenApr 15, 2026

VirusTotal

16/ 91vendors flagged

18% detection rateJun 8, 2026

WHOIS

description: These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with command and control (C2) infrastructure, facilitating malware communication, data exfiltration, and persistent threat actor operations. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations.
domain rank: -1
raw: Create date: 2023-09-26 00:00:00 Domain name: echojoy.xyz Domain registrar id: 146 Domain registrar url: https://www.godaddy.com/ Expiry date: 2026-09-26 00:00:00 Name server 1: NS55.DOMAINCONTROL.COM Name server 2: NS56.DOMAINCONTROL.COM Query time: 2023-09-27 11:25:50 Registrant company: b46a98a26fe2fd9f Registrant country: United States Registrant email: f651612a2f356ad3s@ Registrant state: 30bdd2917a604c83 Update date: 2023-09-26 00:00:00
references: https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0, https://www.humansecurity.com/wp-content/uploads/2025/03/BADBOX-2-H5-Domain-List.csv, https://threatfox.abuse.ch/export/csv/recent/, https://humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/, https://www.bitsight.com/blog/badbox-botnet-back
subdomains count: 0

`echojoy.xyz`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy