DomainHighVerifiedSignal 100/100

`edgeupdate-security-windows.com`

Location

Libya

First Seen

Aug 15, 2023

Last Seen

Feb 19, 2026

Aug 15

First Seen

1039d ago

Feb 19

Last Seen

120d ago

Reports

source reports

99%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

49 techniques

Feed Intelligence Summary

5 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseacceptalienanti-vmantivmapanasapostlearabic libyaarkeistealerarrowratasyncratauthentihashavast softwarebabarbabylon ratbaldrbanditbandit stealerbankerbanloadbannedbazarloaderbeastybelarusbitcoinbitsblackbyteblankgrabberblockchainbodybokbotbotnetboxcaonbrbbotbuteratbypasschaoschatchecks idchilelockercicada3301clippercobaltstrikecode executioncode injectioncode integritycodeccomfoocommand and controlcommand executioncommodity contracts intermediationconfigconnections idcookiecorecorebotcrc32creation idcredential harvestingcredential stealingcredential theftcrimsonratcryptcryptedcrypto exchangecrypto miningcrypto walletcryptocurrencycryptocurrency threatscryptojackingcryptolockercyrusdarkcometdarkeyedarkgatedarkskydarktrackdarkvncdata encryptiondata exfiltrationdavid burkettdcratdearcrydecentralized financedecryptordelfidelphidesktopdetectsdetects codedigital currencydiscorddistributed attacksdonedownloaderdropperducktailelysiumstealerencrypterroreuropeextortionfastfatalratfatdukefilesfilter fpfinancefirstfivehandsflagprofpspygasketgeckogh0stglobeimpostergobratgoldmaxgrabgrabbergravityratguildmahellohelpmehomenethuntico rtgroupiconiframeimphaszimportindicatorinfoinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjectinjectorinput validation bypassit infrastructurejanelaratk netsvcskarkoffkeylogkeyloggerkhtmlkillkillmbrkillmekittyklingonratklogexekoivmkrakenkutakilazaruslcpdotleivionlibyalicense v2lockerloggerlokilu0botmacoutemainmalicious activitymalicious powershell activitymalicious softwaremalwaremalware familymanualmarkmarkiratmassloggermaurigomediapimeltmetadata analysismkdirmobilemobile securitymodi ratmodiloadermsiemyagentneshtanetworknew servicenew service creationnextronnjratnoclosentospynumer wersjiooopsoperating systemordinalosnooutbound smtpowowaparallaxratpasspatchpath traversalpayload deliverypersistence mechanismphishingphishing attackpiratestealerpoolratposhkeyloggerprocess idprocess injectionprometheusquiteratraccoonransomransomwarereconremote accessremote access trojanremote servicesrentsresearchedresource hijackingrestrestartrevengeratreverseratrhysidarothrozmiarrticon serbianrunnerryzerlosandboxsandbox authorsandbox evasionsapphirestealerscreencapturescripting attackssectopratsecurity operationsserbian arabicserviceservice binaryshifushurk stealshutsilentslackbotslowsmtpsnakesnakekeyloggersocial engineeringsocial media securitysoftware developmentspanspookspoolssspyeyespynetssd gbokissdeepstealerstealeriumstormkittystreamstrelastealerstrongpitystubsvchostsvchost parentsystemsystem disruptionsystembct1003t1016t1021t1021.001t1027t1041t1048t1053t1055t1056t1057t1059t1059.001t1059.003t1064t1068t1069.001t1071t1071.001t1078t1082t1083t1086t1105t1113t1124t1189t1190t1204t1204.002t1486t1490t1496t1499.002t1499.003t1543t1547t1547.001t1555t1562t1565t1566t1566.001t1566.002t1566.003t1574t1587.001t1588t1590.001targetthomas patzkethreat actorthreat intelligencetofseetofsee trojan infectiontomiristoolstorismatrojan malwaretruebotturiantyp plikuvanillaratvenom ratvenomratvhashvoidcryptvulturiweb application exploitationwersjawin32 malwarewindigowindows malwarewindows ntwindows upgradewiperwitchwritexorddoszegost

Activity Timeline

1 total obs

Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Intelligence SummaryAI Generated

The domain **edgeupdate-security-windows.com** has been identified as a critical indicator of compromise (IOC) linked to multiple cyber threats originating from Libya. First observed on August

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenAug 15, 2023

Last seenFeb 19, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

description: SHA1- 33008f85428a83996083c3da92a8f00595071403 SHA256 cdab1c3196887d4f749d82f014786a966c87f35a7189f0f3d078558b957847bf https://sandbox.ti.qianxin.com/sandbox/page/detail?type=file&id=7b6726e20c513baebf7fd387a3dd1b7d67a4c7c4 https://ti.qianxin.com/v2/search?type=file&value=fac1ec40eea5a4fc05f17e019328e287 https://www.virustotal.com/gui/file/cdab1c3196887d4f749d82f014786a966c87f35a7189f0f3d078558b957847bf/relations

`edgeupdate-security-windows.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey