IOC Radar
DomainMediumSignal 30/100

efw.com.hk

First Seen
Jan 19, 2025
Last Seen
Apr 30, 2025
Jan 19
First Seen
519d ago
Apr 30
Last Seen
418d ago
4
Reports
source reports
30%
Confidence
medium
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

24 techniques

Feed Intelligence Summary

4 reports30% confidence
4
Source reports
30%
Confidence score
Category tags
bot communicationbotnetc2c2 communicationcommand and controlcommunication protocolcompromised hostcredential harvestingdata exfiltrationdistributed attacksdownloaderhttp scannerhttpsindicatorinfrastructure acquisitionreconnaissanceingress tool transferiocmachine learning detectionmalicious domainsmalicious softwaremalwaremalware distributionmalware domain feedmanualnetworkphishing attackpotential-c2process injectionresearchedsocial engineeringt1001t1001.001t1001.002t1041t1055t1071t1071.001t1071.004t1105t1190t1486t1496t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1568t1568.002t1573t1587.001t1590.001trojan malwareupatreweb traffic

Activity Timeline

1 total obs
Apr 30Apr 30

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
4
Reports
First seenJan 19, 2025
Last seenApr 30, 2025

VirusTotal

Not checked

WHOIS

description
Command and Control domains for malware known as Upatre. These domains are extracted from malware sandbox reports using a Machine Learning model trained on a corpus of good and bad domains.
domain rank
-1
raw
Company Chinese name: COLEMOI INTERNATIONAL LIMITED Company English Name (It should be the same as the registered/corporation name on your Business Register Certificate or relevant documents): COLEMOI INTERNATIONAL LIMITED Company name: COLEMOI INTERNATIONAL LIMITED Country: Hong Kong (HK) DELILAH.NS.CLOUDFLARE.COM DNSSEC: unsigned Domain Name Commencement Date: 13-12-2022 Domain Name: EFW.COM.HK Domain Status: Active Email: [email protected] Expiry Date: 13-12-2023 LEONARD.NS.CLOUDFLARE.COM Re-registration Status: Complete Registrant Contact Information: 3432650ec337c945 Registrar Contact Information: Email:[email protected] Registrar Name: ERANET INTERNATIONAL LIMITED
subdomains count
2

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 year ago
Appeared in 4 threat reports