DomainMediumSignal 65/100

`ehealthpsuluth.com`

Location

United States

First Seen

Sep 22, 2025

Last Seen

Jun 6, 2026

Sep 22

First Seen

264d ago

Jun 6

Last Seen

8d ago

Reports

source reports

65%

Confidence

medium

Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

65%

Signal Score

65 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

80 techniques

Feed Intelligence Summary

10 reports65% confidence

Source reports

65%

Confidence score

Category tags

active scanningai-driven phishing attackairbus impersonationaptattribution challengesazure app servicesbackdoorboeing impersonationbrute forcec2civil servicesclustercode obfuscationcommandcommand and controlcommunication protocolcommunication technologiescredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdefense evasiondigital signaturedll sideloadingeggstreme malwareendclient rateu cyber policieseuropeeuropean targetsfantasy hufilehash md5filehash sha1filehash sha256firstftpftp brute forcegod ratgootloadergovernment technologyhttp brute forcehttp scannerhttpsindicatoringress tool transferiranian threat actorirgcisk_smudgedserpentisl onlinelateral movementmalicious documentmalicious softwaremalwaremalware analysismalware campaignmalware deliverymalware obfuscationmalware signingmicrosoft 365minibike malwareminibrowse malwareminibrowse stealerminijunk backdoorminijunk malwaremobile carriersmobile networksmultiple protocolsnetworknetwork intrusionnetwork probingnetwork protocolnetwork scanningnetwork service scanningnimbus manticorenimubs manticorenorth americaoverlapping ttpspayload deliveryphishingphishing attackpolicy experts targetingprocess injectionprodaftprodaft threat actorpublic administrationpublic infrastructurepublic policyreconnaissanceregional securityregistry modificationregulatory agenciesremote accessremote servicesresearchedrmm tool abusermm toolsscheduled tasksserviceshai-hulud campaignsmoke sandstormsocial engineeringsoftware integrityspear-phishingspearphishingssh attackstealerstorm-2246t1003t1005t1012t1016t1018t1021t1021.001t1021.002t1027t1027.002t1027.009t1036t1036.005t1040t1041t1047t1053.005t1055t1055.002t1059t1059.001t1059.003t1059.005t1059.006t1059.007t1060t1068t1071t1071.001t1076t1077t1078t1078.004t1082t1083t1087t1090t1095t1098t1102t1105t1106t1110t1110.002t1112t1132t1133t1140t1189t1190t1192t1193t1199t1202t1204t1204.002t1219t1486t1499.002t1547t1547.001t1547.004t1553.002t1554.001t1554.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1574t1574.001t1574.002t1595t1595.001t1595.002t1595.003telecom servicestelecommunicationstelecommunications sector targetingthreat actor: unc1549trojan malwarettpsunc1549unc1549 threat actorunc_smudgedserpentunited statesunknown groupunknown threat actorweb trafficweek3.pdfwestern europe

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

65%

Confidence

Reports

First seenSep 22, 2025

Last seenJun 6, 2026

VirusTotal

Not checked

WHOIS

description: Since early 2025, the Iranian threat actor Nimbus Manticore, also known as UNC1549 or Smoke Sandstorm, has intensified its cyber campaigns targeting defense, telecommunications, and aviation sectors in Western Europe, particularly Denmark, Sweden, and Portugal. Aligned with IRGC priorities, the group employs sophisticated spearphishing, impersonating firms like Boeing and Airbus to lure victims to fake career portals with unique URLs and credentials for tracking. These portals, built on React templates and hidden behind Cloudflare, deliver malicious ZIP archives like "Survey.zip," initiating a multistage DLL sideloading chain. This chain exploits undocumented NT APIs to sideload malicious DLLs ("userenv.dll" and "xmllite.dll") via legitimate executables, ensuring persistence through scheduled tasks and registry keys.
domain rank: -1
raw: Administrative city: Reykjavik Administrative country: Iceland Administrative email: [email protected] Administrative state: Capital Region Create date: 2024-09-06 00:00:00 Domain name: ehealthpsuluth.com Domain registrar id: 1068 Domain registrar url: http://www.namecheap.com Expiry date: 2025-09-06 00:00:00 Name server 1: eric.ns.cloudflare.com Name server 2: lindsey.ns.cloudflare.com Query time: 2024-09-07 12:04:52 Registrant city: ddbf76e4e8cee320 Registrant company: 4b7a0912c26a13e2 Registrant country: Iceland Registrant email: [email protected] Registrant name: 37bfbc24cafea5d2 Registrant phone: fc40cd552aeaa6b8 Registrant state: 3e0204199d8ebf9c Registrant zip: f206c9d9737ad45d Technical city: Reykjavik Technical country: Iceland Technical email: [email protected] Technical state: Capital Region Update date: 2024-09-06 00:00:00
references: https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/, week3.pdf, Sep week3.pdf, https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe
subdomains count: 12

`ehealthpsuluth.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy