IOC Radar
DomainMediumSignal 80/100

encrypthub.net

Location
Russian FederationRussian Federation
First Seen
Nov 11, 2024
Last Seen
Apr 5, 2026
Nov 11
First Seen
576d ago
Apr 5
Last Seen
66d ago
12
Reports
source reports
80%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

87 techniques

Feed Intelligence Summary

12 reports80% confidence
12
Source reports
80%
Confidence score
Category tags
active scanactive scanningactivexaerospace & defenseamadeyaptapt grouparmarsenalasciiastraloaderasyncratattackbackdoorbackdoor installationbad reputationbotnetbotnet activitybotnetdomainbrute forcec&cc&c communicationc++c2civil servicescobaltstrikecode executioncode injectioncoinminercommand & controlcommand and controlcommand executioncredential accesscredential harvestingcredential stuffingcryptocurrencydarktortilladarkwisepdarkwispdarkwisp malwaredata exfiltrationdata store exposuredata theftdbatloaderdcratddosddos attacksdefensedefense contractingdefense logisticsdefense systemsdefense technologydirectory spoofingdisease vectordistributed attacksdivedlldll hijackingdll injectiondll sideloadingdonutloaderelfencodedencrypted communicationencrypthubencrypthub malwareencrypthub stealereuropeeurope/asiaexeexecutable fileexploitationexploitation activityfileless malwarefileless malware attackfilesgafgytgamaredongamaredon groupgermanygh0stratghostratgithubgovernment technologyguloaderhajimehtaidentity & access exploitationindicatorinfo-stealerinformation stealinginfostealerinfrastructure acquisitionreconnaissanceinjection activityinternet of thingsiot botnetiot securityiot/ics attackjerryratkaijikeyloggerlateral movementlolbinslolbins usagelummastealermalicious activitymalicious powershell activitymalicious provisioning packagemalicious provisioning packagesmalicious softwaremalwaremalware deliverymalware: darkwispmalware: encrypthub stealermalware: rhadamanthysmalware: silentprismmalware: stealcmarsstealermeduzastealermetasploitmeterpretermicrosoft management consolemilitary operationsmipsmirai botnetmmcmobile threatmoobotmozimsc eviltwinmsc eviltwin exploitmsc eviltwin techniquemsc file exploitationmuipathmuipath abusemuipath attacknational securitynetworknetwork probingopendiroperating systempayload deliverypayload executionpayload.binphishingphishing attackpowershell executionpowershell scriptingprocess injectionpublic administrationpublic infrastructurepublic policyransomwareratreconnaissanceredlinestealerregulatory agenciesrelatedremcos trojanremcosratremote accessremote code executionremote servicesresearchedrev-base64-loaderrhadamanthys stealerrussiarussian federationsaint helena, ascension and tristan da cunhasc.onscripting attackssigned binary abusesigned msisilent prismsilent prism campaignsilentprismsilentprism backdoorsocial engineeringstealcstealc stealerstealerstrelastealert1003t1003.001t1005t1016t1021t1021.001t1027t1027.002t1027.003t1036t1041t1047t1053t1053.005t1055t1055.001t1056t1057t1059t1059.001t1059.003t1059.005t1068t1069.001t1070t1071t1071.001t1071.004t1078t1082t1083t1086t1102t1105t1113t1124t1132t1133t1134t1136t1140t1189t1190t1195t1195.001t1202t1203t1204t1204.002t1213t1218.007t1222t1486t1496t1499.002t1499.003t1543t1547t1547.001t1547.005t1550.002t1550.003t1555t1558t1562.001t1565t1566t1566.001t1566.002t1566.003t1567t1569.002t1573t1574t1574.001t1583.001t1584.003t1587.001t1588t1588.002t1590.001t1592t1595t1595.001t1595.002t1595.003t1598test.txtthreat actortor nodetrojan spytrojan spywaretrojan spyware deploymenttrojanspyua-wgetvbsvulnerability scanwater gamayunwater gamayun aptwindows msc fileswormxwormzero-day exploitzero-day exploitationzero-day vulnerabilityzip

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
12
Reports
First seenNov 11, 2024
Last seenApr 5, 2026

VirusTotal

Not checked

WHOIS

domain rank
-1
raw
Administrative city: Phoenix Administrative country: United States Administrative email: [email protected] Administrative state: AZ Create date: 2024-10-31 00:00:00 Domain name: encrypthub.net Domain registrar id: 303 Domain registrar url: www.publicdomainregistry.com Expiry date: 2025-10-31 00:00:00 Name server 1: ns1.1domainregistry.com Name server 2: ns2.1domainregistry.com Name server 3: ns4.1domainregistry.com Name server 4: ns3.1domainregistry.com Query time: 2024-11-02 12:44:54 Registrant city: 7a96e04d2a2490b3 Registrant company: 876bec07493e9f63 Registrant country: United States Registrant email: [email protected] Registrant name: 6ec12c476047f4cb Registrant phone: 13103ea2f2c8440b Registrant state: e1c7c1911395a3cf Registrant zip: 63d1ebd9e673a597 Technical city: Phoenix Technical country: United States Technical email: [email protected] Technical state: AZ Update date: 2024-10-31 00:00:00
references
https://www.trendmicro.com/en_us/research/25/c/deep-dive-into-water-gamayun.html, https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html, https://urlhaus.abuse.ch/browse/
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 12 threat reports