IOC Radar
DomainMediumSignal 42/100

enterpriseenrollment.berkley0il-gas.com

First Seen
Apr 17, 2026
Last Seen
May 5, 2026
Apr 17
First Seen
58d ago
May 5
Last Seen
40d ago
3
Reports
source reports
42%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
42%
Signal Score
42 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

19 techniques

Feed Intelligence Summary

3 reports42% confidence
3
Source reports
42%
Confidence score
Category tags
copydeletedgaguardhighindicatormediumnetworkreadresearchedt1010t1018t1027t1036t1047t1055t1056t1057t1070t1071t1082t1083t1095t1497t1518t1547t1562t1573t1574top destinationtop sourcewriteyara detections

Activity Timeline

1 total obs
May 5May 5

Threat Activity Heatmap

· Peak: 2026-05-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **enterpriseenrollment.berkleyil-gas.com** has emerged as a significant indicator of compromise (IOC) in recent threat intelligence reports, flagged with tags such as "copy," "delete," "dga," "guard," and "high," suggesting its involvement in sophisticated cyber operations. First observed on April

Threat ScoreMedium Risk
42
SIGNAL
Signal Score
42%
Confidence
3
Reports
First seenApr 17, 2026
Last seenMay 5, 2026

VirusTotal

Not checked

WHOIS

description
<<Anomalous binary characteristics have been identified in a file that is being used to compile a Windows operating system for the first time in the history of the software, as well as an unauthorised virus>> Darkgate. Links wouldnt attach. User does not have whatsapp.
raw
Create date: 2026-03-22 00:00:00 Domain name: berkley0il-gas.com Domain registrar id: 440.0 Domain registrar url: https://rdap.wildwestdomains.com/v1/ Expiry date: 2027-03-22 00:00:00 Name server 1: ns1.bdm.microsoftonline.com Name server 2: ns2.bdm.microsoftonline.com Query time: 2026-04-16 09:51:59 Registrant address: 2cb0d5e3665cc40c Registrant city: a7319ae5e6c95df5 Registrant company: b46a98a26fe2fd9f Registrant country: United States Registrant name: 80315b2e6ac1a801 Registrant phone: 6b12fe2f5588fb35 Registrant state: 30bdd2917a604c83 Registrant zip: d869d3b215ab9645 Update date: 2026-04-15 00:00:00

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 1 month ago
Appeared in 3 threat reports