IOC Radar
DomainHighVerifiedSignal 30/100

fearevolve.com

Location
United StatesUnited States
First Seen
Aug 6, 2025
Last Seen
Feb 13, 2026
Aug 6
First Seen
312d ago
Feb 13
Last Seen
121d ago
5
Reports
source reports
30%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Feed Intelligence Summary

5 reports30% confidence
5
Source reports
30%
Confidence score
Category tags
active scanningaptapt campaignbotnetc2c2 communicationcandirucandiru groupcaramel tsunamicarmine tsunamicommand and controlcommercial spywarecompromised systemsdata exfiltrationdata theftdeevdefense evasiondevilstongue spyware campaigndistributed attacksexfiltrationexploit deliveryexploitationgonjeshke darandeindicatorinfrastructure expansioninitial accesslateral movementlateral movement techniquesmalicious softwaremalwarenetworknetwork intrusionnetwork probingnorth americaphlox tempestpredatory sparrowprocess injectionreconnaissanceremote access trojanresearchedspyware deploymentt1005t1021t1041t1047t1055t1059t1071t1071.001t1078t1105t1189t1203t1204t1486t1496t1499.002t1499.003t1547t1565t1566t1566.002t1573t1583t1583.001t1583.003t1583.004t1584t1588t1595.001t1595.002t1595.003united states

Activity Timeline

1 total obs
Feb 13Feb 13

Threat Activity Heatmap

· Peak: 2026-02-13
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
5
Reports
First seenAug 6, 2025
Last seenFeb 13, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
Insikt Group reported discovery of new infrastructure associated with eight Candiru-linked clusters, specifically infrastructure used to deploy and control the DevilsTongue spyware as well as higher-tier operator infrastructure. The finding indicates active expansion or maintenance of a multi-cluster operational footprint that separates initial delivery/deployment mechanisms from command-and-control and operator management layers.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 10 months ago · Last seen 4 months ago
Appeared in 5 threat reports