DomainMediumSignal 54/100

`forcecodestore.com`

Location

Iran, Islamic Republic of

First Seen

Nov 19, 2025

Last Seen

Jun 8, 2026

Nov 19

First Seen

206d ago

Jun 8

Last Seen

5d ago

Reports

source reports

54%

Confidence

medium

Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

54%

Signal Score

54 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

44 techniques

Feed Intelligence Summary

9 reports54% confidence

Source reports

54%

Confidence score

Category tags

aerospace & defenseaerospace industryaerospace sectoraerospace targeted attackaptapt activityasiaaviation industryaviation sectoraviation targeted attackazure adazure infrastructure abusebrute forcec++c2 servercisa kevcommand and controlcredential accesscredential harvestingcustom malwarecustom toolscyber espionagedata exfiltrationdata exfiltration attemptdcsyncer.slickdefencedefence sectordefensedefense contractingdefense industrydefense logisticsdefense systemsdefense targeted attackdefense technologydll hijackingdll searchdll sideloadingdllsdragonforceexploit availableexploit avaliableghostlinein the wildindicatorinfrastructure acquisitionreconnaissanceiocsiraniran-linked actorkeep antiviruslateral movementlinuxlogin brute forcemalware analysismalware distributionmandiant analysismilitary operationsnational securitynetworknetwork intrusion attemptsnetwork reconnaissancengate android malwarenorth americapassword attackphatom ravenphishingphishing attackprivilege escalationprocess injectionresearchedsiemsneaky malwaresocial engineeringssh reverse tunnelingstrategiessupply chain attackt1003t1003.006t1021t1036t1040t1049t1053t1055t1059t1059.001t1068t1071t1078t1102t1105t1106t1110t1110.003t1113t1140t1189t1190t1199t1204t1213t1213.002t1218t1218.007t1219t1547t1562t1564.004t1566t1566.001t1566.002t1566.003t1574t1574.001t1574.002t1587.001t1588t1590.001t1595t1598.003targeted cyber espionagethird-party compromisethreat groupunc1549united statesupdate siemvdi breakoutxloaderzip file

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **forcecodestore.com** has been identified as a critical indicator of compromise (IOC) associated with phishing activities targeting the aerospace and defense sector. Originating from Iran, this malicious domain has been observed in at least one threat intelligence report, highlighting its potential use by advanced persistent threat (APT) groups. First detected on November

Threat ScoreMedium Risk

SIGNAL

Signal Score

54%

Confidence

Reports

First seenNov 19, 2025

Last seenJun 8, 2026

VirusTotal

Not checked

WHOIS

description: UNC1549, a threat group suspected to be linked to Iran has sharply expanded its cyber-espionage operations across the aerospace, aviation, and defence sectors.

`forcecodestore.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy