DomainMediumSignal 21/100
forti.external-sht.com
Location
FranceFirst Seen
Mar 23, 2025
Last Seen
May 10, 2026
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
21%
Signal Score
21 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
3 reports21% confidence
3
Source reports
21%
Confidence score
Category tags
acceptacrongl integactive scanaddress rangeadobe portableallocated paalphenappleasciiasiaattack networkbackbazaarbootkitcalls processcanadacidrciro pellegrinocitizen labcitycivicpluscivil servicescivil society targetingcloseclustercnamecommand linecrisiscus cnrapidsslcus oletdata exfiltrationdefense evasiondns attackdocument formatdynamicloadere cityec oidencrypt cne8encryptionentityentity icone2europeexecutable fileexploitation activityextra infofederationfirstfrancefull pathgalaxygermanygovernment technologygraphite spywareguest systemhandlehoustonhouston addresshuman rightshuman rights violationiana registraricone2indicatorinfoinformation technologyinteliosios malwareiphoneissuerit infrastructureitalyjapanjsonkey algorithmkey identifierkey infoks postalcodelayer protocollinksloadsmalicious softwaremalwaremediamercenary spywaremetametadata analysismexicomitre attackmobilemobile device infectionmobile exploitationmobile securitymobile threatmsiemwdbnetworknetwork adminnetwork infonetwork namenextnorth americansonumberodigicert incontarioopenpgp secretoppoverview zenboxparagonparagon solutionsparagon spywareparent pidpathpayloadpdf documentperforms dnsphishingpleasepoison carppolandpolicepostpredatorprocess injectionprocesses extraproliferatingpublic administrationpublic infrastructurepublic policyransomwareraxirrcmprdap databaseregulatory agenciesresearchedrijnripeserviceshell folderssigmaslashslovakiasmtpsocial media securitysoftware developmentspawnsssdeepstatic analysisstatussubject publicsuite esuricata idssystem processt1003t1010t1012t1014t1018t1033t1036t1047t1055t1055 processt1056t1057t1059t1064t1068t1070t1071t1071.001t1078t1082t1083t1095t1104t1105t1112t1125t1189t1190t1203t1485t1486t1496t1497t1505t1518t1542t1543t1547t1553t1562t1564t1565t1566t1569t1571t1573t1574t1578t1584t1588t1588.004targeted spyware campaignthreat actortiertngtofseetoggletwittertypeunitedurlsv3 serialvalue averdictwhois serverwindowwindows ntwindows sandboxwpaddetectedurlwpaddhcpwpaddnsx509v3 subjectyarazenbox androidzero-click exploit
Activity Timeline
May 10May 10
Threat Activity Heatmap
· Peak: 2026-05-10LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **forti.external-sht.com** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats, including malware, phishing, and ransomware activities. Originating from France, this malicious IP has been observed in at least one threat intelligence report, suggesting it may be part of a broader campaign orchestrated by a sophisticated threat actor. First detected on March
Threat ScoreLow Risk
21
SIGNAL
Signal Score
21%
Confidence
3
Reports
First seenMar 23, 2025
Last seenMay 10, 2026
VirusTotal
Not checked
WHOIS
- description
- This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, "hidden" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 1 month ago
Appeared in 3 threat reports