IOC Radar
DomainMediumSignal 96/100

fruitbrat.com

Location
United StatesUnited States
First Seen
Feb 26, 2026
Last Seen
Jun 3, 2026
Feb 26
First Seen
108d ago
Jun 3
Last Seen
11d ago
11
Reports
source reports
96%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
96%
Signal Score
96 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Feed Intelligence Summary

11 reports96% confidence
11
Source reports
96%
Confidence score
Category tags
#supportsitewebsiteabuse #rootcertificatefailure #cryptographicfabuseaccommodation and food servicesaccommodation servicesadministrationadobe exploitationaerospace & defensealienvault_ransomwareaptarkanix stealerasiabackdoorbad reputationbrute forcecbe oglobalsigncertificate validation bypasschinachina-alignedcivil servicescloudflare turnstilecode executioncode injectioncode-signingcommand & controlcommand executioncryptocurrencycyber campaigncyber espionage campaigndata encryptiondata exfiltrationdata store exposuredefensedefense contractingdefense logisticsdefense systemsdefense technologydelivering deerstealer infostealerdiesel vortexdll side-loadingdll-sideloadingdomainencryptionenergyenergy distributionentra ideuropeexploitation activityextortionfirstfood servicesforeign affairsfortunefutureglasswormglobalgovernment technologygreenlandgtigguest servicesguid microsofthospitality technologyhotelshttphuntidentity & access exploitationindicatorinformation technologyinfostealerinjection activityiociot securityiran, islamic republic ofit infrastructurekey identifierkey infokorpluglab52malicious softwaremalwaremalware stagingman-in-the-middlemanual-collectionmedium-riskmilitary operationsmsi payloadmuddywatermulti-vector threat campaignmustang pandanation-state activitynational securitynefilim ransomwarenetworknewer plugxnorth americanumberoauthoil & gasoperating systemoperation camelclonepandapdf exploitphishingplugxplugx implantpower generationpower systemsprc state-sponsoredprimary c2process injectionprotectpublic administrationpublic infrastructurepublic policypubloadr6 alphasslransomwarerc4 encryptionrc4-encryptionregulatory agenciesremote accessrenewable energyresearchedrestaurant operationsservicesoftware developmentsoftware update compromisestrongsubject publicsystem disruptiont1003t1012t1016t1021.001t1027t1033t1036t1036.003t1036.005t1041t1049t1055t1057t1059t1059.001t1069.001t1071t1071.001t1073t1078t1082t1083t1090.003t1102t1102.002t1105t1124t1127.001t1133t1140t1189t1199t1204t1204.002t1218t1218.005t1486t1490t1547.001t1553t1553.002t1565t1566t1566.002t1572t1573t1573.002t1574.002t1583.001t1583.003t1583.006ta416taiwantargeted-attacktengu ransomwarethailandthreat actorthreat grouptoneshelltor nodetourismturntype hashtype osintukraineunc6384united statesv3 serialvalleyratvertigovoid#geistvps hostingwinhttp httpsx509v3 subjectyarayara rule

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
96
SIGNAL
Signal Score
96%
Confidence
11
Reports
First seenFeb 26, 2026
Last seenJun 3, 2026

VirusTotal

Not checked

WHOIS

description
Multiple APT/threat actors, Malware and Campaigns
domain rank
-1
raw
Billing city: Reykjavik Billing country: Iceland Billing email: [email protected] Billing state: Capital Region Create date: 2025-08-19 00:00:00 Domain name: fruitbrat.com Domain registrar id: 1068.0 Domain registrar url: https://rdap.namecheap.com/ Expiry date: 2026-08-19 00:00:00 Name server 1: donna.ns.cloudflare.com Name server 2: thaddeus.ns.cloudflare.com Query time: 2026-01-17 16:55:21 Registrant address: c6523241936df1ba Registrant city: ddbf76e4e8cee320 Registrant company: 4b7a0912c26a13e2 Registrant country: Iceland Registrant email: [email protected] Registrant phone: ef7c9ebdb324979a Registrant state: 3e0204199d8ebf9c Registrant zip: f206c9d9737ad45d Technical city: Reykjavik Technical country: Iceland Technical email: [email protected] Technical state: Capital Region Update date: 2026-01-17 00:00:00
references
https://www.proofpoint.com/us/blog/threat-insight/id-come-running-back-eu-again-ta416-resumes-european-government-espionage, https://sect.iij.ad.jp/blog/2026/02/plugx-executed-via-staticplugin/, https://cyberandramen.net/2026/03/02/before-the-proxy-uncovering-active-plugx-staging-infrastructure-linked-to-three-prc-actors/, Book1.csv, TLP: AMBER, IOCs.2026.csv, IOCs.2026.3.csv
subdomains count
1

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 months ago · Last seen 11 days ago
Appeared in 11 threat reports