DomainMediumSignal 17/100
ge.call
Location
SpainFirst Seen
Feb 18, 2026
Last Seen
Feb 18, 2026
Found in 1 report. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
17%
Signal Score
17 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
1 report17% confidence
1
Source reports
17%
Confidence score
Category tags
account discoveryaccount profilingaccount takeoverapi abuseasiaauthentication bypassauthentication flawbloat-acanadachinacredential accesscredential theftcryptographydata breachdigital certificatedigital signaturee-signature securityeuropeindicatorjapanmalware signingnetworknorth americaprotocol-deviresearchedsoftware integrityspaint1078t1110t1189t1190t1539t1554.001t1554.003t1555t1567united statesw32.bloat-a
Activity Timeline
Feb 18Feb 18
Threat Activity Heatmap
· Peak: 2026-02-18LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated
The domain **ge.call** has emerged as a significant indicator of compromise (IOC) linked to sophisticated cyber threats originating from Spain. First observed on February
Threat ScoreLow Risk
17
SIGNAL
Signal Score
17%
Confidence
1
Reports
First seenFeb 18, 2026
Last seenFeb 18, 2026
VirusTotal
Not checked
WHOIS
- description
- Forensic analysis indicates a DocuSign-themed phishing campaign using a deliberately invalid X.509 PKI seal (“Broken Seal”) to trigger fail-open verification logic in automated handlers. The delivery mechanism bypasses Secure Email Gateway (SEG) reputation checks by using encrypted channels and human-gated infrastructure. The payload is a fileless Process Hollowing (RunPE) malware that injects into RWX memory of legitimate processes to evade disk-based EDR.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 4 months ago
Appeared in 1 threat report