IOC Radar
DomainMediumSignal 74/100

grovik71.theweb.place

Location
TurkeyTurkey
First Seen
Sep 26, 2024
Last Seen
Jun 7, 2026
Sep 26
First Seen
627d ago
Jun 7
Last Seen
8d ago
7
Reports
source reports
74%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

25 techniques

Feed Intelligence Summary

7 reports74% confidence
7
Source reports
74%
Confidence score
Category tags
botnetcertcommand and controlcredential harvestingdata exfiltrationdistributed attacksencryptionexfiltrationindicatorinitial accesslateral movementlinuxmalicious softwaremalloxmalwarenetworkphishingphishing attackprocess injectionransom demandransomware-as-a-serviceresearchedsocial engineeringt1027t1055t1059t1059.001t1059.004t1071t1071.001t1078t1105t1190t1204t1204.002t1486t1496t1499.002t1499.003t1505.003t1547t1565t1566.001t1566.002t1566.003t1567t1588.001t1588.002turkey

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
7
Reports
First seenSep 26, 2024
Last seenJun 7, 2026

VirusTotal

Not checked

WHOIS

description
This analysis examines the evolution of Kryptina, a ransomware-as-a-service platform, from a free tool on public forums to being actively used in enterprise attacks under the Mallox ransomware family. In May 2024, a Mallox affiliate leaked staging server data, revealing their Linux ransomware was based on a modified version of Kryptina. The affiliate made superficial changes to source code and documentation, removing Kryptina branding but retaining core functionality. This adoption exemplifies the commoditization of ransomware tools, complicating malware tracking as affiliates blend different codebases into new variants. The report details the similarities and differences between the original Kryptina RaaS and the modified Mallox version, including encryption methods, ransom note templates, and configuration files.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 8 days ago
Appeared in 7 threat reports