IOC Radar
DomainMediumSignal 82/100

hisobot-uz.com

Location
NetherlandsNetherlands
First Seen
Nov 29, 2025
Last Seen
Jun 19, 2026
Nov 29
First Seen
210d ago
Jun 19
Last Seen
8d ago
10
Reports
source reports
82%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

51 techniques

Feed Intelligence Summary

10 reports82% confidence
10
Source reports
82%
Confidence score
Category tags
active scanaptapt activityapt groupapt24attack vector: emailautumn dragonbloody wolfbloody wolf groupbrand impersonationbrute forcecentral asiacode executioncommand executioncredential harvestingcredential stuffingcredential theftcustomer experiencecyber espionagedata exfiltrationdata store exposuredata theftdigital commercedigital marketplacee-commercee-commerce platformeuropeeurope/asiaexploitation activityfake websitefilehash:md5filehash:sha1filehash:sha256financefraudgovernment impersonationhashesidentity & access exploitationindicatorindicators of compromiseinformation gatheringinitial accessinjection activityjar filejarsjava archive malwarelateral movementmacos malwaremalicious softwaremalwaremalware type: ratnetherlandsnetsupport ratnetworknetwork discoveryonline paymentonline retailonline shoppingoperation dreamjobpayload: jar filephishingphishing attackphishing attack campaignprocess injectionransomwareratrat: netsupport ratregion: central asiaremote accessremote access trojanresearchedrussiascams & fraudshai-hulud campaignsocial engineeringsoftware exploitationspear phishing campaignspearphishingt1027t1048t1048.003t1053t1055t1056t1057t1059t1059.001t1059.003t1059.005t1068t1071t1071.001t1071.004t1078t1078.001t1078.004t1083t1105t1134.001t1134.002t1189t1190t1192t1195.002t1203t1204t1204.002t1210t1219t1486t1543.003t1547t1547.001t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1583t1583.001t1583.004t1588t1588.002t1598t1598.003threat actortor nodewater gamayun

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain hisobot-uz.com has emerged as a significant indicator of compromise (IOC) linked to advanced persistent threat (APT) activities, specifically attributed to the APT

Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
10
Reports
First seenNov 29, 2025
Last seenJun 19, 2026

VirusTotal

Not checked

WHOIS

description
Since late June 2025, Group-IB analysts observed a surge in spear-phishing emails across Central Asia. The attackers impersonate government agencies to gain the trust of their victims. This blog describes the techniques, tools and ongoing activity of the threat group known as Bloody Wolf.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 7 months ago · Last seen 8 days ago
Appeared in 10 threat reports