IOC Radar
DomainMediumSignal 65/100

infosecteam.info

Location
United StatesUnited States
First Seen
Jan 19, 2025
Last Seen
Feb 19, 2026
Jan 19
First Seen
521d ago
Feb 19
Last Seen
126d ago
7
Reports
source reports
65%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

104 techniques

Feed Intelligence Summary

7 reports65% confidence
7
Source reports
65%
Confidence score
Category tags
ai evasionalert schemeangry likhoaptapt group team46apt group: team46awaken likhobackdoorbackdoor infectionblack owlbo teambotnetbrowser injectionc2 communicationchromecivil servicescobalt strikecommand and controlcommand executioncommunication technologiescore werewolfcredential accesscredential harvestingdantedante proxydante proxy usagedarkgaboondata encryptiondata exfiltrationdistributed attacksedgeencryptioneurope/asiaexploit avaliablefairy wolffilegamacopygovernment technologyhive0117hoody hyenahydraulicsin the wildindicatorlateral movementlibrarian ghoulslifting zmiyloaderloader functionalitylockbitlone wolfmalicious powershell activitymalicious softwaremalwaremalware distributionmalware droppermalware implantmalware: trinpermobile carriersmobile networksmoonshine trickstermulti-stage droppernetworkobfuscation techniquesoffice vulnerabilityphishing attackpowershell executionprocess injectionproduct supplyprosperous werewolfpseudogamaredonpublic administrationpublic infrastructurepublic policyqueryrare werewolfred team activityregulatory agenciesremote accessresearchedrezetroom155russiasandbox evasionsapphire werewolfscripting attackssocial engineeringsticky werewolft1003t1003.001t1005t1007t1012t1016t1018t1020t1021t1027t1027.002t1027.009t1036t1036.004t1041t1047t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1068t1069t1069.001t1070t1070.004t1071t1071.001t1071.002t1078t1078.001t1082t1083t1086t1105t1110t1110.001t1113t1119t1120t1133t1136t1136.001t1140t1176t1189t1190t1195t1195.001t1199t1204t1204.002t1205t1205.001t1210t1213t1218t1218.011t1485t1486t1496t1499.002t1499.003t1543.003t1547t1547.001t1547.009t1553.002t1555t1555.004t1556t1556.001t1562t1562.001t1562.006t1565t1566t1566.001t1566.002t1566.003t1568t1569t1569.002t1573t1573.001t1574t1574.001t1574.002t1588t1588.002t1592t1592.002t1592.004t1608t1608.001t1608.002t1608.004t1614t1614.001t1622ta toliktaxoffteam46telecom servicestelecommunicationstrinperunited statesurgentuseragent: edgevengeful wolfwatch wolfwerewolveszero-day exploit

Activity Timeline

1 total obs
Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **infosecteam.info** has been identified as a critical indicator of compromise (IOC) associated with sophisticated cyber threats originating from the United States. First observed on January

Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
7
Reports
First seenJan 19, 2025
Last seenFeb 19, 2026

VirusTotal

Not checked

WHOIS

registrar
NameCheap, Inc.
description
The report outlines a range of targeted phishing campaigns and sophisticated post-exploitation tools employed by various cyber threat actors. Team46 exploited a zero-day vulnerability (CVE-2025-2783) in Chrome through phishing, utilizing decoy documents to discreetly install UltraVNC for access and lateral movement within networks. The Sapphire Werewolf group utilized multi-stage document droppers that bypass sandbox detection, exfiltrating data through Telegram bots, while TA Tolik focused on public-sector data theft. The report highlights a trend of domain impersonation and infrastructure reuse across multiple financially motivated groups, with specific tactics, such as modified LockBit encryption and exploitation of legacy Office vulnerabilities, indicative of the evolving nature of cyber threats. Notably, the increased use of AI-generated code for evading detection was also highlighted.
domain rank
-1
raw
Admin City: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Organization: REDACTED FOR PRIVACY Admin Postal Code: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Creation Date: 2024-02-19T09:42:32Z DNSSEC: unsigned Domain Name: infosecteam.info Domain Status: autoRenewPeriod https://icann.org/epp#autoRenewPeriod Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: dns101.registrar-servers.com Name Server: dns102.registrar-servers.com Registrant City: 1f8f4166599d23ee Registrant Country: IS Registrant Email: f651612a2f356ad3s@ Registrant Fax Ext: 1f8f4166599d23ee Registrant Fax: 1f8f4166599d23ee Registrant Name: 1f8f4166599d23ee Registrant Organization: b3e8b765589988d9 Registrant Phone Ext: 1f8f4166599d23ee Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: 3e0204199d8ebf9c Registrant Street: 1f8f4166599d23ee Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.9854014545 Registrar IANA ID: 1068 Registrar URL: https://www.namecheap.com/ Registrar WHOIS Server: whois.namecheap.com Registrar: NameCheap, Inc. Registry Admin ID: REDACTED FOR PRIVACY Registry Domain ID: 597e4f951d814a35be022a6a765db4fe-DONUTS Registry Expiry Date: 2026-02-19T09:42:32Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Tech City: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Organization: REDACTED FOR PRIVACY Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2025-03-06T10:32:29Z
references
https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/team46-i-taxoff-dve-storony-odnoi-medali, https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/team46-i-taxoff-dve-storony-odnoi-medali/?_hsenc=p2ANqtz--dZoQqZwl9URkLYwlT9Nf0Ra3lXAQZuYzg337cuSaLG3grEkyl6INyF53yPOWQgzRHBpGu5tr0CEgR4YV8Wo36jhRYURiM71H5cuQKoAfWf4ONzsw&_hsmi=357798796#id11
subdomains count
2

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 4 months ago
Appeared in 7 threat reports