IOC Radar
DomainMediumSignal 65/100

investrealtydom.net

Location
JapanJapan
First Seen
May 8, 2024
Last Seen
Jun 10, 2026
May 8
First Seen
768d ago
Jun 10
Last Seen
6d ago
8
Reports
source reports
65%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

250 techniques

Feed Intelligence Summary

8 reports65% confidence
8
Source reports
65%
Confidence score
Category tags
#stopransomware: black bastaaa24-131aanydeskaptattackaustraliabatloaderbghbitsblack bastablackbastabotnetbrute ratelc++c2c2 endpointcanadachacha20cisacobalt strikecommand and controlcommand executionconticoroxycredential harvestingcredential theftcritical infrastructuredata encryptiondata exfiltrationdata theftdistributed attacksdouble extortionemergency servicesemotetencryptionevilproxyextortionfinance and insurancefrancegermanyhvs iocsicmp trafficincident responseindicatorinfrastructure acquisitionreconnaissanceiociocsiocsyouitalyjapankrolllateral movementlegallinuxmalicious activitymalicious linksmalicious powershell activitymalicious softwaremalwaremisp eventmisp feednetcatnetsupport managernetworknew zealandnopacoperating systemphishingphishing attackpinkslipbotprocess injectionpsexecqakbotqbotquick assistraasransomwarercloneresearchedretail tradersa-4096scripting attackssocial engineeringstorm-1811strongsystem disruptiont1001t1003t1003.001t1003.003t1003.004t1003.007t1007t1012t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1025t1027t1027.002t1027.003t1033t1036t1036.001t1036.002t1036.003t1036.004t1036.005t1036.006t1036.007t1041t1046t1047t1049t1053t1053.001t1053.002t1053.003t1053.004t1053.005t1053.007t1055t1055.001t1055.002t1055.003t1055.004t1055.008t1055.011t1055.012t1055.013t1056t1056.001t1056.003t1056.004t1057t1059t1059.001t1059.002t1059.003t1059.004t1059.005t1068t1069.001t1070t1070.001t1070.002t1070.003t1070.004t1070.005t1070.006t1070.007t1071t1071.001t1071.002t1071.003t1071.004t1071.005t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1086t1090t1095t1098t1098.001t1098.002t1098.003t1102t1102.001t1102.002t1102.003t1105t1106t1110t1110.001t1110.002t1110.003t1112t1113t1133t1134t1134.001t1134.002t1134.003t1134.004t1134.005t1136t1136.001t1136.002t1136.003t1140t1185t1187t1189t1190t1195t1197t1204t1204.001t1204.002t1210t1213t1213.001t1213.002t1213.003t1218t1222t1486t1490t1496t1497t1498t1499.002t1499.003t1531t1543t1543.001t1543.002t1543.003t1543.004t1543.005t1546t1546.001t1546.002t1546.003t1546.004t1546.005t1546.006t1546.007t1546.008t1546.009t1546.010t1546.011t1546.012t1546.013t1546.014t1546.015t1547t1547.001t1547.009t1550t1550.001t1550.002t1550.003t1550.004t1555t1555.003t1555.004t1560t1562t1562.001t1562.002t1562.003t1562.004t1564t1564.001t1564.002t1564.003t1564.004t1564.005t1564.006t1564.007t1565t1566t1566.001t1566.002t1566.003t1568t1569t1569.002t1570t1571t1572t1573t1573.001t1574t1574.001t1574.002t1574.004t1574.005t1574.006t1574.008t1574.009t1574.010t1574.011t1583t1587t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.005t1588.006t1588.007t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1591t1591.001t1591.002t1591.003t1592t1592.001t1592.002t1592.003t1592.004t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.002t1598.003t1598.004t1608threat actorthreat intelligencetrend microtrickbotvmware esxiwandering spiderweb securitywebdavwinscpwizard spiderwmi

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **investrealtydom.net** has emerged as a significant indicator of compromise (IOC) linked to multiple cyber threats originating from Japan. First observed on May

Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
8
Reports
First seenMay 8, 2024
Last seenJun 10, 2026

VirusTotal

Not checked

WHOIS

description
Black Basta is a financially motivated ransomware group that began operations in 2022. It targets organizations across various sectors, including manufacturing, healthcare, and finance, using a double extortion method. The group encrypts victims' systems and threatens to leak stolen data unless a ransom is paid. Their ransomware spreads via phishing campaigns, exploiting vulnerabilities in systems. Black Basta is known for collaborating with other cybercriminals, which enhances the impact and sophistication of their attacks.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 6 days ago
Appeared in 8 threat reports