IOC Radar
DomainMediumSignal 85/100

jacknwoods.com

Location
TurkeyTurkey
First Seen
Dec 21, 2024
Last Seen
Jun 7, 2026
Dec 21
First Seen
547d ago
Jun 7
Last Seen
14d ago
12
Reports
source reports
85%
Confidence
medium
11/91
VirusTotal
detections
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

73 techniques

Feed Intelligence Summary

12 reports85% confidence
12
Source reports
85%
Confidence score
Category tags
active scanactive scanningaerospace & defenseaffiliate programai-powered negotiationalternate data streamsapplied researchaptapt groupasiabdarkratbitterbitter aptblack lockblacklockbotnetbotnet activitybrute forcec2c2 serverchinacivil servicescommand & controlcommand and controlcommand executioncommunication technologiesconfuciusconfucius aptconnectorcredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredefencedefensedefense contractingdefense logisticsdefense sectordefense systemsdefense technologydevelopment labsdistributed attacksel doradoembassies targetedembassyempireencryptencryptionenergyenergy distributioneurope/asiaevasionexploitation activityextortionfileftp brute forceglobalglobal groupgovernment technologyhigher educationidentity & access exploitationindiaindia-alignedindicatorinfrastructure analysisinjection activityinnovation managementintelligence gatheringiot securitylateral movementmadagascarmalicious powershell activitymalicious softwaremalwaremalware deliverymamonamauritiusmilitary operationsmiyaratmiyarat malwaremobile carriersmobile control panelmobile networksnational securitynetworknetwork intrusionnetwork probingnetwork scanningnetwork securitynorth americaoil & gasonlineoperating systemorpcbackdoorpayload executionphishingphishing attackpower generationpower systemsprocess injectionproduct developmentprotocol exploitationptclpublic administrationpublic infrastructurepublic policyr&d strategyraasramp4uransomwarerar archiveratratsreconnaissanceregulatory agenciesremote accessremote access trojanremote servicesrenewable energyresearch & developmentresearch institutions targetedresearch methodologyresearchedscheduled tasksscientific researchscripting attacksshortcut filesocial engineeringsouth asiaspearspearphishingssh attackstreamsystem disruptiont1003t1005t1016t1018t1021t1021.001t1027t1027.002t1027.005t1033t1036t1036.006t1040t1041t1047t1053t1053.005t1055t1056t1056.001t1056.004t1057t1059t1059.001t1059.003t1059.004t1059.005t1068t1069.001t1071t1071.001t1071.004t1076t1078t1078.002t1078.003t1082t1083t1086t1095t1102t1105t1110t1110.001t1110.002t1113t1187t1192t1204t1204.002t1218t1486t1490t1496t1499.002t1499.003t1518.001t1547t1547.001t1560.001t1563t1565t1566t1566.001t1566.002t1566.003t1569t1583t1588t1595t1595.001t1595.002t1595.003ta397targeted attacktechnology researchtelecom servicestelecommunicationstelecommunications sectortelnet threatthreat actortor nodetradeturkeyunited stateswebdavwinrarwm ratwmratwmrat malwareworld bank

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **jacknwoods.com**, originating from Turkey, has emerged as a significant indicator of compromise (IOC) in the cybersecurity landscape. First observed on December

Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
12
Reports
First seenDec 21, 2024
Last seenJun 7, 2026

VirusTotal

11/ 91vendors flagged
12% detection rateJun 8, 2026

WHOIS

domain rank
-1
raw
Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2024-10-23 00:00:00 Domain name: jacknwoods.com Domain registrar id: 48 Domain registrar url: WWW.ENOMDOMAINS.COM Expiry date: 2025-10-23 00:00:00 Name server 1: dns2.name-services.com Name server 2: dns4.name-services.com Name server 3: dns3.name-services.com Name server 4: dns1.name-services.com Query time: 2024-10-24 13:12:35 Registrant city: 1f8f4166599d23ee Registrant company: 1f8f4166599d23ee Registrant country: United States Registrant email: 1084cf23bd1b56ecs@ Registrant fax: 1f8f4166599d23ee Registrant name: 1f8f4166599d23ee Registrant phone: 1f8f4166599d23ee Registrant state: facd29379a9a2b83 Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2024-10-23 00:00:00
references
https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats, https://blog.eclecticiq.com/global-group-emerging-ransomware-as-a-service, https://blog.eclecticiq.com/pakistan-telecommunication-company-ptcl-targeted-by-bitter-apt-during-heightened-regional-conflict, https://www.proofpoint.com/us/blog/threat-insight/bitter-end-unraveling-eight-years-espionage-antics-part-one, December 18th, 2024 - CryptoGen Cyber Threat Intelligence Advisory #5940 - Bitter APT Delivers WmRAT and MiyaRAT Malware
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 14 days ago
Appeared in 12 threat reports