DomainMediumSignal 50/100

`keyoptions.extensions.largeblob.read`

First Seen

Apr 9, 2026

Last Seen

Apr 14, 2026

Apr 9

First Seen

66d ago

Apr 14

Last Seen

61d ago

Reports

source reports

50%

Confidence

medium

Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

50%

Signal Score

50 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

15 techniques

Feed Intelligence Summary

3 reports50% confidence

Source reports

50%

Confidence score

Category tags

active scananalytics naasciiascii textattackbrute forcebusiness internet servicesbuttonchatclick-based attackclose logcode executioncode injectioncommand executioncontactcredential harvestingcredential stuffingcrlfcrlf lineedit3iconerrorexecutable filefindgartnergdlnameget fiosgtmw2vn2cqguest systemhtml documenthtml pagehtmldivelementidentity & access exploitationindicatorinjection activityiot securityjava sourcejsonlearnlf linelte networkmac osmalicious activitymalicious linksmalwaremetadata analysismitre attacknetworknetwork infonextoverview zenboxphishingphishing attackphone servicespng imagepng multimediaprocesses extraprogramransomwarereactresearchedrgbarotateccwiconsaveiconshopshop verizonshortcutitemsitesmallsocial engineeringsocial media securityspansupportt1055t1055 processt1059t1071t1082t1095t1204.001t1204.002t1497t1518t1560t1562t1566.001t1566.002t1566.003t1574tag managerthreat actortitletor nodeunicode textupgradeuser executionutc amazonutc aw2761768utc aw685973utc bingutc dc685973utc dc9849921utc g12r1dx1lx7utc googleutf8 textverdictverizonverizon businessverizon business accountverizon business phoneverizon business planverizon business serviceverizon for businessvoicexiconzip archive

Activity Timeline

1 total obs

Apr 14Apr 14

Threat Activity Heatmap

· Peak: 2026-04-14

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), identified as `keyoptions.extensions.largeblob.read`, carries significant implications for organizational security, pointing towards potential adversarial activity that warrants immediate attention. Its presence in the environment could signify an active attempt at system reconnaissance, evasion, or even initial access, posing a tangible risk to data integrity and operational continuity. The associated MITRE ATT&CK techniques, such as process injection and var…

Threat ScoreMedium Risk

SIGNAL

Signal Score

50%

Confidence

Reports

First seenApr 9, 2026

Last seenApr 14, 2026

VirusTotal

Not checked

WHOIS

description: <Here is a full list of annotations and links to the research published in the journal of the Open Science.. Â£1.5m (3.3m euros) in its first year.>Email today from them on my line. Very wild things happening here. trying to close my line

`keyoptions.extensions.largeblob.read`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy