DomainHighVerifiedSignal 28/100
korovkamu.com
First Seen
May 7, 2026
Last Seen
May 13, 2026
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
28%
Signal Score
28 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
5 reports28% confidence
5
Source reports
28%
Confidence score
Category tags
indicatorinfostealerkpuspriyonewsmacosnetworkphantompulseresearchedshub stealert1005t1027t1036t1041t1059.002t1059.007t1082t1083t1087t1140t1204t1539t1543.001t1543.004t1552.001t1555.001t1555.003t1560t1574t1614ydznvjljcz6f7
Activity Timeline
May 13May 13
Threat Activity Heatmap
· Peak: 2026-05-13LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **korovkamu.com** has been identified as a critical indicator of compromise (IOC) associated with malware activities, specifically infostealers targeting macOS systems. First observed on May
Threat ScoreLow Risk
28
SIGNAL
Signal Score
28%
Confidence
5
Reports
First seenMay 7, 2026
Last seenMay 13, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- CNOBIN INFORMATION TECHNOLOGY LIMITED
- description
- Command and Control domains for Malware. These domains are extracted from a number of sources, and are suspicious.
- raw
- Creation Date: 2026-04-22T23:43:17Z DNSSEC: unsigned Domain Name: KOROVKAMU.COM Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: ARNOLD.NS.CLOUDFLARE.COM Name Server: ASHLEY.NS.CLOUDFLARE.COM Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +852.30501810 Registrar IANA ID: 3254 Registrar URL: http://www.ordertld.com Registrar WHOIS Server: whois.ordertld.com Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED Registry Domain ID: 3091131834_DOMAIN_COM-VRSN Registry Expiry Date: 2027-04-22T23:43:17Z Updated Date: 2026-04-22T23:43:17Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 1 month ago · Last seen 1 month ago
Appeared in 5 threat reports