IOC Radar
DomainMediumSignal 86/100

litby.us

Location
United StatesUnited States
First Seen
Jun 18, 2022
Last Seen
Apr 4, 2026
Jun 18
First Seen
1456d ago
Apr 4
Last Seen
69d ago
15
Reports
source reports
86%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
86%
Signal Score
86 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

72 techniques

Feed Intelligence Summary

15 reports86% confidence
15
Source reports
86%
Confidence score
Category tags
account discoveryaccount profilingaccount takeoveractive scanactive scanningaerospace & defenseaptapt33apt35apt39apt42asiaaustraliaauthaccj8rr4cb1a httpbelleza equiposbotnetbotnet activitybrute forceciudadcivil servicesclick-based attackcode executioncold-callingcommand and controlcommand executioncommunication protocolcorporate lawcredential accesscredential harvestingcredential stuffingcredential theftcyber espionagedata encryptiondata exfiltrationdata store exposuredatabase securityddosdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedeputy primedistributed attacksemennet pasargadencryptionexecutable fileexploitation activityexploitation of vulnerabilitiesfinforeignftpftp brute forcefuturegeuanrtsuy httpgooglegoogle cloudgovernment technologyhemmjcbviy httphttp brute forcehttp scannerhumanhuman rightsidentity & access exploitationilengb httpsindicatorinitial accessinjection activityinjection attacksinsiktinsikt groupintellectual property lawintrusion detectioniocs includediot securityiranirgcisraelisraelikgcsjdfhty httplateral movementlaw practiceleer mslegallegal consultinglegal researchlegal serviceslegal technologylitbymajor generalmaldocmalicious linksmalicious powershell activitymalicious softwaremalwaremediamiddlemiddle eastmilitary operationsmobile threatnational securitynetworknetwork attacksnetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securityngonorth americaoceaniapeace genderphishingphishing attackphosphoruspolticaprivacyprocess injectionpublic administrationpublic infrastructurepublic policyransomwarerarrar filereconnaissanceregulatory agenciesregulatory complianceremote accessremote servicesresearchedsalascannerscripting attacksself-signedsir banisocial engineeringsoftware exploitationspearphishingssh attacksupply chain attacksynt1003t1003.001t1003.005t1021t1021.001t1021.002t1027t1040t1047t1053t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1071.001t1076t1077t1078t1078.004t1083t1086t1105t1110t1110.001t1110.002t1110.003t1136t1136.002t1189t1190t1192t1203t1204t1204.001t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1539t1563t1565t1566t1566.001t1566.002t1566.003t1567t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1592t1592.001t1592.002t1592.003t1595t1595.001t1595.002t1595.003t1598t1598.003tamecattcp protocolthink tanksthreat actorthreat analysisthreat intelligencetinyurltor nodetwo-factor authenticationtyposquattzipi livniunauthorized access attemptunited statesuser executionutensiliosvaporalvistavulnerability scanwatchwatch staffwcsaejyhqy httpweb loginweb trafficwishlist vistawomenwordxktfqqpmda httpxmasyahooyas forum

Activity Timeline

1 total obs
Apr 4Apr 4

Threat Activity Heatmap

· Peak: 2026-04-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
86
SIGNAL
Signal Score
86%
Confidence
15
Reports
First seenJun 18, 2022
Last seenApr 4, 2026

VirusTotal

Not checked

WHOIS

registrar
MarkMonitor, Inc.
description
This is a pulse created to house CND internal IOCs that we want to monitor, please add title to explain what the IOC and a further description of if this is needed.
domain rank
-1
raw
Admin City: Redmond Admin Country: US Admin Email: [email protected] Admin Organization: Microsoft Corporation Admin Postal Code: 98052 Admin State/Province: WA Creation Date: 2023-08-17T06:49:55+0000 Creation Date: 2023-08-17T06:49:55Z DNSSEC: unsigned Domain Name: litby.us Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: ns1.markmonitor.com Name Server: ns2.markmonitor.com Name Server: ns3.markmonitor.com Name Server: ns4.markmonitor.com Name Server: ns5.markmonitor.com Name Server: ns6.markmonitor.com Name Server: ns7.markmonitor.com Registrant Application Purpose: 97f9aa8e7c9dcd53 Registrant City: b6b1ba5f05367788 Registrant Country: US Registrant Email: 00659fb44a1b5b4fs@ Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 7d1f3c3fb96a62b3 Registrant Name: 628983377a05fb4c Registrant Nexus Category: bf1e48e0de7e5ac5 Registrant Organization: 628983377a05fb4c Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 8f198ff1733e2d60 Registrant Postal Code: 2908382a58eb4969 Registrant State/Province: 163b5dbd6196f461 Registrant Street: 3432650ec337c945 Registrant Street: 86c54a730ec120b0 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.2083895740 Registrar Abuse Contact Phone: +1.2086851750 Registrar IANA ID: 292 Registrar Registration Expiration Date: 2026-08-17T00:00:00+0000 Registrar URL: http://www.markmonitor.com Registrar URL: www.markmonitor.com Registrar WHOIS Server: whois.markmonitor.com Registrar: MarkMonitor, Inc. Registry Admin ID: C37688736-US Registry Domain ID: D6E9451771659495282A40EB0D8711465-GDREG Registry Expiry Date: 2026-08-17T06:49:55Z Registry Registrant ID: C37688736-US Registry Tech ID: C37688736-US Tech City: Redmond Tech Country: US Tech Email: [email protected] Tech Organization: Microsoft Corporation Tech Postal Code: 98052 Tech State/Province: WA Updated Date: 2025-07-16T12:18:42+0000 Updated Date: 2025-07-21T12:18:43Z
references
https://www.ic3.gov/Media/News/2024/240927.pdf, https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations, https://www.recordedfuture.com/suspected-iran-nexus-tag-56-uses-uae-forum-lure-for-credential-theft-against-us-think-tank, IOCs2.pdf, 2640656.misp-json, https://go.recordedfuture.com/hubfs/reports/cta-2022-1129.pdf, https://mailer-daemon.net/file=sharing=system/file.id.x=xxxxxx/first.check.html, https://continuetogo.me/Sec=Tab=settings/id=xxxxx=xxxxx/continue-to-settings.php, https://mailer-daemon.net/file=sharing=system/file.id.X=xxxxxx/continue-to-settings.php, https://mailer-daemon.live/sec=file=sharing/check.id=xxxxxxxx=xxxxxx/index.php, https://tinyurl.ink/8tio97cy/Iran%20nuke.docx, https://www.hrw.org/news/2022/12/05/iran-state-backed-hacking-activists-journalists-politicians, https://research.checkpoint.com/2022/check-point-research-exposes-an-iranian-phishing-campaign-targeting-former-israeli-foreign-minister-former-us-ambassador-idf-general-and-defense-industry-executives/, https://twitter.com/_CPResearch_/status/1536674728970272775
subdomains count
10

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 2 months ago
Appeared in 15 threat reports