DomainHighVerifiedSignal 68/100

`mail.secmailbox.us`

Location

China

First Seen

Jun 12, 2025

Last Seen

Jun 8, 2026

Jun 12

First Seen

367d ago

Jun 8

Last Seen

5d ago

Reports

source reports

68%

Confidence

high

Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

68%

Signal Score

68 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

191 techniques

Feed Intelligence Summary

5 reports68% confidence

Source reports

68%

Confidence score

Category tags

70+ organizations affectedactive scanningactivity daptapt groupapt15asiaasyncratautomotive manufacturingbackdoorbackdoorsbankingbotnetc2chinachina-nexus threat actorchina-nexus threat actorschinese aptchinese hackerscivil servicescode injectioncommand and controlcommand executioncommunication technologiescredential accesscredit card servicescritical sectorscyber threat intelligencecyber threatscybercriminal partnershipsdata breachdata encryptiondata exfiltrationdata theftdiscorddistributed attacksdouble extortionelectronics manufacturingevasive techniquesevasive ttpsextortionfailfinancefinancial motivationfinancial servicesfinancial technologyfunksecgenerative aighostlockerghostsecgoreshellgovernment technologyhammerhashesindicatorindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure compromiseinitial accessit infrastructureit services compromisekatz stealerkillseclateral movementlinkloadermalicious powershell activitymalicious softwaremalwaremalware developmentmanufacturing technologymediamobile carriersmobile networksmuddywaternetworknetwork intrusionnetwork probingnimbo-c2operational relay boxpayment processingpersistence mechanismsphishingpolitical motivationprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policypurplehazequality controlransomwarereconnaissancereconnaissance activityregulatory agenciesremote accessresearchedrst cloudscanning activityscripting attackssecurity operationssentinelone labssentinelone targetedskuldsoftware developmentsouthstrongsummarysupply chain attacksupply chain compromisesupply chain managementsystem disruptiont1003t1003.001t1003.005t1005t1016t1020t1021t1027t1027.002t1027.003t1027.006t1036t1041t1047t1048t1048.003t1049t1053t1053.005t1055t1055.001t1055.002t1055.004t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059.008t1068t1070t1071t1071.001t1071.004t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1086t1087t1087.001t1087.002t1090t1090.001t1090.002t1090.003t1095t1105t1110t1112t1113t1124t1127t1132t1133t1134t1134.001t1134.002t1134.004t1135t1136t1136.001t1136.002t1140t1189t1190t1195t1195.002t1199t1202t1203t1204t1204.001t1204.002t1207t1210t1211t1213t1213.001t1213.002t1213.003t1213.005t1218t1218.002t1218.003t1218.004t1218.005t1218.007t1218.011t1219t1486t1490t1496t1499.001t1499.002t1499.003t1505.003t1543t1547t1547.001t1547.009t1552t1553t1555t1555.003t1562t1562.001t1562.002t1564t1564.001t1565t1566t1566.001t1573t1573.001t1574t1574.001t1574.002t1574.004t1574.006t1578t1578.001t1578.002t1583t1583.001t1583.003t1583.004t1584t1584.001t1584.002t1585t1585.001t1586t1586.001t1587t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1589t1590t1590.001t1590.002t1590.003t1590.004t1591t1591.001t1592t1592.001t1592.002t1592.004t1593t1593.001t1593.002t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.002t1597t1597.001t1598t1598.001t1598.003t1600t1601t1602t1608t1608.001t1608.002t1608.003t1608.004t1609t1611t1612t1613t1614t1614.001t1615t1619t1620t1622telecom servicestelecommunicationsthreat intelligencethreatstitleunc5174vulnerabilitieswealth managementweb exploitation

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **mail.secmailbox.us** has been identified as a critical indicator of compromise (IOC) linked to a sophisticated threat actor originating from China. First observed on June

Threat ScoreMedium Risk

SIGNAL

Signal Score

68%

Confidence

Reports

First seenJun 12, 2025

Last seenJun 8, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

description: In this SentinelOne Labs investigation, researchers track a sophisticated China-linked threat actor relentlessly targeting high-value entities across multiple sectors. The report uncovers their evasive TTPs, custom malware tooling, and persistent intrusion attempts, providing critical IOCs (Indicators of Compromise) and defensive recommendations. A must-read for threat hunters and security teams defending against advanced persistent threats (APTs).

`mail.secmailbox.us`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy