IOC Radar
DomainHighVerifiedSignal 50/100

mirrors-openjdk.org

Location
CanadaCanada
First Seen
Jul 5, 2025
Last Seen
Mar 2, 2026
Jul 5
First Seen
349d ago
Mar 2
Last Seen
110d ago
6
Reports
source reports
50%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

20 techniques

Feed Intelligence Summary

6 reports50% confidence
6
Source reports
50%
Confidence score
Category tags
active scanningaisocaisoc dnsaptaptq95assessment blogattack targetsblogbuilding constructioncanadacanada daychamd5 blogchiselcommunications networksconstruction materialsconstruction safetyconstruction technologycredential accesscredential harvestingcritical infrastructuredata exfiltrationdefense systemsemergency servicesenergyenergy distributionenergy systemsfinancial systemsfraud riskgovernment facilitieshigh-tech sectorindicatoriot icsmicrosoft exchangenetworknetwork probingnorth americaoil & gasphishing attackpower generationpower systemsr1090reconnaissancerenewable energyresearchedsoarsocial engineeringsupply chain attackt1005t1027t1041t1053.005t1055t1059t1068t1071t1071.004t1078t1090.001t1105t1190t1566t1566.001t1566.002t1566.003t1595.001t1595.002t1595.003transportation networkswater systems

Activity Timeline

1 total obs
Mar 2Mar 2

Threat Activity Heatmap

· Peak: 2026-03-02
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

The domain **mirrors-openjdk.org**, originating from Canada, has been identified as an active indicator of compromise (IOC) associated with advanced persistent threat (APT) activities, specifically linked to the threat actor group APTQ

Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
6
Reports
First seenJul 5, 2025
Last seenMar 2, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
Tucows Domains Inc.
creation date
2025-04-14T18:39:35
expiration date
2026-04-14T18:39:35
updated date
2026-05-25T05:55:46
name servers
1-you.njalla.no, 2-can.njalla.in, 3-get.njalla.fo
emails
[email protected]
status
redemptionPeriod https://icann.org/epp#redemptionPeriod

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 11 months ago · Last seen 3 months ago
Appeared in 6 threat reports