DomainHighVerifiedSignal 63/100

`mlcrosoft.co.com`

First Seen

Jun 2, 2026

Last Seen

Jun 6, 2026

Jun 2

First Seen

8d ago

Jun 6

Last Seen

4d ago

Reports

source reports

84%

Confidence

high

Found in 2 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

84%

Signal Score

63 / 100

IDS Rule

Yes

Threat Context

Threat Actors3

AAPT37 SSandworm PPlay

Malware Families2

PPlay CCobalt Strike

Feed Intelligence Summary

2 reports84% confidence

Cyber Press

5d ago

New SHub Stealer Malware Expands Attacks on Browsers and Wallets

1 IOC in report

SentinelOne Blog

May 18, 2026

SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain

8 IOCs in report

Activity Timeline

2 total obs

Jun 5May 18

Threat Activity Heatmap

· Peak: 2026-05-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **mlcrosoft.co.com** has been identified as a critical indicator of compromise (IOC) associated with advanced persistent threat (APT) groups Sandworm and APT

Threat ScoreMedium Risk

SIGNAL

Signal Score

84%

Confidence

Reports

First seenJun 2, 2026

Last seenJun 6, 2026

Verified IOC

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

high

First detected 8 days ago · Last seen 4 days ago

Appeared in 2 threat reports from 2 sources

Associated with: APT37, Sandworm, Play

Used by malware: Play, Cobalt Strike

mlcrosoft.co.com

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

Related Reports

VirusTotal

Export & API

IOC Journey

`mlcrosoft.co.com`