DomainMediumSignal 82/100

`nac-ac.com`

First Seen

Nov 29, 2025

Last Seen

Jun 18, 2026

Nov 29

First Seen

202d ago

Jun 18

Last Seen

yesterday

Reports

source reports

82%

Confidence

medium

Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

82%

Signal Score

82 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

46 techniques

Feed Intelligence Summary

10 reports82% confidence

Source reports

82%

Confidence score

Category tags

active scanaptapt activityapt groupapt24attack vector: emailautumn dragonbloody wolfbloody wolf groupbrand impersonationbrute forcecentral asiacredential harvestingcredential stuffingcredential theftcustomer experiencedata exfiltrationdata store exposuredata theftdigital commercedigital marketplacee-commercee-commerce platformeurope/asiaexploitation activityfake websitefilehash:md5filehash:sha1filehash:sha256financefraudgovernment impersonationhashesidentity & access exploitationindicatorindicators of compromiseinitial accessinjection activityjar filejarsjava archive malwaremacos malwaremalicious softwaremalwaremalware type: ratnetsupport ratnetworkonline paymentonline retailonline shoppingoperation dreamjobpayload: jar filephishingphishing attackphishing attack campaignprocess injectionransomwareratrat: netsupport ratregion: central asiaremote access trojanresearchedrussiascams & fraudshai-hulud campaignsocial engineeringspear phishing campaignt1027t1053t1055t1056t1057t1059t1059.001t1059.003t1059.005t1068t1071t1071.001t1071.004t1078t1078.001t1078.004t1083t1105t1134.001t1134.002t1189t1190t1192t1195.002t1204t1204.002t1210t1219t1486t1543.003t1547t1547.001t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003t1567.001t1583t1583.001t1583.004t1588t1588.002t1598threat actortor nodewater gamayun

Activity Timeline

1 total obs

Jun 18Jun 18

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **nac-ac.com** has emerged as a significant indicator of compromise (IOC) associated with advanced persistent threat (APT) activities, specifically linked to the APT

Threat ScoreHigh Risk

SIGNAL

Signal Score

82%

Confidence

Reports

First seenNov 29, 2025

Last seenJun 18, 2026

VirusTotal

Not checked

WHOIS

description: Since late June 2025, Group-IB analysts observed a surge in spear-phishing emails across Central Asia. The attackers impersonate government agencies to gain the trust of their victims. This blog describes the techniques, tools and ongoing activity of the threat group known as Bloody Wolf.

`nac-ac.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey