DomainMediumSignal 100/100

`nidlogon.com`

Location

Russian Federation

First Seen

Feb 26, 2021

Last Seen

Feb 19, 2026

Feb 26

First Seen

1932d ago

Feb 19

Last Seen

113d ago

Reports

source reports

99%

Confidence

medium

10/91

VirusTotal

detections

Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

47 techniques

Feed Intelligence Summary

8 reports99% confidence

Source reports

99%

Confidence score

Category tags

analysis androidapkapkpureaptapt37apt43botnetcall recordingchinacommand and controlcredential accesscredential theftdata exfiltrationdevice information gatheringdistributed attacksdprk_aptenglishenglish languagegoogle playgoogle play storeindiaindicatorjapankakaokakao securitykimsukykonnikoreakorea, democratic people's republic ofkoreankorean languagekorean threat actorkospykuwaitmalicious softwaremalwaremobilemobile device compromisemobile espionage campaignmobile malwaremobile securitymobile spyware infectionnepalnetworknorth americanorth koreaoperating systemprocess injectionrepublic ofresearchedromaniarussian federationscarcruftself-signedsms interceptionsoftware updatesoftware update exploitationstoret1005t1018t1021.001t1027t1027.002t1036t1041t1055t1059t1059.004t1064t1068t1069.001t1071t1071.001t1078t1078.004t1082t1113t1114t1114.001t1123t1125t1176t1189t1204.002t1486t1496t1499.002t1499.003t1518t1518.001t1560t1560.001t1562t1565t1566t1566.001t1588t1588.002t1592t1592.001t1592.002t1592.003t1592.004t1595t1595.001threat typeunited statesutilityutility app attackviet nam

Activity Timeline

1 total obs

Feb 19Feb 19

Threat Activity Heatmap

· Peak: 2026-02-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Intelligence SummaryAI Generated

The domain **nidlogon.com** has been identified as a significant indicator of compromise (IOC) associated with botnet and malware activities, first observed on February

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenFeb 26, 2021

Last seenFeb 19, 2026

VirusTotal

10/ 91vendors flagged

11% detection rateJun 8, 2026

WHOIS

registrar: MarkMonitor Inc.
description: A North Korean state-sponsored spyware known as KoSpy has been observed for the first time, according to a new report by Lookout Threat Lab and its partners in the Google Play Store.
domain rank: -1
raw: Creation Date: 2019-07-03T00:55:07+0000 Creation Date: 2019-07-03T00:55:07Z DNSSEC: unsigned Domain Name: NIDLOGON.COM Domain Name: nidlogon.com Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: NS096A.MICROSOFTINTERNETSAFETY.NET Name Server: NS096B.MICROSOFTINTERNETSAFETY.NET Name Server: ns096a.microsoftinternetsafety.net Name Server: ns096b.microsoftinternetsafety.net Registrant City: b6b1ba5f05367788 Registrant Country: US Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 7d1f3c3fb96a62b3 Registrant Name: b94871993eab339b Registrant Organization: 628983377a05fb4c Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 8f198ff1733e2d60 Registrant Postal Code: 2908382a58eb4969 Registrant State/Province: 163b5dbd6196f461 Registrant Street: 86c54a730ec120b0 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.2086851750 Registrar IANA ID: 292 Registrar Registration Expiration Date: 2026-07-03T00:00:00+0000 Registrar URL: http://www.markmonitor.com Registrar WHOIS Server: whois.markmonitor.com Registrar: MarkMonitor Inc. Registrar: MarkMonitor, Inc. Registry Domain ID: 2408923714_DOMAIN_COM-VRSN Registry Expiry Date: 2026-07-03T00:55:07Z Tech Email: [email protected] Updated Date: 2025-06-01T11:45:26+0000 Updated Date: 2025-06-01T11:45:26Z
references: https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37, https://www.bloomberglaw.com/document/public/subdoc/X67FPNDOUBV9VOPS35A4864BFIU, https://malpedia.caad.fkie.fraunhofer.de/actor/apt37, https://twitter.com/jfslowik/status/1212097943550873600
subdomains count: 4

`nidlogon.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy