IOC Radar
DomainHighVerifiedSignal 78/100

okullu.com

Location
Saint Helena, Ascension and Tristan da CunhaSaint Helena, Ascension and Tristan da Cunha
First Seen
Mar 3, 2026
Last Seen
May 1, 2026
Mar 3
First Seen
103d ago
May 1
Last Seen
45d ago
6
Reports
source reports
78%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
78%
Signal Score
78 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Feed Intelligence Summary

6 reports78% confidence
6
Source reports
78%
Confidence score
Category tags
active scanadwareahkamaterastealerarmasciiasyncratattack_vectorbotnet activitybrute forcecode injectioncoinminercommand and controlcommand executioncommand_and_controlcountloadercredential harvestingcredential stuffingcryptocurrencydata encryptiondata exfiltrationdata store exposureddosddos attacksdelivery_mechanismdropped-by-amadeyelfencodedencryptioneurope/asiaexeexecutable fileexploitexploit kitexploitation activityextortiongafgytguloaderhajimehashhijackloaderhtahttp_trafficidentity & access exploitationindicatorindicators of compromiseindicators_of_compromiseinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinternet of thingsintrusion detectioniociot botnetiot securityiot/ics attackjsligololoadermalicious domainmalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalicious_codemalicious_payloadmalwaremalware distributionmalware_campaignmalware_distributionmetasploitmeterpretermipsmiraimirai botnetmozinetworknetwork securityopendirphishingphishing attackpowershellprocess injectionps1purelogsstealerquasarratransomwareratremcosremcos trojanremcosratremote accessremote servicesresearchedrev-base64-loadersaint helena, ascension and tristan da cunhasalatstealersantastealerscams & fraudscannerscripting attackssecurity operationsshsmoke loadersocial engineeringstealersusp-clipboardsystem disruptiont1021.001t1027t1040t1055t1059t1059.001t1059.003t1059.007t1071t1071.001t1086t1102t1105t1189t1190t1195t1204t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1565t1566t1566.001t1566.002t1566.003t1587.001t1590.001targeting databasethreat intelligencethreat_feedthreat_intelligencetor nodetrojan malwareturkeyua-mshtaua-wgetunited statesvidarvipkeyloggervirusweb exploitationweb securitywormx86xmlxworm

Activity Timeline

1 total obs
May 1May 1

Threat Activity Heatmap

· Peak: 2026-05-01
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **okullu.com**, originating from Saint Helena, Ascension and Tristan da Cunha, has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats. First observed on March

Threat ScoreHigh Risk
78
SIGNAL
Signal Score
78%
Confidence
6
Reports
First seenMar 3, 2026
Last seenMay 1, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

registrar
ODTU Gelistirme Vakfi Bilgi Teknolojileri Sanayi Ve Ticaret Anonim Sirketi
domain rank
-1
raw
Admin City: REDACTED FOR PRIVACY Admin Country: REDACTED FOR PRIVACY Admin Organization: EDREMIT WEB TASARIM Admin Postal Code: REDACTED FOR PRIVACY Admin State/Province: REDACTED FOR PRIVACY Creation Date: 2014-08-10T18:44:00Z Creation Date: 2014-08-10T18:44:22Z DNSSEC: unsigned Domain Name: OKULLU.COM Domain Name: okullu.com Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Name Server: NS1.EDREMITWEB.COM Name Server: NS2.EDREMITWEB.COM Name Server: ns1.edremitweb.com Name Server: ns2.edremitweb.com Registrant City: 1f8f4166599d23ee Registrant Country: REDACTED FOR PRIVACY Registrant Email: 2d8644446d24f14as@ Registrant Name: 1f8f4166599d23ee Registrant Organization: 605218987ceccd7a Registrant Phone: 1f8f4166599d23ee Registrant Postal Code: 1f8f4166599d23ee Registrant State/Province: 1f8f4166599d23ee Registrant Street: 1f8f4166599d23ee Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +90.3129096628 Registrar Abuse Contact Phone: +90.3129881106 Registrar IANA ID: 3871 Registrar Registration Expiration Date: 2026-08-10T18:44:00Z Registrar URL: http://metunic.com.tr Registrar URL: https://metunic.com.tr Registrar WHOIS Server: whois.metunic.com.tr Registrar: ODTU Gelistirme Vakfi Bilgi Teknolojileri Sanayi Ve Ticaret Anonim Sirketi Registry Domain ID: 1870522292_DOMAIN_COM-VRSN Registry Expiry Date: 2026-08-10T18:44:22Z Tech City: REDACTED FOR PRIVACY Tech Country: REDACTED FOR PRIVACY Tech Organization: EDREMIT WEB TASARIM Tech Postal Code: REDACTED FOR PRIVACY Tech State/Province: REDACTED FOR PRIVACY Updated Date: 2024-05-13T04:17:00Z Updated Date: 2024-05-13T04:17:43Z
references
https://urlhaus.abuse.ch/browse/, https://ltna.com.au/cyber
subdomains count
8

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 3 months ago · Last seen 1 month ago
Appeared in 6 threat reports