IOC Radar
DomainMediumSignal 54/100

s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion

Location
UkraineUkraine
First Seen
Oct 14, 2024
Last Seen
Jun 7, 2026
Oct 14
First Seen
607d ago
Jun 7
Last Seen
6d ago
11
Reports
source reports
54%
Confidence
medium
2/91
VirusTotal
detections
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

79 techniques

Feed Intelligence Summary

11 reports54% confidence
11
Source reports
54%
Confidence score
Category tags
abuseacademic institutionsaccommodation and food servicesaccommodation servicesanydeskasnsautomotive manufacturingbankingblackbytebuilding constructioncanadacisacivil servicescobalt strikecommand and controlcommand executioncommunication technologiesconstruction materialsconstruction safetyconstruction technologyconsumer electronicsconsumer goodscredential accesscredential harvestingcredit card servicescvesdata encryptiondata exfiltrationdata leakdata theftdgadistribution managementdonexdouble extortiondragonforcedrivereducational resourceseducational serviceseducational technologyelectronic componentselectronic designelectronic engineeringelectronic health recordselectronic manufacturingelectronic testingelectronics manufacturingembedded systemsencryptioneuropeextortionfinancefinancial servicesfinancial technologyfoodfood servicesfreight forwardingglobegovernment technologyguest serviceshealth care and social assistancehealth information technologyhealthcare information systemshellokittyhigher educationhospital managementhospitality technologyhotelsin the wildindicatorindustrial automationindustrial iotindustrial productioninformation technologyinventory managementiocs filenameiocs medusait infrastructurek-12 educationlateral movementligolologistics technologylunamalicious powershell activitymalicious softwaremalloxmalwaremanufacturing technologymazemedical servicesmedusamedusa groupmedusa ransomware activitymedusa ransomware attackmedusa threatmedusalockermegamitre attmobile carriersmobile networksmonitormonitoringmsp compromisemspsnetworknetwork iocsnorth americaoperating systempatient carepayment demandspayment processingphishingphishing attackprivilege escalationprocess injectionprocess manufacturingpsexecpublic administrationpublic infrastructurepublic policyquality controlraasransom noteransomwarercloneregdword dregulatory agenciesremote accessremote desktopremote servicesresearchedrestaurant operationsretail tradermm exploitationroyalscripting attackssemiconductor technologyserver exploitationserviceshipping servicessitesocial engineeringsoftware developmentsquadsupply chain attacksupply chain managementsystemsystem disruptiont1003t1003.001t1003.003t1016t1016.001t1021t1021.001t1027t1036t1046t1047t1053.005t1055t1056t1056.001t1056.004t1057t1059t1059.001t1069t1069.001t1070t1071t1071.001t1072t1076t1078t1078.002t1082t1083t1086t1087.001t1087.002t1105t1110t1110.001t1110.002t1112t1113t1120t1133t1134.001t1135t1136t1190t1195t1199t1204t1204.002t1210t1218t1219t1486t1489t1490t1529t1530t1543.003t1562t1562.001t1563t1565t1566t1566.001t1566.002t1566.003t1569t1569.002t1574.001t1583t1584t1588t1589t1590t1591t1592t1593t1594t1595telecom servicestelecommunicationstheytourismtransportation managementttpsuab medusaubuntuukraineverifywannacrywarehouse operationswealth managementzensec

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
11
Reports
First seenOct 14, 2024
Last seenJun 7, 2026

VirusTotal

2/ 91vendors flagged
2% detection rateJun 8, 2026

WHOIS

description
This comprehensive report from Bridewell delves into the operations of the Medusa Ransomware Group. The analysis uncovers the sophisticated tactics, techniques, and procedures (TTPs) employed by this notorious cybercriminal organization.
domain rank
-1
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 days ago
Appeared in 11 threat reports