IOC Radar
DomainHighVerifiedSignal 68/100

sastind-cn.org

Location
United StatesUnited States
First Seen
Oct 24, 2023
Last Seen
Jul 18, 2025
Oct 24
First Seen
964d ago
Jul 18
Last Seen
331d ago
5
Reports
source reports
68%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Feed Intelligence Summary

5 reports68% confidence
5
Source reports
68%
Confidence score
Category tags
"delphiactive scanningapplication layer protocolaptattackauthentication attemptsbotnetbrute forcebrute force attackchinacommandcommand and controlcommunication protocolcredential accesscredential brute forcecredential harvestingcredential stuffingdata encryptiondata exfiltrationdelphi ratdenial of servicedistributed attacksdropperenumerationftpftp brute forcehttp brute forcehttp scannerhttpsindicatorinfrastructure acquisitionreconnaissanceinitial accesslateral movementlogin attemptlogin attemptslogin brute forcemalicious activitymalicious rtfmalicious softwaremalwaremalware distributionmd5networknetwork activitynetwork attacksnetwork enumerationnetwork intrusion attemptnetwork layer protocolnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningofficcepassword attackspassword crackingpassword sprayingpatchworkphishing attackpossible reconnaissancepotential intrusionpotential vulnerability exploitationpotential-c2process injectionprotocol exploitationquasarratquasarrat filereconnaissanceremote accessremote access trojanremote servicesresearchedrtfrtf exploitservice scansmb brute forcesocial engineeringspearphishingssh attacksuspected intrusion attemptsyn port scansyn scansystem discoveryt1005t1016t1018t1021t1021.001t1021.002t1027t1040t1041t1046t1047t1053t1053.005t1055t1059t1059.001t1059.004t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1137.001t1189t1190t1203t1204.002t1210t1486t1496t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1587.001t1588t1588.002t1589t1590.001t1595t1595.001t1595.002t1595.003task schedulertcp protocoltcp scantelnet threatthink tankthreat actorudp port scanudp scanunauthorized access attemptunited statesvalid accountsweb traffic

Activity Timeline

1 total obs
Jul 18Jul 18

Threat Activity Heatmap

· Peak: 2025-07-18
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
5
Reports
First seenOct 24, 2023
Last seenJul 18, 2025
Verified IOC

VirusTotal

Not checked

WHOIS

domain rank
-1
references
https://www.volexity.com/blog/2018/06/07/patchwork-apt-group-targets-us-think-tanks/, https://labs.inquest.net/iocdb
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 2 years ago · Last seen 11 months ago
Appeared in 5 threat reports