DomainMediumSignal 46/100
secretsdump.py
Location
CanadaFirst Seen
Mar 11, 2024
Last Seen
Jun 16, 2026
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
10 reports46% confidence
10
Source reports
46%
Confidence score
Category tags
::keywords_error_mainabuseacademic institutionsacceptaccount securityactive scanadmin countryalienvault_ransomwareanomalyantakapis nothingarchasciiascii textasiaaslrattackattack type: persistenceauthentication protocol: ntlmautomotive manufacturingavailable frombackupbad reputationbest ipbifrostbitratbluenoroffbodybypasscanadacbe cnalphasslcheck domaincisa kevcivil servicesclick-based attackcobalt strikecobaltstrikecode executioncode injectioncommand and controlcommand executioncommand linecommunication technologiescomspeccopiedcorecorporate lawcountrycreation datecredcredential accesscredential harvestingcredentials theftcultcus cnletcyber threatsdangerous filedat ngocdatadata encryptiondata exfiltrationdau tudefense evasiondesc1dns attackdroppeddropseducational resourceseducational serviceseducational technologyelectronic health recordselectronics manufacturingemotetempireencryptionenterprise securityentityentryerrorexe32exists1expired certificateexploitexploit availableexploit codeexploitationexploitation activityextortionfalsefbi salesforce iocsfinancefinancial servicesflashflipformfull pathg2 oglobalsigngenericgeneric cilghosthiregovernment technologygreengrouphead marehealth care and social assistancehealth information technologyhealthcare information systemshermanoshighhigher educationhistorical sslhomenethospital managementhostsiana idicons libraryiframeimportin the wildindicatorindustrial automationindustrial iotindustrial productioninfoinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjectinput validation bypassinstallintelintellectual property lawinveighissuerit infrastructurejapank-12 educationkey algorithmkey identifierkey infokilllateral movementlaw practicelegal consultinglegal researchlegal serviceslegal technologylink librarylocallockbitloggerlsassltcgcmacosmakopmaliciosamalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmalware: avemaria ratmalware: remcos ratmalware: smoke loadermalware: trojanmalware: warzone ratmanufacturing technologymd51mediamedical servicesmetasploitmeterpretermitmmitre attackmobile carriersmobile networksmodelmodulemon junmonoms windowsmutexes nothingmz created1networknetwork infonextno problemsnorth americanothingntlmntlm protocol abusentlm relaynumberobfusopenoperating systemoperating system securityos2 executableoverview zenboxparent pidpasspatch managementpathpath traversalpatient carepe filepe32 compilerpe32 libraryperforms dnsphantomcorephishingphp-cgiphpcgiphpshellpipespleasepolicy ippornpostal codeprivacy techprobeprocess injectionprocess manufacturingprocesses extraprojectpsexecpublic administrationpublic infrastructurepublic keypublic policypythonpython scriptquality controlransomwareread filesreason1record typeredacted forredline stealerregistrant nameregistry keysregulatory agenciesregulatory compliancerelacionada conremcos trojanremote accessremote servicesresearchedrootkitroundupscanidschoolscorescripting attacksscripting languagesearchserverservicesg2backup driveshellshellcodeshowingsignsmbexecsmoke loadersocial engineeringsoftware developmentsoftware exploitationsoftware vulnerabilitiesssl certificatesubject publicsupply chain managementsystem disruptiont1003.001t1021t1021.001t1021.002t1027t1033t1036t1040t1047t1055t1055 processt1056t1059t1059.001t1059.003t1059.007t1064t1069.001t1071t1071.001t1078t1078.004t1082t1083t1086t1095t1105t1110t1132t1134t1136t1140t1187t1190t1203t1204.001t1204.002t1218t1222t1486t1490t1497t1499.001t1499.002t1505t1518t1547t1547.001t1552t1555t1557t1557.001t1558.003t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1569.002t1572t1573t1574t1587.001t1590.001taowutargettargeted attackstargeting:japanteamtelecom servicestelecommunicationstemptermthorthreat actorthreat rounduptls snitnhh quantoddycattoolstools: impackettools: inveightools: mimikatztools: psexectools: respondertools: smbexectools: wmiexectracetrack phonetracking pixeltrashtrojan malwarettl valuettps: comspec abusettps: lsass dumpingttps: webdav abusettps: winrar exploitationtwitterunc6040unc6395unicode textuploadurls httpuser executionutf8 textuzbekistanv3 serialvoidvulnerabilities and exploitswarzoneweb application exploitationweb developmentweb exploitationwebdavwebshellwhois recordwhois whoiswidewin16 newin32 dynamicwinrarwmiexecwriteswrites shellx3 oletx509v3 keyx509v3 subjectxploitzero
Activity Timeline
Jun 16Jun 16
Threat Activity Heatmap
· Peak: 2026-06-16LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **secretsdump.py**, originating from Canada, has emerged as a significant indicator of compromise (IOC) in recent threat intelligence reports. First observed on March
Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
10
Reports
First seenMar 11, 2024
Last seenJun 16, 2026
VirusTotal
Not checked
WHOIS
- description
- [Find out the best IP logging tools and tools at £1.5m in the UK, Ireland, Wales, Scotland and Northern Ireland on the website+ here is the full list.]
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 10 days ago
Appeared in 10 threat reports