IOC Radar
DomainMediumSignal 69/100

server.fsocmicrsoft.com

Location
AfghanistanAfghanistan
First Seen
Jan 25, 2026
Last Seen
Jun 7, 2026
Jan 25
First Seen
151d ago
Jun 7
Last Seen
19d ago
8
Reports
source reports
69%
Confidence
medium
13/91
VirusTotal
detections
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

34 techniques

Feed Intelligence Summary

8 reports69% confidence
8
Source reports
69%
Confidence score
Category tags
afghanistanapt36asiabankingc2c2 infrastructurecivil servicescommand and controlcommunication protocolcredential theftcredit card servicescyber threatsdata downloaddata exfiltrationdata theftdllenumeratefinancefinancial servicesfinancial technologygovernment technologyhttp posthttp scannerindicatoringress tool transferkazakhkazakhstankazakratkazakrat c2kazakrat malware campaignmalicious downloadmalicious softwaremalwaremalware distributionmetadata analysismobilemobile securitymsinetworknetwork enumerationoperating systempayment processingpermalink foundphishingprocess injectionpublic administrationpublic infrastructurepublic policypythonpython malwareratrat dllregistry persistenceregulatory agenciesremote access toolresearchedrun key persistenceself-signedsocial media securitystate-sponsoredt1005t1016t1021.001t1041t1053t1055t1056t1057t1059t1064t1069.001t1071t1071.001t1078t1082t1083t1105t1106t1113t1190t1204.002t1213t1218.010t1486t1499.001t1499.002t1547t1547.001t1564.001t1565t1566t1566.001t1567t1573targeted malware campaignunencrypted c2variant bvariant cwealth managementweb trafficwindows malware

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **server.fsocmicrsoft.com**, originating from Afghanistan, has been identified as a significant indicator of compromise (IOC) in recent threat intelligence reports. This malicious domain has been active since January

Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
8
Reports
First seenJan 25, 2026
Last seenJun 7, 2026

VirusTotal

13/ 91vendors flagged
14% detection rateJun 8, 2026

WHOIS

description
The analysis identified a persistent malware campaign associated with a suspected state-affiliated actor targeting entities in Kazakhstan and Afghanistan. The malware, referred to as KazakRAT, has been utilizing command-and-control (C2) servers since at least August 2022 and employs various tactics for malware delivery and persistence. Specifically, the malware samples have been delivered as .msi files, with each variant employing different mechanisms while all managing persistence via the Run registry key, executing the DLL with rundll32.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 months ago · Last seen 19 days ago
Appeared in 8 threat reports