IOC Radar
DomainMediumSignal 84/100

smthwentwrong.com

Location
JapanJapan
First Seen
Nov 29, 2024
Last Seen
Jun 10, 2026
Nov 29
First Seen
559d ago
Jun 10
Last Seen
yesterday
11
Reports
source reports
84%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

63 techniques

Feed Intelligence Summary

11 reports84% confidence
11
Source reports
84%
Confidence score
Category tags
abuseadsiaptattackbackdoorbackdoor deploymentbotnetc2civil servicescode injectioncommand and controlcompromised websitescredential accesscredential harvestingcredential theftcyber threatsdatadata encryptiondata exfiltrationdgadistributed attacksdnshostnamedrive-by compromiseeuropeexploitationextortionfake browser updatefake updatesfinancefinancial institutionfinancial servicesgermanygovernment technologyindicatorinfrastructure acquisitionreconnaissanceingress tool transferinitial accessiocsjapanjavascript injectionjavascript malwarekeepkeitaro tdsmaasmailmalicious activitymalicious downloadmalicious softwaremalvertisingmalwaremalware distributionmalware-as-a-servicemanualmintsloadernetworkpasspayload deliverypayload obfuscationphishingphishing attackprocess injectionpublic administrationpublic infrastructurepublic policyransomhubransomwareregulatory agenciesremote accessresearchedsocial engineeringstatesystem disruptiont1003t1003.002t1016t1021.002t1027t1041t1047t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.006t1059.007t1068t1069.001t1069.002t1070.004t1071t1071.001t1074.001t1078t1082t1083t1087.002t1095t1105t1133t1135t1188t1189t1190t1195t1195.001t1199t1204t1204.001t1204.002t1482t1486t1490t1496t1499.001t1499.002t1499.003t1543t1547t1547.001t1552t1555t1565t1566t1566.001t1566.002t1566.003t1572t1573.001t1587.001t1590.001t1608t1608.004taiwanthreat actortriggerupdate siemwater scyllaweb exploitationweb injectionwebsite compromise

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **smthwentwrong.com** has emerged as a significant indicator of compromise (IOC) linked to multiple cyber threats originating from Japan. First observed on November

Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
11
Reports
First seenNov 29, 2024
Last seenJun 10, 2026

VirusTotal

Not checked

WHOIS

description
SocGholish, a malware-as-a-service framework, is being used to deploy RansomHub ransomware. It compromises legitimate websites, redirecting visitors to fake browser updates that deliver malicious payloads. The highly obfuscated JavaScript loader evades detection and executes various tasks, including reconnaissance, credential theft, and backdoor deployment. Water Scylla, the group behind this activity, collaborates with threat actors operating rogue Keitaro TDS instances for payload distribution. The attack chain involves multiple stages, from initial access to ransomware deployment. SocGholish's versatile loader can download and execute malicious payloads, exfiltrate data, and execute arbitrary commands. Recent detections show high activity in the US, primarily targeting government organizations.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 day ago
Appeared in 11 threat reports