IOC Radar
DomainMediumSignal 100/100

sorlastore.com

Location
IndiaIndia
First Seen
Jun 19, 2025
Last Seen
Jun 7, 2026
Jun 19
First Seen
361d ago
Jun 7
Last Seen
9d ago
12
Reports
source reports
99%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Feed Intelligence Summary

12 reports99% confidence
12
Source reports
99%
Confidence score
Category tags
.desktop fileaerospace & defenseapt36asiabackboss linuxboss.elfbotnetcanadacivil servicescommandcommand and controlcontrolcredential harvestingcyber espionagecyber-espionagecyfirmadata exfiltrationdefensedefense contractingdefense logisticsdefense sectordefense systemsdefense technologydistributed attackself binaryfirstformatgovernment technologyhuntindiaindian defenseindicatoringress tool transferlinuxmalicious softwaremalwaremilitary operationsnational securitynetworknorth americaoperation c-majorphishingphishing attackpowerpoint exploitationppamppam macroprocess injectionpublic administrationpublic infrastructurepublic policyregulatory agenciesresearchedsocial engineeringspearphishingt1005t1016t1027t1027.003t1036t1041t1053.005t1055t1059t1059.004t1064t1068t1071t1071.001t1071.002t1095t1105t1189t1192t1204t1204.002t1486t1496t1499.002t1499.003t1518t1543t1547.006t1564t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1588t1588.002targettransparent tribetrojan malwarezip

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **sorlastore.com** has emerged as a significant indicator of compromise (IOC) linked to multiple cyber threats originating from India. First observed on June

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
12
Reports
First seenJun 19, 2025
Last seenJun 7, 2026

VirusTotal

Not checked

WHOIS

description
APT36, known as Transparent Tribe, has emerged as a sophisticated cyber-espionage threat targeting the Indian defense sector, employing new tactics to exploit Linux environments, particularly the BOSS Linux distribution favored by government agencies. The group's attack campaign primarily involves phishing emails containing malicious ZIP files, which, when executed, initiate a dual-action mechanism: deceiving users with a legitimate PowerPoint file while executing a malicious ELF binary named BOSS.elf in the background. This malware gathers critical system information, establishes persistence, and communicates through a command-and-control channel aimed at managing its operations and exfiltrating sensitive data, underscoring the evolving threat landscape against Linux-based infrastructures within critical government sectors.
domain rank
-1
raw
Administrative city: Reykjavik Administrative country: Iceland Administrative email: [email protected] Administrative state: Capital Region Create date: 2025-03-28 00:00:00 Domain name: sorlastore.com Domain registrar id: 1068 Domain registrar url: http://www.namecheap.com Expiry date: 2026-03-28 00:00:00 Name server 1: ns3.middlehost.com Name server 2: ns2.middlehost.com Name server 3: ns1.middlehost.com Query time: 2025-03-29 10:21:04 Registrant city: ddbf76e4e8cee320 Registrant company: 4b7a0912c26a13e2 Registrant country: Iceland Registrant email: [email protected] Registrant name: 37bfbc24cafea5d2 Registrant phone: ef7c9ebdb324979a Registrant state: 3e0204199d8ebf9c Registrant zip: f206c9d9737ad45d Technical city: Reykjavik Technical country: Iceland Technical email: [email protected] Technical state: Capital Region Update date: 2025-03-28 00:00:00
references
https://www.cyfirma.com/research/phishing-attack-deploying-malware-on-indian-defense-boss-linux, https://www.cyfirma.com/research/phishing-attack-deploying-malware-on-indian-defense-boss-linux/
subdomains count
3

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 12 threat reports