IOC Radar
DomainMediumSignal 82/100

ttbbaits.com

Location
United StatesUnited States
First Seen
Oct 22, 2025
Last Seen
Jun 20, 2026
Oct 22
First Seen
248d ago
Jun 20
Last Seen
7d ago
10
Reports
source reports
82%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

46 techniques

Feed Intelligence Summary

10 reports82% confidence
10
Source reports
82%
Confidence score
Category tags
aptapt activityapt groupapt24attack vector: emailautumn dragonbloody wolfbloody wolf groupbrand impersonationcentral asiacredential harvestingcredential theftcustomer experiencedata exfiltrationdata theftdigital commercedigital marketplacee-commercee-commerce platformeurope/asiafake websitefilehash:md5filehash:sha1filehash:sha256financefraudgovernment impersonationhashesindicatorindicators of compromiseinitial accessjar exploitationjar filejarsjava archive malwaremacos malwaremalicious softwaremalwaremalware deliverymalware type: ratnetsupport ratnetworknorth americaonline paymentonline retailonline shoppingoperation dreamjobpayload: jar filephishingphishing attackphishing attack campaignprocess injectionratrat: netsupport ratregion: central asiaremote access toolremote access trojanresearchedrussiashai-hulud campaignsocial engineeringsocial media attackspear phishing campaignt1027t1053t1055t1056t1057t1059t1059.001t1059.003t1059.005t1068t1071t1071.001t1071.004t1078t1078.001t1078.004t1083t1105t1134.001t1134.002t1189t1190t1192t1195.002t1204t1204.002t1210t1219t1486t1543.003t1547t1547.001t1555.003t1555.004t1565t1566t1566.001t1566.002t1566.003t1567.001t1583t1583.001t1583.004t1588t1588.002t1598united stateswater gamayun

Activity Timeline

1 total obs
Jun 20Jun 20

Threat Activity Heatmap

· Peak: 2026-06-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
10
Reports
First seenOct 22, 2025
Last seenJun 20, 2026

VirusTotal

Not checked

WHOIS

registrar
TUCOWS.COM, CO.
creation date
2025-09-09T11:06:38
expiration date
2026-09-09T11:06:38
updated date
2025-09-09T11:06:39
name servers
1-YOU.NJALLA.NO, 2-CAN.NJALLA.IN, 3-GET.NJALLA.FO
country
KN
emails
[email protected]
org
REDACTED FOR PRIVACY
status
clientTransferProhibited https://icann.org/epp#clientTransferProhibited, clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 8 months ago · Last seen 7 days ago
Appeared in 10 threat reports