DomainMediumSignal 91/100

`update.updatemicfosoft.com`

First Seen

Jul 31, 2025

Last Seen

May 18, 2026

Jul 31

First Seen

318d ago

May 18

Last Seen

27d ago

Reports

source reports

91%

Confidence

medium

Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

91%

Signal Score

91 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

115 techniques

Feed Intelligence Summary

10 reports91% confidence

Source reports

91%

Confidence score

Category tags

abuseabusech-threatfox-c2cactive scanactive scanningak47 groupak47 ransomwareak47c2ak47c2 backdoorak47c2 frameworkalienvault_ransomwareantivirus terminatorapisaptasiabackdoorbad reputationbitcoin addressbitcoinaddressblacklisted indicatorsblock-or-filter-listbotnetbotnet activitybotnet_c2brute forcebyovd techniquec2c2 communicationchinese aptcivil servicescommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescompromised systemscredential accesscredential stuffingcredential theftcryptocurrencycustom malwarecvedata encryptiondata exfiltrationdata store exposuredefense evasiondistributed attacksdll hijackingdll hijacking techniquedll placementdll sideloadingdllsdragon_cloverdropperdust specterdynamic linkdynamic link libraryencryptionendpoint protection bypassenterprise securityexploitexploitationexploitation activityextortionfigurefileless attackgentlemen ransomwaregovernment technologyhttp scanneridentity & access exploitationiisiis backdooriisbackdoorindicatoringress tool transferinitial accessinjection activityio controliociocslateral movementlibraryloaderlockbitlockbit 3.0lockbit blacklockbit black ransomwarelockbit threatmalicious indicator blockingmalicious indicators blockingmalicious powershell activitymalicious softwaremalwaremiddle eastmobile carriersmobile networksmoonrise ratmsiexecnetworknetwork iocnetwork probingnetwork scanningnetworks unitnoescapenssmntlmobserved hashonline sextortionoperating systempalo altopatch managementphishingphishing campaignphishing urlsprivilege escalationprocess injectionproject ak47psexecpublic administrationpublic infrastructurepublic policyransom houseransomwareransomware operationratrcereconnaissanceregulatory agenciesremote accessremote code executionresearchedruby jumperscripting attackssecurity operationssessionidsharepoint exploitationsharepoint vulnerability exploitationsigned binary abusesoftware vulnerabilitiessourcestorm-2603storm2603storm2603 c2storm2603 iissystem disruptionsystem privilegest1003t1003.001t1005t1016t1020t1021t1021.001t1021.002t1027t1030t1033t1036t1036.004t1036.005t1041t1046t1047t1048t1053t1053.005t1055t1055.002t1057t1059t1059.001t1059.003t1059.004t1059.005t1068t1069.001t1070t1070.001t1070.002t1070.003t1071t1071.001t1071.004t1078t1078.002t1082t1083t1086t1087.002t1090t1090.001t1105t1106t1110t1110.003t1112t1114t1114.001t1119t1120t1124t1132t1132.001t1133t1189t1190t1195t1199t1202t1203t1204t1204.002t1210t1218.011t1486t1489t1490t1496t1499.002t1499.003t1505t1505.003t1543.001t1547t1547.001t1547.009t1555t1555.003t1562t1565t1566t1566.001t1566.002t1567t1567.002t1569t1569.002t1571t1573t1573.001t1573.002t1574.001t1574.002t1583t1583.001t1584t1584.004t1592t1592.001t1595t1595.001t1595.002t1595.003t1598t1598.003t1602t1602.001t1608t1608.001t1610t1612tasktelecom servicestelecommunicationsthe ak47threat actorthreat intelligencetoolstoolshelltor nodetrojan malwareunsafe deserializationvelociraptorvulnerabilityvulnerability scanwarlockwarlock clientwarlock ransomwareweb application attackweb shellweb trafficwindows tools abusewsus

Activity Timeline

1 total obs

May 18May 18

Threat Activity Heatmap

· Peak: 2026-05-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **update.updatemicfosoft.com** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats, including botnet activity, command and control (C

Threat ScoreHigh Risk

SIGNAL

Signal Score

91%

Confidence

Reports

First seenJul 31, 2025

Last seenMay 18, 2026

VirusTotal

Not checked

WHOIS

description: Domain that is used for botnet Command&control (C&C)
raw: Administrative city: REDACTED FOR PRIVACY Administrative country: REDACTED FOR PRIVACY Administrative state: REDACTED FOR PRIVACY Create date: 2025-01-28 00:00:00 Domain name: updatemicfosoft.com Domain registrar id: 69 Domain registrar url: http://tucowsdomains.com Expiry date: 2026-01-28 00:00:00 Query time: 2025-01-29 11:02:12 Registrant city: 1f8f4166599d23ee Registrant company: 1f8f4166599d23ee Registrant country: Saint Kitts and Nevis Registrant email: 857a9d378fa19337s@ Registrant fax: 1f8f4166599d23ee Registrant name: 1f8f4166599d23ee Registrant phone: 1f8f4166599d23ee Registrant state: 5c1896d54f3bb30d Registrant zip: 1f8f4166599d23ee Technical city: REDACTED FOR PRIVACY Technical country: REDACTED FOR PRIVACY Technical state: REDACTED FOR PRIVACY Update date: 2025-01-28 00:00:00

`update.updatemicfosoft.com`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy