DomainHighVerifiedSignal 93/100
visual.1991-06.com.microsoft
Location
CanadaFirst Seen
Oct 8, 2022
Last Seen
Feb 12, 2026
Found in 4 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
93%
Signal Score
93 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports93% confidence
4
Source reports
93%
Confidence score
Category tags
active scanningaptarubabotnetbrute forcecanadacode injectioncommand and controlcommunication obfuscationcompromised systemscosta ricacredential accessdata encodingdata exfiltrationdistributed attacksdtrackeducationentityenumerateexfiltrationguatemalaindicatorinitial accessios deviceskisakorea, democratic people's republic oflateral movement techniqueslazaruslazarus aptlazarus groupmacos devicesmagicratmalicious softwaremalwaremalware activitymalware analysismexicomiaxdxmyrakeznetworknetwork intrusionnetwork scanningnetwork service scanningnorth koreapanamapersistence mechanismspleaseprocess injectionqt frameworkratreconnaissanceremote accessresearchedrogersscanning activitysecure endpointsystem information discoveryt1005t1016t1018t1025t1027t1033t1036t1041t1046t1053t1055t1059t1059.003t1059.007t1068t1070t1071t1071.001t1071.004t1082t1102t1105t1110t1125t1190t1204.001t1210t1213t1486t1496t1499.002t1499.003t1547t1555t1565t1566t1595t1595.001t1595.002t1595.003talostelecommunicationsthomaskralowthreat spotlighttigerraturlsuwmlifevsingleweb exploitation
Activity Timeline
Feb 12Feb 12
Threat Activity Heatmap
· Peak: 2026-02-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
93
SIGNAL
Signal Score
93%
Confidence
4
Reports
First seenOct 8, 2022
Last seenFeb 12, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- registrar
- MarkMonitor Inc.
- description
- Following the discovery of a new remote access trojan (RAT) developed by a North Korean state-sponsored cyber-attack group, Cisco Talos assesses with moderate to high confidence that the threat actor is North Korea.
- raw
- Admin City: Redmond Admin Country: US Admin Email: [email protected] Admin Organization: Microsoft Corporation Admin Postal Code: 98052 Admin State/Province: WA Billing City: Redmond Billing Country: US Billing Email: [email protected] Billing Organization: Microsoft Corporation Billing Postal Code: 98052 Billing State/Province: WA Creation Date: 2018-06-01T15:16:48Z DNSSEC: unsigned Domain Name: COM.MICROSOFT Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Name Server: ns1-07.azure-dns.com. Name Server: ns2-07.azure-dns.net. Name Server: ns3-07.azure-dns.org. Name Server: ns4-07.azure-dns.info. Registrant City: b6b1ba5f05367788 Registrant Country: US Registrant Email: [email protected] Registrant Fax: 7d1f3c3fb96a62b3 Registrant Name: 1f33d7151e7ebf55 Registrant Organization: 628983377a05fb4c Registrant Phone: 8f198ff1733e2d60 Registrant Postal Code: 2908382a58eb4969 Registrant State/Province: 163b5dbd6196f461 Registrant Street: 86c54a730ec120b0 Registrar Abuse Contact Email: [email protected] Registrar IANA ID: 292 Registrar URL: www.markmonitor.com Registrar: MarkMonitor Inc. Registry Admin ID: REDACTED FOR PRIVACY Registry Billing ID: REDACTED FOR PRIVACY Registry Domain ID: 135860508_DOMAIN-MSFT Registry Expiry Date: 2025-06-01T15:16:48Z Registry Registrant ID: REDACTED FOR PRIVACY Registry Tech ID: REDACTED FOR PRIVACY Tech City: Redmond Tech Country: US Tech Email: [email protected] Tech Organization: Microsoft Corporation Tech Postal Code: 98052 Tech State/Province: WA Updated Date: 2024-04-30T11:32:16Z
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 3 years ago · Last seen 4 months ago
Appeared in 4 threat reports