IOC Radar
DomainMediumSignal 0/100

www.joesandbox.com

Location
AustraliaAustralia
First Seen
Mar 4, 2025
Last Seen
Jun 8, 2026
Mar 4
First Seen
474d ago
Jun 8
Last Seen
13d ago
2
Reports
source reports
0%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

2 reports0% confidence
2
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This indicator, `www.joesandbox.com`, presents a very low risk to the organization, as it has been explicitly whitelisted and carries a threat score of 0.0. The presence of this domain in threat intelligence feeds does not, by itself, suggest any hostile behavior or compromise. Instead, its listing likely reflects its role as a legitimate online sandbox service used for malware analysis, which might occasionally interact with malicious samples without being malicious itself. Therefore, no immedi…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
2
Reports
First seenMar 4, 2025
Last seenJun 8, 2026

VirusTotal

Not checked

WHOIS

description
ID OB0012 Created 1 August 2019 Last Modified 27 September 2023 Persistence Today I discovered this {https://github.com/MBCProject/mbc-markdown/blob/3559ac6c87a7e8ea9a1fa01bf1155032d7fcdcac/persistence/shutdown-event.md] <this rep. is likely being used in this malware. I haven't ever used Git so I need to look through this more. Do not run this. Behaviors that enable malware to remain on a system regardless of system events, such as reboots. Bootkit F0013 Component Firmware F0009 Hide Artifacts E1564 Hidden Files and Directories F0005 Hijack Execution Flow F0015 Install Insecure or Malicious Configuration B0047 Kernel Modules and Extensions F0010 Malicious Network Driver B0026 Modify Existing Service F0011 Modify Registry E1112 Registry Run Keys / Startup Folder F0012 Ingress Tool Transfer E1105 Shutdown Event B0035

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 13 days ago
Appeared in 2 threat reports