IOC Radar
DomainMediumSignal 54/100

www.sandoll.co.kr

Location
United StatesUnited States
First Seen
Apr 17, 2026
Last Seen
Apr 27, 2026
Apr 17
First Seen
59d ago
Apr 27
Last Seen
48d ago
4
Reports
source reports
54%
Confidence
medium
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Feed Intelligence Summary

4 reports54% confidence
4
Source reports
54%
Confidence score
Category tags
acceptaccessactiveactive scanagentaigall domainall ipv4america flaganguillaas2497 internetas9714 vocusascii textaslraustraliaaustralia asnbazaarbodyc0 a0c4 d8cachechristopher ahmannck idclickcommandcommerce industrycontent typecookiecopycre puldatadata uploaddefense evasiondeletedenverdenver courtsdes moinesdns attackdomaindomains topdougcodr wifidynamicloaderee fcemailsenricenterenter scerrorexclude suggesexploitation activityextraextra dataextraction datafailedff d5filefilesfiles ipfindfind sfoundrypalantirguardhackinghighhybridid logininclude reviewincluded iocsindicatorindustry commerceinjusticeiocsiot securityipv4japan asnjapan unknownjeffrey reimerlearnlegallevellocallookmalwaremediamediummitm_attacksmitre attmitre attackmsiemusicmwdbname serversname tacticsnetworknetwork infonextnorth americantgraph xeoceaniaoverview zenboxpassive dnspathpattern matchpe filepegasusphishingpoleasspornhubportpostpowershellprocesses extraprogramquasireadreferenrefreshregistrant namereimer gropesrelated pulsesresearchedrestartreview iocssabeysc datascript scriptsearchserviceset cookieshhhshibuyaspanspawnsssdeepstatestate coloradostringst1010t1018t1027t1036t1045t1047t1055t1056t1057t1059t1059.001t1060t1069t1069.002t1070t1071t1071.001t1071.004t1082t1083t1095t1105t1480t1497t1518t1547t1553t1553.002t1560t1562t1573t1574telecommunicationsthreat actortitletoolstop destinationtop sourcetor nodetrackertrojantsara brashearstt trtulachtypetype olultradns clientunitedunited statesupatreurlsvalueverdictverifywifiwifi datawifi idwindows ntworkers compensationworld mediawritewrite cxportyara detectionsyara rule

Activity Timeline

1 total obs
Apr 27Apr 27

Threat Activity Heatmap

· Peak: 2026-04-27
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
4
Reports
First seenApr 17, 2026
Last seenApr 27, 2026

VirusTotal

Not checked

WHOIS

description
<<Anomalous binary characteristics have been identified in a file that is being used to compile a Windows operating system for the first time in the history of the software, as well as an unauthorised virus>> Darkgate. Links wouldnt attach. User does not have whatsapp.
raw
AC E-Mail : [email protected] Host Name : ns1.kidc.net Host Name : ns2.lgdacom.net Registrant : 4755dad741248e89 Registrant Address : cfa1c5e3547b9381 Registrant Zip Code : 269ffb08f04d9853 책임자 전자우편 : [email protected] 호스트이름 : ns1.kidc.net 호스트이름 : ns2.lgdacom.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 1 month ago
Appeared in 4 threat reports