IOC Radar
DomainMediumSignal 57/100

z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion

Location
Saudi ArabiaSaudi Arabia
First Seen
Feb 14, 2025
Last Seen
Jun 7, 2026
Feb 14
First Seen
485d ago
Jun 7
Last Seen
7d ago
12
Reports
source reports
57%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

54 techniques

Feed Intelligence Summary

12 reports57% confidence
12
Source reports
57%
Confidence score
Category tags
abuseactive scanningakiraalienvault_ransomwareanydeskapplication layer protocolaptasiaasnsbakery desotta thanjavurbakery in thanjavurbarbie cakeblack forestblackcatbotnetbrute forcebrute force attacksbuilding constructionbyovdcake ordercakescakes in thanjavurcakes ordercisa kevcobalt strikecommand and controlcommand executioncommercial real estatecommunication protocolcommunity managementcompromised credentialsconstruction materialsconstruction safetyconstruction technologycontactcontent sharingconticream cakescredential accesscredential stuffingdark webdata encryptiondata exfiltrationdata leakagedata theftdenial of servicedevmandgadigital platformsdistributed attacksdouble extortiondragon forcedragonforcedriverencryptionendclient ratesxiexploit avaliableextortionfacilities managementfantasy hufilehash md5filehash sha1filehash sha256freefree websitefresh creamftpftp brute forcegod ratgoogle slidesgootloaderhttp probinghttp scannerhttpshuntersin the wildindicatoringress tool transferiocs filenameiocs medusajeanelapsuslinuxlockbitlog4shellmailing-listmalicious powershell activitymalicious softwaremalwaremamonamarksmedusamegamonitoringmsp compromisemspsmultiple threat actorsnetworknetwork attacksnetwork iocsnetwork protocolnetwork scanningnetwork securitynetwork service scanningoperating systemorderpayloadphishingphoto cakespossible intrusion attemptpotential compromiseprocess injectionproperty investmentproperty managementprotocol exploitationqilinraasraas groupraas modelransomhubransomwarercloneread morereal estatereal estate developmentreal estate marketreal estate technologyreconnaissanceremote accessremote servicesresearchedresidential real estateresumermm exploitationroyalsaudi arabiascattered spiderscripting attacksserviceshinyhunterssmtp probingsocial analyticssocial mediasocial media marketingsocial media securitysocial networkingspencerssh attacksupply chain attacksweetsystemsystem discoverysystem disruptiont1003t1005t1018t1021t1021.001t1027t1036t1040t1046t1053t1055t1059t1059.001t1069.001t1070t1071t1071.001t1076t1078t1082t1083t1086t1090t1105t1110t1110.002t1113t1140t1187t1190t1199t1204t1204.002t1213t1486t1490t1495.001t1496t1499.002t1499.003t1530t1547t1547.001t1555t1560t1562t1563t1565t1566t1569.002t1595t1595.001t1595.002t1595.003tcp protocoltelnet threattemplates freetheythird-party-advisorytier caketrojan malwareuab medusaunknown malware distributionuser engagementvendor-advisoryweb crawlerweb trafficwhite forestzensec

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
12
Reports
First seenFeb 14, 2025
Last seenJun 7, 2026

VirusTotal

Not checked

WHOIS

description
Latest IOCs emerged in 2025

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 12 threat reports