IOC Radar
DomainMediumSignal 69/100

sentinelxdr.us

Location
ChinaChina
First Seen
Jun 12, 2025
Last Seen
Jun 8, 2026
Jun 12
First Seen
376d ago
Jun 8
Last Seen
14d ago
7
Reports
source reports
69%
Confidence
medium
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

191 techniques

Feed Intelligence Summary

7 reports69% confidence
7
Source reports
69%
Confidence score
Category tags
70+ organizations affectedactive scanningactivity daptapt groupapt15asiaasyncratautomotive manufacturingbackdoorbackdoorsbankingbotnetc2chinachina-nexus threat actorchina-nexus threat actorschinese aptchinese hackerscivil servicescode injectioncommand and controlcommand executioncommunication technologiescredential accesscredit card servicescritical sectorscyber threat intelligencecyber threatscybercriminal partnershipsdata breachdata encryptiondata exfiltrationdata theftdiscorddistributed attacksdouble extortionelectronics manufacturingevasive techniquesevasive ttpsextortionfailfinancefinancial motivationfinancial servicesfinancial technologyfunksecgenerative aighostlockerghostsecgoreshellgovernment technologyhammerhashesindicatorindustrial automationindustrial iotindustrial productioninformation technologyinfrastructure compromiseinitial accessit infrastructureit services compromisekatz stealerkillseclateral movementlinkloadermalicious powershell activitymalicious softwaremalwaremalware developmentmanufacturing technologymediamobile carriersmobile networksmuddywaternetworknetwork intrusionnetwork probingnimbo-c2north americaoperational relay boxpayment processingpersistence mechanismsphishingpolitical motivationprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policypurplehazequality controlransomwarereconnaissancereconnaissance activityregulatory agenciesremote accessresearchedrst cloudscanning activityscripting attackssecurity operationssentinelone labssentinelone targetedskuldsoftware developmentsouthstrongsummarysupply chain attacksupply chain compromisesupply chain managementsystem disruptiont1003t1003.001t1003.005t1005t1016t1020t1021t1027t1027.002t1027.003t1027.006t1036t1041t1047t1048t1048.003t1049t1053t1053.005t1055t1055.001t1055.002t1055.004t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059.008t1068t1070t1071t1071.001t1071.004t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1086t1087t1087.001t1087.002t1090t1090.001t1090.002t1090.003t1095t1105t1110t1112t1113t1124t1127t1132t1133t1134t1134.001t1134.002t1134.004t1135t1136t1136.001t1136.002t1140t1189t1190t1195t1195.002t1199t1202t1203t1204t1204.001t1204.002t1207t1210t1211t1213t1213.001t1213.002t1213.003t1213.005t1218t1218.002t1218.003t1218.004t1218.005t1218.007t1218.011t1219t1486t1490t1496t1499.001t1499.002t1499.003t1505.003t1543t1547t1547.001t1547.009t1552t1553t1555t1555.003t1562t1562.001t1562.002t1564t1564.001t1565t1566t1566.001t1573t1573.001t1574t1574.001t1574.002t1574.004t1574.006t1578t1578.001t1578.002t1583t1583.001t1583.003t1583.004t1584t1584.001t1584.002t1585t1585.001t1586t1586.001t1587t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1589t1590t1590.001t1590.002t1590.003t1590.004t1591t1591.001t1592t1592.001t1592.002t1592.004t1593t1593.001t1593.002t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.002t1597t1597.001t1598t1598.001t1598.003t1600t1601t1602t1608t1608.001t1608.002t1608.003t1608.004t1609t1611t1612t1613t1614t1614.001t1615t1619t1620t1622telecom servicestelecommunicationsthreat intelligencethreatstitleunc5174united statesvulnerabilitieswealth managementweb exploitation

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **sentinelxdr.us** has emerged as a significant indicator of compromise (IOC) linked to a sophisticated threat actor originating from China. First observed on June

Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
7
Reports
First seenJun 12, 2025
Last seenJun 8, 2026

VirusTotal

Not checked

WHOIS

description
In this SentinelOne Labs investigation, researchers track a sophisticated China-linked threat actor relentlessly targeting high-value entities across multiple sectors. The report uncovers their evasive TTPs, custom malware tooling, and persistent intrusion attempts, providing critical IOCs (Indicators of Compromise) and defensive recommendations. A must-read for threat hunters and security teams defending against advanced persistent threats (APTs).
domain rank
-1
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 14 days ago
Appeared in 7 threat reports