TF-1817047
high
📛 Threat Title
Unknown malware: Domain name that delivers a malware payload teams.livesweb.us
Description
Indicator that identifies a malware distribution server (payload delivery). IOC type: Domain name that delivers a malware payload. Attributed malware: Unknown malware. Confidence: 80. First seen: 2026-05-22 08:11:13 UTC. Last seen: 2026-05-21 22:57:11 UTC. Reporter: Lenny_3BO. Tags: APT, ClickFix, Lazarus, livekit, teams-spoof, UNC1069, WAVESHAPER.
Remediations (10)
-
web:blog.checkpoint.com
A recently discovered vulnerability in Microsoft Teams has opened the door for non-employees to effortlessly send harmful files to employees without undergoing any scanning process. According to researchers at JUMPSEC, threat actors can essentially bypass any client-side security controls that prevent external tenants to send files. Hackers are then using this bypass to introduce malware ...
-
web:cloudsecurityalliance.org
AT&T Cybersecurity discovered phishing attacks conducted over Microsoft Teams. Here are actionable remediation steps to fortify your organization.
-
web:cyberpress.org
Threat actors linked to North Korea have launched a new wave of sophisticated social engineering attacks using fake Microsoft Teams domains to deliver malicious payloads , security researchers have warned.
-
web:cybersecuritycue.com
Microsoft Teams Malware is being spread through a booby-trapped installer that quietly deploys a powerful Oyster backdoor onto Windows systems. This campaign blends a legitimate collaboration app with stealthy persistence, making the threat both convincing and hard to spot.
-
web:cybersecuritynews.com
Cybercriminals are launching a sophisticated new wave of attacks using fake Microsoft Teams domains . According to recent threat intelligence shared by SEAL Org, hackers are actively tricking corporate users into downloading malicious payloads by mimicking the widely used communication platform. As Microsoft Teams remains an essential tool for remote and hybrid work environments, threat actors ...
-
web:labs.jumpsec.com
This is done by bypassing client-side security controls which prevent external tenants from sending files ( malware in this case) to staff in your organisation. JUMPSEC has detailed remediation options, as well as some detection opportunities. Introduction Introducing malware into target organisations is becoming increasingly difficult.
-
web:permiso.io
In recent months, we have observed a growing number of campaigns abusing Microsoft Teams to deliver malicious payloads . These attacks typically involve direct messages or calls originating from newly created or compromised tenants, impersonating trusted contacts to gain remote access, presented as legitimate support, which then enables the deployment of malware onto the victim's machine.
-
web:urlhaus.abuse.ch
URLhaus URLhaus is a platform from abuse.ch and Spamhaus dedicated to sharing malicious URLs that are being used for malware distribution. Report URLs and explore the database for valuable intelligence. Use the APIs, to seamlessly push and pull signals, and automate bulk queries. With this intelligence, gain insights into malware behavior, to help identify, track, and mitigate against malware ...
-
web:www.microsoft.com
Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. In this blog, we recommend countermeasures and optimal controls across identity, endpoints, data apps, and network layers to help strengthen protection for enterprise Teams users.
-
web:www.techtarget.com
Threat actors are exploiting collaboration platforms such as Microsoft Teams for phishing activities. Learn about these attacks and how to protect users.
Indicators of Compromise (1)
Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.
domain
teams.livesweb.us
VT 16 / 91
IOC database
- Type
- domain
- Value
teams.livesweb.us- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
- Description
- Domain name that delivers a malware payload attributed to Unknown malware
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Flagged by 16 of 91 VirusTotal vendors
| Vendor | Verdict | Detection |
|---|---|---|
| ADMINUSLabs | malicious | malicious |
| BitDefender | malicious | malware |
| CRDF | malicious | malicious |
| CyRadar | malicious | malware |
| Fortinet | malicious | malware |
| G-Data | malicious | malware |
| Lionic | malicious | malicious |
| MalwareURL | malicious | malware |
| Seclookup | malicious | malicious |
| SOCRadar | malicious | malicious |
| Sophos | malicious | malware |
| VIPRE | malicious | malware |
| alphaMountain.ai | suspicious | suspicious |
| Certego | suspicious | suspicious |
| ESET | suspicious | suspicious |
| Gridinsoft | suspicious | suspicious |
Details From VirusTotal
Basic Properties
| Registrar | NAMECHEAP INC |
| TLD | us |
History
| Creation date | 2026-05-04 14:11 UTC |
| Last analysis | 2026-06-06 12:04 UTC |
| Last modified on VirusTotal | 2026-06-08 10:30 UTC |
| Last WHOIS update | 2026-05-09 14:11 UTC |
References (2)
- Malpedia profile ThreatFox IOCs
-
ThreatFox IOC page
ThreatFox IOCs
Indicator that identifies a malware distribution server (payload delivery). IOC type: Domain name that delivers a malware payload. Attributed malware: Unknown malware. Confidence: 80. First seen: 2026-05-22 08:11:13 UTC. Last seen: 2026-05-21 22:57:11 UTC. Reporter: Lenny_3BO. Tags: APT, ClickFix, Lazarus, livekit, teams-spoof, UNC1069, WAVESHAPER.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.