s2
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

TF-1817048 medium

📛 Threat Title

Unknown malware: Domain name that delivers a malware payload konizia.com

Category: Unknown malware Published: Source updated: First seen: Last updated: Source: ThreatFox IOCs

Description

Indicator that identifies a malware distribution server (payload delivery). IOC type: Domain name that delivers a malware payload. Attributed malware: Unknown malware. Confidence: 60. First seen: 2026-05-22 08:11:12 UTC. Last seen: 2026-05-21 22:57:11 UTC. Reporter: Lenny_3BO. Tags: APT, backend, ClickFix, Lazarus, livekit, teams-spoof, UNC1069, WAVESHAPER.

Remediations (10)

  • IOC Alert: Suspicious Paste Site Used for Payload Delivery
    web:darkwebinformer.com

    A domain -based indicator has been flagged as associated with potential payload delivery activity. The site masquerades as a paste service but has been observed in malicious campaigns.

  • EfficientIP DNS Threat Intelligence Stops Zero-Day Malware
    web:efficientip.com

    A previously unknown malware campaign was uncovered through EfficientIP's real-time DNS Threat Intelligence. By exploiting DNS TXT records for stealthy command-and-control and data exfiltration, it bypassed traditional defenses—until DNS Security stopped it.

  • Malware Domain List - PrecisionSec
    web:precisionsec.com

    PrecisionSec's Malware Domain List is a high fidelity feed of domains actively being used by malware . Our feed is used by experts globally to identify and block malicious domains known to be associated with malware . Whether you are a data reseller, MSSP, or Security Manager, having an accurate and up-to-date list of active malware domains is essential to protecting your internal assets and ...

  • ThreatFox | Unknown malware
    web:threatfox.abuse.ch

    Indicators of Compromise (IOCs) on ThreatFox are associated with a certain malware fas. A malware sample can be associated with only one malware family. The page below gives you an overview on indicators of compromise associated with unknown .

  • Stealthy Malware Delivery via DNS TXT Records: Detection and Mitigation
    web:undercodetesting.com

    Introduction: Cybercriminals are increasingly abusing DNS TXT records to deliver malware and command-and-control (C2) payloads covertly. A recent investigation by DomainTools revealed how attackers fragment, hex-encode, and distribute malicious code across multiple DNS queries, evading traditional security measures.

  • URLhaus | Malware URL exchange
    web:urlhaus.abuse.ch

    URLhaus URLhaus is a platform from abuse.ch and Spamhaus dedicated to sharing malicious URLs that are being used for malware distribution. Report URLs and explore the database for valuable intelligence. Use the APIs, to seamlessly push and pull signals, and automate bulk queries. With this intelligence, gain insights into malware behavior, to help identify, track, and mitigate against malware ...

  • Malicious URL Scanner | Scan URLs for Malware | URL Checker
    web:www.ipqualityscore.com

    Scan URLs for malware and phishing with our free malicious URL scanner. Check links in real-time to detect suspicious domains and prevent cyber threats.

  • CSIRT-IE: Active Malware Distribution Sites
    web:www.ncsc.gov.ie

    CSIRT-IE monitors the URLhaus dataset for reports of sites, within its jurisdiction, that are reported to be actively distributing malware . Active Malware Distribution Sites The URLhaus platform only report sites (URLs) that are directly being used to distribute malware .

  • Check if a Website is Malicious/Scam or Safe/Legit | URLVoid
    web:www.urlvoid.com

    Free website reputation checker tool lets you scan a website with multiple website reputation/blocklist services to check if the website is safe and legit or malicious. Check the online reputation of a website to better detect potentially malicious and scam websites.

  • VirusTotal - Home
    web:www.virustotal.com

    VirusTotal is a free online tool that analyzes files and URLs for viruses, worms, trojans, and other kinds of malicious content.

Indicators of Compromise (1)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

domain konizia.com

IOC database

Type
domain
Value
konizia.com
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
Domain name that delivers a malware payload attributed to Unknown malware

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

References (2)

  • Malpedia profile ThreatFox IOCs
  • ThreatFox IOC page ThreatFox IOCs

    Indicator that identifies a malware distribution server (payload delivery). IOC type: Domain name that delivers a malware payload. Attributed malware: Unknown malware. Confidence: 60. First seen: 2026-05-22 08:11:12 UTC. Last seen: 2026-05-21 22:57:11 UTC. Reporter: Lenny_3BO. Tags: APT, backend, ClickFix, Lazarus, livekit, teams-spoof, UNC1069, WAVESHAPER.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.