IOC pivotioc · domain
uber-asia[.]com
IR · IranAPT34confidence · high
DNS-tunneling C2 domain used by APT34's Saitama backdoor per the May 2022 Malwarebytes analysis; one of three actor-controlled domains (alongside asiaworldremit.com and joexpediagroup.com) impersonating legitimate travel and remittance brands.
- family
- Saitama
- first seen
- Apr 25, 2022
- publisher
- Malwarebytes (ThreatDown)