{ "name": "Infrastructure of Interest: Medium Confidence Command And Control", "slug": "infrastructure-of-interest-medium-confidence-command-and-control", "description": "These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with command and control (C2) infrastructure, facilitating malware communication, data exfiltration, and persistent threat actor operations. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations.", "published": "2025-08-07T05:29:37+00:00", "created_at": "2025-08-07T05:29:37+00:00", "modified_at": "2025-08-08T05:46:07+00:00", "created_at_opencti": "2025-08-07T05:29:37+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-08-07" ], "related_entities": { "observables": [ { "id": "", "name": "www.rhadamanthys.de" }, { "id": "", "name": "www.vividsense.org" }, { "id": "", "name": "www.fastcloud17.sbs" }, { "id": "", "name": "www.farorsps.com" }, { "id": "", "name": "www.ex9.cc" }, { "id": "", "name": "www.diskrifinder.de" }, { "id": "", "name": "www.crm.tifim.com.br" }, { "id": "", "name": "www.bunkeranlagen.de" }, { "id": "", "name": "www.xcb.one" }, { "id": "", "name": "www.kkguu.com" }, { "id": "", "name": "www.hetrxio.online" }, { "id": "", "name": "www.dfhuw.cn" }, { "id": "", "name": "www.bg.parts" }, { "id": "", "name": "ysqwsa7a5bd9474c.top" }, { "id": "", "name": "your-bigprofit.top" }, { "id": "", "name": "xrrxbb3601042986.top" }, { "id": "", "name": "wsmtv.xyz" }, { "id": "", "name": "webcoderscdn.eu" }, { "id": "", "name": "websitedown.xyz" }, { "id": "", "name": "worlopollox.top" }, { "id": "", "name": "uuqwac911437455c.top" }, { "id": "", "name": "vipxgo.xyz" }, { "id": "", "name": "vindalexw.xyz" }, { "id": "", "name": "tplmv9fc788ed799.top" }, { "id": "", "name": "top5.work" }, { "id": "", "name": "topkee.top" }, { "id": "", "name": "tapcoins.xyz" }, { "id": "", "name": "streammain.top" }, { "id": "", "name": "sterndrive.cc" }, { "id": "", "name": "simplifi.work" }, { "id": "", "name": "sigmacontrol.eu" }, { "id": "", "name": "showrunner.xyz" }, { "id": "", "name": "scouts.nz" }, { "id": "", "name": "schallers.xyz" }, { "id": "", "name": "readyevents.eu" }, { "id": "", "name": "re-captha-version-3-25.top" }, { "id": "", "name": "re-captha-version-3-275.buzz" }, { "id": "", "name": "quintinquartermaster.work" }, { "id": "", "name": "qusoc.click" }, { "id": "", "name": "quix.work" }, { "id": "", "name": "qualityservice.top" }, { "id": "", "name": "qaxno1.ml" }, { "id": "", "name": "pxoit5a1da562f02.top" }, { "id": "", "name": "pxoit5a1da562f02.net" }, { "id": "", "name": "przedszkolestrzelce.eu" }, { "id": "", "name": "preview-web.xyz" }, { "id": "", "name": "pohutukawagallery.nz" }, { "id": "", "name": "picoapps.xyz" }, { "id": "", "name": "pctel.biz" }, { "id": "", "name": "os1515.work" }, { "id": "", "name": "nxouz9de87780a5d.top" }, { "id": "", "name": "ncquickpassmx.top" }, { "id": "", "name": "newso2.xyz" }, { "id": "", "name": "mxdm.xyz" }, { "id": "", "name": "msqiv3ad02794605.top" }, { "id": "", "name": "misspompadour.xyz" }, { "id": "", "name": "manga18.xyz" }, { "id": "", "name": "m3ulist.xyz" }, { "id": "", "name": "luckyblock.top" }, { "id": "", "name": "ljdki897cc184833.top" }, { "id": "", "name": "ljsex7a7a878dfc4.top" }, { "id": "", "name": "lennyngetich.xyz" }, { "id": "", "name": "leads.work" }, { "id": "", "name": "kclfve16378fbe09.top" }, { "id": "", "name": "krfastbox704.top" }, { "id": "", "name": "int3ew.xyz" }, { "id": "", "name": "irpass.cc" }, { "id": "", "name": "jabus.xyz" }, { "id": "", "name": "imbeaf798f024fd9.top" }, { "id": "", "name": "icjai7080f7b5238.top" }, { "id": "", "name": "i2pd.xyz" }, { "id": "", "name": "getmusic.cc" }, { "id": "", "name": "hbkjc1b8fdc04e64.top" }, { "id": "", "name": "givemeredditstream.cc" }, { "id": "", "name": "ftcia06bb2600555.top" }, { "id": "", "name": "gagtac2d844c0eec.top" }, { "id": "", "name": "freshpanels.xyz" }, { "id": "", "name": "fradlb0bcaf8040c.top" }, { "id": "", "name": "fhapp.xyz" }, { "id": "", "name": "fbawk8099b9f4e3b.top" }, { "id": "", "name": "fastht.ml" }, { "id": "", "name": "fbcqrbaa07bc0fee.top" }, { "id": "", "name": "fastlink.xyz" }, { "id": "", "name": "f4fcdn.eu" }, { "id": "", "name": "coloring.top" }, { "id": "", "name": "ellearcher.nz" }, { "id": "", "name": "ddfet0eeb5a6b934.top" }, { "id": "", "name": "duniyakibaru.ml" }, { "id": "", "name": "cooawbi.top" }, { "id": "", "name": "consciencewer.xyz" }, { "id": "", "name": "commonsupport.xyz" }, { "id": "", "name": "captchawizard.top" }, { "id": "", "name": "capturethebug.xyz" }, { "id": "", "name": "476666.xyz" }, { "id": "", "name": "52iiansi.xyz" }, { "id": "", "name": "bestcache.top" }, { "id": "", "name": "booksc.xyz" }, { "id": "", "name": "100peaks.nz" }, { "id": "", "name": "909-services.xyz" }, { "id": "", "name": "187187.xyz" }, { "id": "", "name": "30duzhes.top" }, { "id": "", "name": "94-130-203-181.top" }, { "id": "", "name": "94-130-167-220.top" }, { "id": "", "name": "asportsplus.xyz" }, { "id": "", "name": "asstr.xyz" }, { "id": "", "name": "5bqyp.top" }, { "id": "", "name": "arslanrocky.xyz" }, { "id": "", "name": "apartbin.top" }, { "id": "", "name": "158-69-126-44.xyz" }, { "id": "", "name": "4funbox.xyz" }, { "id": "", "name": "94-130-130-242.top" }, { "id": "", "name": "142-132-200-46.top" }, { "id": "", "name": "birdseeds.xyz" }, { "id": "", "name": "144-76-107-211.top" }, { "id": "", "name": "148-251-75-109.top" }, { "id": "", "name": "blackfriday.cam" }, { "id": "", "name": "bhom.xyz" }, { "id": "", "name": "2303.xyz" }, { "id": "", "name": "138-201-193-61.top" }, { "id": "", "name": "2bot.top" }, { "id": "", "name": "zhaofenghotel.net" }, { "id": "", "name": "youdaopllvow.icu" }, { "id": "", "name": "x-xx-x.ydns.eu" }, { "id": "", "name": "wormoni.lms-austria.com" }, { "id": "", "name": "wss.as.vip" }, { "id": "", "name": "wsip-98-184-14-107.mc.at.cox.net" }, { "id": "", "name": "ws.kelimator.app" }, { "id": "", "name": "win2325.webredirect.org" }, { "id": "", "name": "web.moodculture.com" }, { "id": "", "name": "web.signingflow.com" }, { "id": "", "name": "web-center.org" }, { "id": "", "name": "wealthytradesbanks.duckdns.org" }, { "id": "", "name": "ward-16-b2-v4wan-166537-cust928.vm18.cable.virginm.net" }, { "id": "", "name": "wealthyblessed.minhaempresa.tv" }, { "id": "", "name": "wap.linuxdownloadrpm.com" }, { "id": "", "name": "vwpjzo4zy.localto.net" }, { "id": "", "name": "vps.tuxy.lol" }, { "id": "", "name": "vps.nextfilms.net" }, { "id": "", "name": "vmi2687021.contaboserver.net" }, { "id": "", "name": "vmi2322439.contaboserver.net" }, { "id": "", "name": "vmi1505556.contaboserver.net" }, { "id": "", "name": "vibrant-wozniak.176-123-1-62.plesk.page" }, { "id": "", "name": "vigorous-napier.45-80-158-242.plesk.page" }, { "id": "", "name": "vibrant-almeida.196-251-70-227.plesk.page" }, { "id": "", "name": "v2202504174830327536.megasrv.de" }, { "id": "", "name": "vbjhb.linkpc.net" }, { "id": "", "name": "uvzbhscuy.lat" }, { "id": "", "name": "uut.de" }, { "id": "", "name": "update.read-books.org" }, { "id": "", "name": "update.exitprojectmanagement.com" }, { "id": "", "name": "unsung.cc" }, { "id": "", "name": "ukrpossea.top" }, { "id": "", "name": "ty.softlinko.com" }, { "id": "", "name": "tryfancify.com" }, { "id": "", "name": "tristan-aldebert.com" }, { "id": "", "name": "traefik.skytechmotorsport.co.uk" }, { "id": "", "name": "transitx.in" }, { "id": "", "name": "track.postal.timiki.org" }, { "id": "", "name": "tong123.top" }, { "id": "", "name": "telo2158.duckdns.org" }, { "id": "", "name": "tefalhizla.it.com" }, { "id": "", "name": "td.ldxwpedf.cn" }, { "id": "", "name": "syss.offsys.nl" }, { "id": "", "name": "suezax50.ddns.net" }, { "id": "", "name": "subastasgalileo.es" }, { "id": "", "name": "state.archarabia.com" }, { "id": "", "name": "spidra.diverto.hr" }, { "id": "", "name": "sophiahouston.com" }, { "id": "", "name": "ssn24.ink" }, { "id": "", "name": "sooassa.sells-it.net" }, { "id": "", "name": "sk.vgpt.eu" }, { "id": "", "name": "shuzigfxz.com" }, { "id": "", "name": "shogun-dark.duckdns.org" }, { "id": "", "name": "sharefiles.webredirect.org" }, { "id": "", "name": "shareaz.allianz-courtage.co" }, { "id": "", "name": "seller.telegram-market.ru" }, { "id": "", "name": "sdpms.com" }, { "id": "", "name": "sctr1.localtonet.com" }, { "id": "", "name": "sazwebapiprod.allianz-courtage.co" }, { "id": "", "name": "saratrufefufel.com" }, { "id": "", "name": "s.p6.fit" }, { "id": "", "name": "rsmtp-004.fmcity.com" }, { "id": "", "name": "rsmtp-003.fmcity.com" }, { "id": "", "name": "rootsel.com" }, { "id": "", "name": "romofashion.com" }, { "id": "", "name": "riderbit.com" }, { "id": "", "name": "reverent-jepsen.213-209-143-43.plesk.page" }, { "id": "", "name": "resoglobalx.com" }, { "id": "", "name": "qwerty1223.ddns.net" }, { "id": "", "name": "qaazjz06a73rdkempzdjw7cce8e.useushippinginc.com" }, { "id": "", "name": "px.drwps.com" }, { "id": "", "name": "private.cechire.com" }, { "id": "", "name": "prakashjadhav74738.ddns.net" }, { "id": "", "name": "postcardnews.com" }, { "id": "", "name": "pqtejl5dd.localto.net" }, { "id": "", "name": "porten.top" }, { "id": "", "name": "pingservice.is-a-teacher.com" }, { "id": "", "name": "pokupi.com" }, { "id": "", "name": "parfenov.rtu-tc.ru" }, { "id": "", "name": "pepinaza.duckdns.org" } ], "attack_patterns": [ { "id": "f586e043-1a3a-4e6f-882f-62165b7cd14a", "name": "TA0011" } ], "others": [ { "id": "", "name": "rpc-p1.bajun.network" }, { "id": "", "name": "books.xn--7ov.co" }, { "id": "", "name": "test-pages.digital" } ] }, "external_refs": [ "https://otx.alienvault.com/pulse/689455e11e25236fe810364b" ] }