ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain swordfull.info.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1785146
IOC: swordfull.info
IOC Type :domain
Threat Type :botnet_cc
Malware: Unknown RAT
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-04-13 12:58:21 UTC
Last seen:never
UUID:95be1b82-372e-11f1-8759-42010aa4000a
Reporter Omaha
Reward 5 credits from ThreatFox
Tags:c2 discord-scam infostealer java RAT ZKM-Stealer
Reference: https://tria.ge/260407-s8dpgahs5l/behavioral1

Avatar
Omaha
C2 relay server for malware that self identifies in its files
as ZKM Stealer 26.0.0, a Java-based
infostealer and Remote Access Trojan distributed via
social engineering using fake game applications
(Try My Beta Game campaign, active since October 2025).

Infected machines connect outbound to swordfull.info/m/
via TCP port 29102. Attacker never connects directly to
victim IP - all RAT commands relayed through this server.
Domain is Cloudflare proxied hiding real server IP.
Registrar: identity.digital (privacy protected).

Confirmed active via independent PCAP analysis April 7
2026 showing approximately 3000 fetch commands and 6000
response packets totaling approximately 6MB of C2 traffic.

Malware capabilities: steals Chrome/Edge/Brave/Firefox/
Vivaldi credentials, application tokens via LevelDB,
captures screenshots, establishes persistence via Windows
Scheduled Task App_[username] at every login with highest
privileges. Standard uninstaller does NOT remove
persistence.

Detection: 1/61 VirusTotal at time of discovery.
Kaspersky classification: Trojan.Java.Agent.sb.
Compiled: March 17 2026 at 17:12:14.

Law enforcement notified:
FBI IC3: fad477e92b9f4692b96be4eac6236d20
CISA: CCASE0175447

Full technical report available - victim (me) conducted
forensic reverse engineering in REMnux VM using javap
and jdb live debugger to extract encrypted C2 strings.