ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://serverconect.cc/update/bin/loader.exe.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1808722
IOC: https://serverconect.cc/update/bin/loader.exe
IOC Type :url
Threat Type :botnet_cc
Malware: Unknown malware
Confidence Level : Confidence level is moderate (49%)
Is compromised? : False
ASN:AS202226 GreatFlower
Country:- IL
First seen:2026-05-08 10:32:12 UTC
Last seen:never
UUID:c663e062-4ac8-11f1-8759-42010aa4000a
Reporter johannes
Reward 5 credits from ThreatFox
Tags:Hologram
Reference: https://www.netskope.com/jp/blog/openclaw-hologram-fake-installer-ships-rust-infostealer

Avatar
johannes
Hologram C2 rotation + loader staging Served resolves to, from the Netskope report "OpenClaw's Hologram: Fake Installer Ships Rust Infostealer". See all IOC from that report at https://rosti.dev/reports/atHOuLc3