DomainHighVerifiedSignal 58/100

`lysander.asia`

First Seen

Jun 2, 2026

Last Seen

Jun 2, 2026

Jun 2

First Seen

14d ago

Jun 2

Last Seen

14d ago

Reports

source reports

80%

Confidence

high

Found in 1 report. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

Domain Name

Malicious domain used for C2, phishing, or malware distribution.

MISP Category

Network Activity

Confidence

80%

Signal Score

58 / 100

IDS Rule

Yes

Threat Context

Malware Families1

CCobalt Strike

Feed Intelligence Summary

1 report80% confidence

Seqrite

May 20, 2026

Operation Dragon Whistle: UNG0002 Targets Chinese Academia via Weaponized Institutional Lure

9 IOCs in report

Activity Timeline

1 total obs

May 20May 20

Threat Activity Heatmap

· Peak: 2026-05-20

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Intelligence SummaryAI Generated

The domain **lysander.asia** has been identified as a critical indicator of compromise (IOC) associated with the notorious Cobalt Strike malware, a tool frequently employed by advanced persistent threat (APT) actors for post-exploitation activities. First and last observed on June

Threat ScoreMedium Risk

SIGNAL

Signal Score

80%

Confidence

Reports

First seenJun 2, 2026

Last seenJun 2, 2026

Verified IOC

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle

CSV Export

Permalink

IOC Journey

high

First detected 14 days ago · Last seen 14 days ago

Appeared in 1 threat report from 1 source

Used by malware: Cobalt Strike

lysander.asia

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

Related Reports

VirusTotal

Export & API

IOC Journey

`lysander.asia`