IOC Radar
DomainMediumSignal 79/100

nestlecompany.world

Location
United StatesUnited States
First Seen
Feb 18, 2025
Last Seen
Jun 6, 2026
Feb 18
First Seen
482d ago
Jun 6
Last Seen
9d ago
13
Reports
source reports
79%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Feed Intelligence Summary

13 reports79% confidence
13
Source reports
79%
Confidence score
Category tags
abuseactive scanaptattackbad reputationbitsight tracebotnetbotnet activitybrute forcec2c2 communicationcommand & controlcommand and controlcredential accesscredential harvestingcredential stuffingcredential theftcryptocurrencycryptocurrency theftdata exfiltrationdata store exposuredata theftdistributed attacksexploitation activityftp brute forceidentity & access exploitationindicatorinformation stealerinfostealerinfrastructure takedowningress tool transferinjection activityioclummalumma stealerlummaclummac2lummac2 iocsmaasmalicious activitymalicious softwaremalvertisingmalwaremalware-as-a-servicemetadata analysismfa token theftmulti-tiered c2multiple protocolsnetworknorth americaoperating systempassword theftphishingphishing attackphishing campaignsprocess injectionransomwareredlineremote accessremote servicesresearchedrussian threat actorserviceshamelsocial engineeringsocial media securityssh attacksteamsteam profilet1021t1021.001t1027t1041t1055t1059t1059.005t1069.001t1071t1071.001t1076t1078t1102t1105t1110t1110.002t1189t1204t1204.002t1486t1496t1499.002t1499.003t1539t1555t1555.003t1555.004t1563t1565t1566t1566.001t1566.002t1566.003t1589t1595threat actortor nodetrojan malwaretrojanized softwareunited states

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain **nestlecompany.world** has emerged as a significant indicator of compromise (IOC) linked to multiple cyber threats originating from the United States. First observed on February

Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
13
Reports
First seenFeb 18, 2025
Last seenJun 6, 2026

VirusTotal

Not checked

WHOIS

description
A coordinated international operation led by Microsoft’s Digital Crimes Unit (DCU), the U.S. Department of Justice (DOJ), Europol, and partners has dismantled the infrastructure of Lumma Stealer, a notorious Malware-as-a-Service (MaaS) platform linked to over 10 million infections and 1.7 million confirmed attacks globally. The action, announced in May 2025, resulted in the seizure of 2,300 malicious domains, sinkholing of traffic to Microsoft-controlled servers, and the suspension of Lumma’s Telegram-based affiliate marketplace, crippling its ability to steal sensitive data like passwords, cryptocurrency wallets, and MFA tokens 311. Lumma, developed by Russian threat actor "Shamel," operated under a subscription model ($250–$20,000) and was distributed via phishing campaigns, malvertising, and trojanized software. Its evasion tactics—such as abuse of legitimate cloud services, encrypted C2 communications, and geofenced payloads—made it a preferred tool for ransomware affiliates and credential harvesters.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 13 threat reports