IOC Radar
TLP:WHITE5 IOCs

Malformed Rhadamanthys DoH Query

MA
MalasadaTech
Published August 30, 2025Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREnexus-cloud-360.com2.58.56.54103.245.231.209CAPABILITYLummaRhadamanthysVICTIMunknown
Adversary
Infrastructure(5)
Capability(2)
Victim

Attack Flow4 steps · MITRE ATT&CK mapped

Command and ControlTA0011·T1071
1/4
Application Layer Protocol
ActionInitiate DoH connection
Rhadamanthys malware attempts to establish a DNS over HTTPS (DoH) connection to a C2 server.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise5

TypeIndicatorConfidenceScoreFirst Seen
Domainnexus-cloud-360.com
intel-blogmalwarenetwork
High
58
Jun 2, 26
IP2.58.56.54
intel-blogmalwarenetwork
High
58
Jun 2, 26
IP103.245.231.209
intel-blogmalwarenetwork
High
58
Jun 2, 26
IP185.141.216.120
intel-blogmalwarenetwork
High
58
Jun 2, 26
Domainage-of-wonders-06-2019.com
intel-blogmalwarenetwork
High
58
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph5 total IOCs
DomainIP
IP3Domain2Malware2REPORTMalformed Rhadamanthys DoHLummaRhadamanthys
scroll to zoom · drag to pan · click IOC to open