DomainTLP:AMBERActiveConfidence: High

c2-voidlock.example.net

First seen May 18, 2026 · Last seen May 25, 2026 · Threat Feed

Public preview

IOC type, status and defensive guidance visible. Pro adds alert context, Pro+ adds exports and deeper relationships.

Context

Mock C2 domain used by VoidCrypt ransomware for beacon callbacks. Uses .example reserved TLD.

Defensive Guidance

Add to DNS sinkhole. Monitor DNS query logs for resolution attempts. Block at proxy/firewall.