📖 Overview
A suspicious Steam Community URL has been identified that may be leveraged as a command-and-control (C2) channel for a remote access trojan (RAT). While the page masquerades as a legitimate Steam login portal, its infrastructure suggests malicious use. Confidence is assessed at 50%.
📌 Key Details
| Field | Information |
|---|---|
| Type | URL |
| Indicator | https://steamcommunity[.]com/id/tfy5d6gohu8tgy687r7 |
| Threat Type | Botnet C2 |
| Malware | unknown_rat |
| Confidence | 50% |
| Date | 08 Oct 2025 – 16:30:40 UTC |
| Tags | None |
| Reporter | tanner |
| Reference | None |
🔎 URLScan Result
- Verdict Score: 0
- Page Title: Sign In
- Screenshot: View Screenshot
- Result: Full Scan Report
📡 Related Intelligence
- VirusTotal Report: VirusTotal URL Report
🛡️ Defensive Guidance
- Block access to steamcommunity[.]com/id/tfy5d6gohu8tgy687r7 at DNS, proxy, and endpoint levels.
- Monitor for suspicious Steam-related URLs being used outside of expected gaming behavior.
- Hunt for RAT infection artifacts, including persistence mechanisms and anomalous outbound traffic.
- Educate users on phishing risks related to gaming platforms and fake login portals.
⚠️ This IOC highlights the abuse of trusted gaming platforms like Steam as lures for credential harvesting and potential C2 operations.
