diff --git a/network/c2/7777botnet.yaml b/network/c2/7777botnet.yaml
new file mode 100644
index 0000000000..fce490d510
--- /dev/null
+++ b/network/c2/7777botnet.yaml
@@ -0,0 +1,30 @@
+id: 7777botnet-detect
+
+info:
+  name: 7777-Botnet - Detect
+  author: johnk3r
+  severity: info
+  reference:
+    - https://gi7w0rm.medium.com/the-curious-case-of-the-7777-botnet-86e3464c3ffd
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: 'hash:1357418825'
+  tags: network,c2,ir,osint,cti,darktrack,botnet,tcp
+
+tcp:
+  - inputs:
+      - data: "fffc01fffb1ffffa1f00500018fff0fffd01fffd03"
+        read: 2048
+
+    host:
+      - "{{Hostname}}"
+    port: 7777
+
+    matchers:
+      - type: word
+        part: data
+        words:
+          - "xlog"
+          - "in"
+        condition: and