################################################################ # ThreatFox IOCs: recent ip-port - CSV format # # Last updated: 2024-03-28 18:50:59 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2024-03-28 18:50:59", "1250864", "188.120.248.175:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/188.120.248.175", "Hookbot Pegasus,RU-JSCIOT", "0", "drb_ra" "2024-03-28 18:50:50", "1250863", "139.180.218.26:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/139.180.218.26", "AS-CHOOPA,Hookbot Pegasus", "0", "drb_ra" "2024-03-28 18:49:42", "1250862", "202.182.107.193:666", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/202.182.107.193", "AS-CHOOPA,Supershell", "0", "drb_ra" "2024-03-28 18:49:33", "1250861", "39.101.70.82:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/39.101.70.82", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell", "0", "drb_ra" "2024-03-28 18:48:46", "1250860", "70.31.125.206:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/70.31.125.206", "BACOM,Qakbot", "0", "drb_ra" "2024-03-28 18:48:42", "1250859", "184.20.220.17:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/184.20.220.17", "Qakbot,VIASAT-SP-BACKBONE", "0", "drb_ra" "2024-03-28 18:48:06", "1250858", "3.86.233.198:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/3.86.233.198", "AMAZON-AES,Havoc", "0", "drb_ra" "2024-03-28 18:47:57", "1250857", "92.116.36.212:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/92.116.36.212", "Havoc,VERSATEL", "0", "drb_ra" "2024-03-28 18:47:29", "1250856", "192.121.162.196:8080", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%222e656b3e0df56edfd300ee08413fdc731c77b56c86f832b1f6821bbab8a4c3fa%22", "Bianlian Go Trojan,M247", "0", "drb_ra" "2024-03-28 18:47:24", "1250855", "151.236.16.211:33367", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c95f8728cba884fde11753c3ec7b4ce8ef0f871e98dd06f9464f82b69d653f4%22", "Bianlian Go Trojan,M247", "0", "drb_ra" "2024-03-28 18:45:52", "1250854", "64.176.80.227:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/64.176.80.227", "AS-CHOOPA,Covenant", "0", "drb_ra" "2024-03-28 16:10:13", "1250832", "3.125.102.39:15422", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2024-03-28 15:55:12", "1250831", "185.196.11.223:1339", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2024-03-28 12:59:49", "1250610", "122.51.7.163:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-03-28 12:59:20", "1250606", "43.134.228.94:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-03-28 12:59:10", "1250604", "45.133.238.41:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-305419896,XNNET LLC", "0", "drb_ra" "2024-03-28 12:58:00", "1250601", "154.219.154.67:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,HUNGTAK International Network Limited", "0", "drb_ra" "2024-03-28 10:28:15", "1250573", "45.156.217.43:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:28:11", "1250572", "154.219.163.79:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:28:08", "1250571", "43.240.48.102:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:28:05", "1250570", "45.156.217.35:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:28:02", "1250569", "43.240.48.70:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:59", "1250568", "154.219.163.90:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:27:55", "1250567", "45.156.217.60:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:53", "1250566", "154.219.163.72:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:27:49", "1250565", "154.219.164.213:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:27:46", "1250564", "45.156.217.24:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:43", "1250563", "154.216.54.202:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:40", "1250562", "45.156.217.26:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:37", "1250561", "43.240.48.90:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:34", "1250560", "154.219.163.86:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:27:32", "1250559", "45.156.217.61:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:28", "1250558", "45.156.217.59:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:26", "1250557", "154.219.163.67:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:27:23", "1250556", "43.240.48.94:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:20", "1250555", "43.240.48.106:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:17", "1250554", "45.156.217.16:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:14", "1250553", "43.240.48.72:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:12", "1250552", "43.240.49.189:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:27:09", "1250551", "154.219.164.220:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:27:06", "1250550", "154.219.164.207:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:27:02", "1250549", "154.219.163.89:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:26:59", "1250548", "43.240.49.153:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:56", "1250547", "45.156.217.19:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:54", "1250546", "154.219.164.194:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:26:50", "1250545", "154.219.164.221:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:26:47", "1250544", "45.156.217.51:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:45", "1250543", "120.89.71.246:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:42", "1250542", "45.156.217.36:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:38", "1250541", "43.240.49.139:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:35", "1250540", "154.219.163.94:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:26:32", "1250539", "43.240.48.110:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:29", "1250538", "43.240.49.136:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:26", "1250537", "43.240.49.187:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:24", "1250536", "43.240.49.172:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:21", "1250535", "120.89.71.242:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:17", "1250534", "45.156.217.46:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:14", "1250533", "45.156.217.7:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:12", "1250532", "43.240.48.120:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:09", "1250531", "43.240.48.85:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:26:04", "1250530", "82.156.224.103:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-03-28 10:25:59", "1250528", "43.240.49.174:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:56", "1250527", "43.240.49.165:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:54", "1250526", "43.240.48.82:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:51", "1250525", "43.240.48.74:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:48", "1250524", "43.240.48.114:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:44", "1250523", "43.240.49.175:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:42", "1250522", "45.156.217.14:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:39", "1250521", "43.240.48.78:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:37", "1250520", "45.156.217.17:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:34", "1250519", "43.240.49.143:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:30", "1250518", "154.219.164.216:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:25:27", "1250517", "43.240.48.100:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:23", "1250516", "154.216.54.243:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:19", "1250515", "45.156.217.13:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:16", "1250514", "43.240.49.181:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:12", "1250513", "43.240.48.105:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:25:08", "1250512", "154.219.164.215:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:25:00", "1250511", "43.240.49.133:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:56", "1250510", "43.240.48.68:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:53", "1250509", "43.240.49.162:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:51", "1250508", "43.240.48.76:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:45", "1250506", "154.219.163.69:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:24:41", "1250505", "45.156.217.39:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:38", "1250504", "43.240.49.178:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:36", "1250503", "43.240.48.79:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:33", "1250502", "154.219.163.74:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:24:29", "1250501", "43.240.48.95:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:27", "1250500", "45.156.217.52:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:24", "1250499", "154.216.54.230:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:21", "1250498", "154.219.164.208:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:24:18", "1250497", "154.219.164.222:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:24:14", "1250496", "43.240.49.130:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:11", "1250495", "43.240.49.157:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:08", "1250494", "43.240.48.87:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:05", "1250493", "43.240.49.155:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:24:00", "1250492", "45.156.217.40:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:58", "1250491", "45.156.217.50:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:55", "1250490", "43.240.48.123:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:52", "1250489", "43.240.49.156:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:49", "1250488", "45.156.217.32:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:46", "1250487", "45.156.217.4:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:43", "1250486", "43.240.48.92:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:40", "1250485", "43.240.48.113:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:36", "1250484", "120.89.71.245:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:32", "1250483", "43.240.49.167:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:28", "1250482", "43.240.49.131:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:23", "1250481", "120.89.71.244:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:19", "1250480", "43.240.49.166:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:15", "1250479", "43.240.48.116:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:11", "1250478", "43.240.48.75:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:23:06", "1250477", "154.219.163.87:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:23:01", "1250476", "43.240.49.151:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:57", "1250475", "43.240.49.169:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:53", "1250474", "154.219.163.84:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:22:48", "1250473", "43.240.48.101:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:44", "1250472", "43.240.49.137:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:41", "1250471", "45.156.217.38:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:37", "1250470", "43.240.49.160:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:32", "1250469", "154.216.54.240:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:28", "1250468", "43.240.49.190:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:24", "1250467", "45.156.217.41:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:19", "1250466", "45.156.217.48:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:22:14", "1250465", "154.219.164.218:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:22:10", "1250464", "154.219.164.214:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:22:04", "1250463", "154.219.163.78:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:21:59", "1250462", "43.240.49.138:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:55", "1250461", "43.240.49.142:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:51", "1250460", "154.219.164.202:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:21:46", "1250459", "43.240.49.173:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:42", "1250458", "43.240.49.134:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:38", "1250457", "43.240.49.144:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:34", "1250456", "43.240.48.118:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:30", "1250455", "43.240.48.122:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:26", "1250454", "43.240.48.112:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:22", "1250453", "43.240.48.86:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:18", "1250452", "45.156.217.8:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:15", "1250451", "45.156.217.20:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:11", "1250450", "45.156.217.10:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:21:05", "1250449", "154.219.164.212:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:20:58", "1250448", "154.219.163.80:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:20:52", "1250447", "154.219.163.73:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:20:48", "1250446", "45.156.217.23:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:20:44", "1250445", "45.156.217.15:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:20:40", "1250444", "43.240.49.179:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:20:36", "1250443", "43.240.49.170:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:20:32", "1250442", "43.240.48.119:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:20:28", "1250441", "45.156.217.54:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:20:23", "1250440", "43.240.49.159:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:20:17", "1250439", "154.219.163.77:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:20:12", "1250438", "43.240.49.158:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:20:05", "1250437", "45.156.217.34:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:58", "1250436", "45.156.217.22:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:53", "1250435", "43.240.48.109:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:49", "1250434", "43.240.49.182:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:45", "1250433", "154.216.54.232:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:39", "1250432", "45.156.217.58:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:35", "1250431", "43.240.48.117:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:30", "1250430", "43.240.49.148:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:26", "1250429", "154.219.164.199:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:19:22", "1250428", "45.156.217.55:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:17", "1250427", "45.156.217.57:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:13", "1250426", "43.240.48.77:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:09", "1250425", "45.156.217.18:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:19:04", "1250424", "43.240.48.125:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:59", "1250423", "43.240.49.150:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:55", "1250422", "45.156.217.28:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:51", "1250421", "43.240.49.186:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:46", "1250420", "43.240.49.161:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:42", "1250419", "43.240.49.152:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:37", "1250418", "154.219.163.81:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:18:33", "1250417", "45.156.217.33:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:29", "1250416", "43.240.48.80:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:24", "1250415", "43.240.48.99:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:19", "1250414", "43.240.48.89:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:15", "1250413", "45.156.217.53:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:10", "1250412", "43.240.48.93:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:05", "1250411", "45.156.217.31:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:18:01", "1250410", "45.156.217.11:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:55", "1250409", "154.219.164.195:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:17:50", "1250408", "43.240.48.73:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:45", "1250407", "45.156.217.44:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:41", "1250406", "45.156.217.6:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:36", "1250405", "45.156.217.56:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:32", "1250404", "43.240.48.107:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:28", "1250403", "43.240.48.108:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:24", "1250402", "154.219.164.211:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:17:19", "1250401", "43.240.48.91:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:14", "1250400", "43.240.49.180:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:09", "1250399", "45.156.217.45:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:05", "1250398", "154.216.54.222:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:17:00", "1250397", "45.156.217.62:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:16:56", "1250396", "43.240.48.96:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:16:52", "1250395", "154.219.164.209:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:16:48", "1250394", "45.156.217.30:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:16:44", "1250393", "43.240.49.168:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:16:39", "1250392", "43.240.49.171:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:16:34", "1250391", "43.240.48.88:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:16:29", "1250390", "154.216.54.215:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:16:23", "1250389", "154.219.164.200:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:16:17", "1250388", "154.219.163.76:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:16:12", "1250387", "154.216.54.233:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:16:07", "1250386", "154.219.164.206:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:15:57", "1250385", "154.219.164.196:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:15:52", "1250384", "43.240.49.149:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:15:48", "1250383", "43.240.48.115:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:15:43", "1250382", "43.240.48.81:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:15:39", "1250381", "43.240.48.104:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:15:34", "1250380", "43.240.49.164:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:15:28", "1250379", "154.219.163.70:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:15:22", "1250378", "154.216.54.214:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:15:17", "1250377", "120.89.71.243:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:15:10", "1250376", "154.219.164.217:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" "2024-03-28 10:14:58", "1250375", "45.156.217.27:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-28 10:00:22", "1250374", "5.188.88.177:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "KeitaroTDS,SocGholish", "0", "threatcat_ch" "2024-03-28 09:29:43", "1250372", "15.204.223.49:9931", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "None", "Mirai", "0", "elfdigest" "2024-03-28 09:29:42", "1250373", "93.123.85.8:666", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "75", "None", "Gafgyt", "0", "elfdigest" "2024-03-28 08:52:06", "1250371", "34.168.202.91:443", "ip:port", "botnet_cc", "win.danabot", "None", "DanaBot", "", "100", "https://infosec.exchange/@malware_traffic/112168244065616424", "None", "0", "netresec" "2024-03-28 07:45:18", "1250369", "194.147.140.219:4040", "ip:port", "botnet_cc", "jar.strrat", "None", "STRRAT", "", "100", "None", "STRRAT", "0", "abuse_ch" "2024-03-28 07:30:15", "1250368", "35.243.180.101:443", "ip:port", "botnet_cc", "win.danabot", "None", "DanaBot", "", "100", "None", "DanaBot", "0", "abuse_ch" "2024-03-28 07:30:14", "1250367", "34.77.22.163:443", "ip:port", "botnet_cc", "win.danabot", "None", "DanaBot", "", "100", "None", "DanaBot", "0", "abuse_ch" "2024-03-28 07:30:11", "1250366", "8.222.178.224:443", "ip:port", "botnet_cc", "win.danabot", "None", "DanaBot", "", "100", "None", "DanaBot", "0", "abuse_ch" "2024-03-28 07:30:08", "1250365", "34.22.151.45:443", "ip:port", "botnet_cc", "win.danabot", "None", "DanaBot", "", "100", "None", "DanaBot", "0", "abuse_ch" "2024-03-28 06:49:48", "1250363", "79.133.51.234:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/79.133.51.234", "DE-FIRSTCOLO firstcolo.net,Hookbot Pegasus", "0", "drb_ra" "2024-03-28 06:49:09", "1250362", "54.248.193.226:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/54.248.193.226", "AMAZON-02,Supershell", "0", "drb_ra" "2024-03-28 06:49:04", "1250361", "101.32.37.92:65532", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/101.32.37.92", "Supershell,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-03-28 06:48:47", "1250360", "142.171.62.107:9999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/142.171.62.107", "MULTA-ASN1,Supershell", "0", "drb_ra" "2024-03-28 06:48:34", "1250359", "34.92.107.200:8012", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/34.92.107.200", "DcRat,GOOGLE-CLOUD-PLATFORM", "0", "drb_ra" "2024-03-28 06:48:08", "1250358", "41.96.114.1:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/41.96.114.1", "ALGTEL-AS,Qakbot", "0", "drb_ra" "2024-03-28 06:48:05", "1250357", "76.19.90.99:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/76.19.90.99", "COMCAST-7015,Qakbot", "0", "drb_ra" "2024-03-28 06:47:26", "1250355", "77.232.143.114:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/77.232.143.114", "AEZA-AS,Havoc", "0", "drb_ra" "2024-03-28 06:47:17", "1250354", "185.94.165.191:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/185.94.165.191", "FIRST-SERVER-EU-AS,Havoc", "0", "drb_ra" "2024-03-28 06:47:07", "1250353", "81.43.22.249:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/81.43.22.249", "Havoc,TELEFONICA_DE_ESPANA", "0", "drb_ra" "2024-03-28 06:46:17", "1250352", "43.198.243.210:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/43.198.243.210", "AMAZON-02,Deimos", "0", "drb_ra" "2024-03-28 06:46:10", "1250351", "172.218.112.83:8080", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/172.218.112.83", "Deimos,TELUS Communications", "0", "drb_ra" "2024-03-28 06:31:59", "1250307", "187.135.93.207:1911", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:58", "1250308", "187.135.93.207:1962", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:57", "1250309", "187.135.93.207:2003", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:55", "1250310", "187.135.93.207:2004", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:54", "1250311", "187.135.93.207:2077", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:53", "1250312", "187.135.93.207:2078", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:52", "1250313", "187.135.93.207:2079", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:51", "1250314", "187.135.93.207:2086", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:50", "1250315", "187.135.93.207:2096", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:49", "1250316", "187.135.93.207:2174", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:48", "1250317", "187.135.93.207:2222", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:46", "1250306", "187.135.93.207:1883", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:45", "1250305", "187.135.93.207:1801", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:44", "1250304", "187.135.93.207:1723", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.93.207", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:32", "1250303", "187.135.117.144:1723", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.117.144", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:31", "1250302", "187.135.117.144:2188", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.117.144", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:29", "1250301", "187.135.117.144:2078", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.117.144", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:26", "1250300", "187.135.117.144:2053", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.117.144", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:25", "1250299", "187.135.117.144:2052", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.117.144", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:23", "1250298", "187.135.117.144:1962", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.117.144", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:22", "1250297", "187.135.117.144:1801", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.117.144", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:20", "1250296", "187.135.117.144:2087", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.117.144", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:19", "1250295", "187.135.117.144:2000", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.117.144", "AS8151,c2,censys,UNINET", "0", "DonPasci" "2024-03-28 06:31:16", "1250292", "43.138.0.70:10001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=autonomous_system.asn%3A+45090+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-03-28 06:31:15", "1250291", "43.139.101.86:8099", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=autonomous_system.asn%3A+45090+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-03-28 06:31:14", "1250290", "49.235.174.175:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=autonomous_system.asn%3A+45090+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2024-03-28 06:31:13", "1250289", "101.43.164.28:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.43.164.28", "AS45090,c2,censys,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-03-28 06:31:12", "1250288", "124.220.80.206:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/124.220.80.206", "AS45090,c2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2024-03-28 06:31:11", "1250287", "150.158.19.54:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/150.158.19.54", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-03-28 06:31:10", "1250286", "159.75.80.31:6699", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/159.75.80.31", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-03-28 06:31:09", "1250285", "38.180.92.22:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/38.180.92.22", "AS9009,c2,censys,M247,RAT", "0", "DonPasci" "2024-03-28 06:31:06", "1250284", "89.163.221.180:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/89.163.221.180", "AS24961,c2,censys,MYLOC-AS,RAT", "0", "DonPasci" "2024-03-28 06:31:05", "1250283", "89.163.221.180:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/89.163.221.180", "AS24961,c2,censys,MYLOC-AS,RAT", "0", "DonPasci" "2024-03-28 06:31:04", "1250282", "104.243.37.110:6667", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/104.243.37.110", "AS23470,c2,censys,RAT,RELIABLESITE", "0", "DonPasci" "2024-03-28 06:31:03", "1250281", "109.199.120.42:2023", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/109.199.120.42", "AS51167,c2,censys,CONTABO,RAT", "0", "DonPasci" "2024-03-28 06:31:02", "1250280", "128.90.122.170:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/128.90.122.170", "AS40861,c2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2024-03-28 06:31:01", "1250279", "142.11.201.124:8712", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/142.11.201.124", "AS54290,c2,censys,HOSTWINDS,RAT", "0", "DonPasci" "2024-03-28 06:30:59", "1250278", "142.11.201.124:8714", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/142.11.201.124", "AS54290,c2,censys,HOSTWINDS,RAT", "0", "DonPasci" "2024-03-28 06:30:58", "1250274", "172.94.9.23:222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/172.94.9.23", "AS9009,c2,censys,M247,RAT", "0", "DonPasci" "2024-03-28 06:30:57", "1250262", "172.94.125.164:2222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/172.94.125.164", "AS9009,c2,censys,M247,RAT", "0", "DonPasci" "2024-03-28 06:30:54", "1250293", "147.185.221.18:54056", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-03-28 06:30:25", "1250261", "194.156.90.112:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/194.156.90.112", "AS30823,AUROLOGIC,c2,censys,RAT", "0", "DonPasci" "2024-03-28 06:30:24", "1250260", "206.123.132.165:2000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=%28services.software.product%3D%60AsyncRAT%60%29+and+autonomous_system.name%3D%60CDNEXT%60", "AS212238,c2,CDNEXT,censys,RAT", "0", "DonPasci" "2024-03-28 06:30:23", "1250259", "38.180.121.8:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/38.180.121.8", "AS58061,c2,censys,CobaltStrike,cs-watermark-391144938,NL,SCALAXY-AS", "0", "DonPasci" "2024-03-28 06:23:03", "1250349", "45.145.42.90:6969", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "75", "https://bazaar.abuse.ch/sample/f0215ec4ae290d9b263054e4b36ae3d92b127f76a2afa7d793623835943c1d6f/", "Gafgyt", "0", "abuse_ch" "2024-03-27 22:13:05", "1250277", "154.216.54.250:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:13:00", "1250276", "154.216.54.239:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:54", "1250275", "154.216.54.247:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:46", "1250272", "154.216.54.211:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:41", "1250271", "154.216.54.216:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:36", "1250270", "154.216.54.237:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:29", "1250269", "154.216.54.228:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:25", "1250268", "154.216.54.254:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:17", "1250266", "154.216.54.198:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:13", "1250265", "154.216.54.194:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:05", "1250264", "154.216.54.238:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 22:12:01", "1250263", "154.216.54.231:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 21:06:06", "1250255", "5.75.211.135:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 21:06:06", "1250256", "88.99.122.130:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 21:06:06", "1250257", "95.217.31.143:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 21:06:06", "1250258", "80.66.84.68:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 21:06:05", "1250253", "88.99.122.130:5432", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 21:06:05", "1250254", "78.46.229.36:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-03-27 18:50:48", "1250231", "88.119.175.92:80", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "https://search.censys.io/hosts/88.119.175.92", "IST-AS,SocGholish", "0", "drb_ra" "2024-03-27 18:50:47", "1250230", "88.119.175.92:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "https://search.censys.io/hosts/88.119.175.92", "IST-AS,SocGholish", "0", "drb_ra" "2024-03-27 18:50:00", "1250229", "20.2.234.76:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/20.2.234.76", "Evilginx EvilGoPhish,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2024-03-27 18:48:54", "1250228", "20.199.87.153:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/20.199.87.153", "DcRat,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2024-03-27 18:48:39", "1250227", "154.247.228.146:2078", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/154.247.228.146", "ALGTEL-AS,Qakbot", "0", "drb_ra" "2024-03-27 18:48:34", "1250226", "78.168.3.237:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/78.168.3.237", "Qakbot,TTNET", "0", "drb_ra" "2024-03-27 18:48:11", "1250225", "194.67.103.231:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/194.67.103.231", "AS-REG,Responder", "0", "drb_ra" "2024-03-27 18:47:47", "1250224", "54.84.224.146:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/54.84.224.146", "AMAZON-AES,Havoc", "0", "drb_ra" "2024-03-27 18:47:38", "1250223", "77.232.143.114:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/77.232.143.114", "AEZA-AS,Havoc", "0", "drb_ra" "2024-03-27 18:47:35", "1250222", "92.116.37.117:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/92.116.37.117", "Havoc,VERSATEL", "0", "drb_ra" "2024-03-27 18:47:31", "1250221", "64.23.140.175:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/64.23.140.175", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-03-27 18:47:13", "1250220", "192.64.86.243:8080", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220f506ba03ecdcc13184689a985a2af22e16bcf8c3bcb7f58749e3741fe8b6122%22", "Bianlian Go Trojan,IS-AS-1", "0", "drb_ra" "2024-03-27 18:46:27", "1250219", "87.120.204.101:16053", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/87.120.204.101", "Deimos,GCORE", "0", "drb_ra" "2024-03-27 18:45:25", "1250218", "185.130.45.147:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://search.censys.io/hosts/185.130.45.147", "PRIVEX,Sliver", "0", "drb_ra" "2024-03-27 18:45:22", "1250217", "185.130.45.147:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://search.censys.io/hosts/185.130.45.147", "PRIVEX,Sliver", "0", "drb_ra" "2024-03-27 18:32:09", "1250213", "91.92.252.225:61616", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "tbotnet", "0", "abus3reports" "2024-03-27 18:32:09", "1250214", "91.92.252.224:61616", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "tbotnet", "0", "abus3reports" "2024-03-27 17:45:30", "1250215", "147.185.221.19:5585", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-03-27 18:02:06", "100", "None", "NjRAT", "0", "abuse_ch" "2024-03-27 15:15:23", "1250159", "216.250.253.35:2356", "ip:port", "botnet_cc", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "100", "None", "AveMariaRAT,RAT", "0", "abuse_ch" "2024-03-27 15:12:14", "1250158", "5.42.65.0:29587", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "infostealer,redline,stealer", "0", "SarlackLab" "2024-03-27 14:30:25", "1250128", "51.77.167.59:5951", "ip:port", "botnet_cc", "win.ave_maria", "AVE_MARIA,AveMariaRAT,Warzone RAT,WarzoneRAT,avemaria", "Ave Maria", "", "100", "None", "AveMariaRAT,RAT", "0", "abuse_ch" "2024-03-27 13:01:32", "1249912", "185.130.46.168:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1580103824,Privex Inc.", "0", "drb_ra" "2024-03-27 13:01:05", "1249910", "114.115.157.144:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "China Unicom Beijing Province Network,CobaltStrike,cs-watermark-1234567890", "0", "drb_ra" "2024-03-27 12:59:51", "1249905", "38.47.101.176:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Cloudie Limited,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-03-27 12:59:31", "1249902", "185.130.46.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1580103824,Privex Inc.", "0", "drb_ra" "2024-03-27 12:58:34", "1249896", "45.207.58.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,SonderCloud Limited", "0", "drb_ra" "2024-03-27 11:16:37", "1249881", "103.153.69.114:56999", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "c2,moobot", "0", "abus3reports" "2024-03-27 11:16:37", "1249882", "103.188.244.189:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-03-27 11:16:36", "1249883", "103.67.196.77:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-03-27 11:16:36", "1249884", "45.128.232.82:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-03-27 11:16:36", "1249885", "74.50.85.233:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-03-27 10:19:29", "1249880", "139.59.88.74:667", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/346ad9732b0c8c91589b8251becef6f462f00b103de3a29ddae58fe00b9a9e19/", "Mirai", "0", "abuse_ch" "2024-03-27 10:15:48", "1249879", "154.216.54.241:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:15:44", "1249878", "154.216.54.209:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:15:38", "1249877", "154.216.54.224:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:15:34", "1249876", "154.216.54.205:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:15:29", "1249875", "154.216.54.249:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:15:24", "1249874", "154.216.54.225:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:15:17", "1249873", "154.216.54.210:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:15:09", "1249872", "154.216.54.236:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:15:00", "1249871", "154.216.54.212:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:56", "1249870", "154.216.54.219:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:52", "1249869", "154.216.54.229:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:47", "1249868", "154.216.54.227:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:41", "1249867", "154.216.54.195:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:37", "1249866", "154.216.54.213:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:29", "1249865", "154.216.54.218:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:24", "1249864", "154.216.54.203:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:20", "1249863", "154.216.54.234:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:16", "1249862", "154.216.54.201:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:10", "1249861", "154.216.54.251:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:14:04", "1249860", "154.216.54.253:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:58", "1249859", "154.216.54.235:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:54", "1249858", "154.216.54.226:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:51", "1249857", "154.216.54.217:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:45", "1249856", "154.216.54.223:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:41", "1249855", "154.216.54.220:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:37", "1249854", "154.216.54.242:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:32", "1249853", "154.216.54.248:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:27", "1249852", "154.216.54.206:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:22", "1249851", "154.216.54.208:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:16", "1249850", "107.173.144.77:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-03-27 10:13:08", "1249847", "154.216.54.200:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:13:04", "1249846", "154.216.54.252:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:12:59", "1249845", "154.216.54.244:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:12:54", "1249844", "154.216.54.204:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:12:48", "1249843", "154.216.54.196:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:12:43", "1249842", "154.216.54.207:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:12:38", "1249841", "154.216.54.197:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:12:33", "1249840", "154.216.54.245:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:12:28", "1249839", "154.216.54.221:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 10:12:22", "1249838", "154.216.54.246:809", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,POWERLINE-AS-AP POWER LINE DATACENTER", "0", "drb_ra" "2024-03-27 08:55:38", "1249816", "74.50.85.233:43957", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-03-27 07:57:29", "1249815", "47.105.69.34:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-03-27 07:57:21", "1249813", "47.105.69.34:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-03-27 07:57:12", "1249810", "43.156.21.230:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-03-27 07:29:53", "1249783", "1.94.11.195:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.94.11.195", "AS55990,c2,censys,CobaltStrike,cs-watermark-305419896,HWCSNET", "0", "DonPasci" "2024-03-27 07:29:52", "1249782", "120.46.128.5:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/120.46.128.5", "AS55990,c2,censys,CobaltStrike,cs-watermark-1234567890,HWCSNET", "0", "DonPasci" "2024-03-27 07:29:51", "1249780", "120.26.169.152:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:51", "1249781", "123.60.181.152:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.60.181.152", "AS55990,c2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2024-03-27 07:29:50", "1249778", "118.190.147.246:13443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:50", "1249779", "120.26.105.94:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:49", "1249777", "118.178.125.8:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:47", "1249774", "47.109.60.225:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:47", "1249775", "47.113.188.133:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:47", "1249776", "60.205.246.3:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:38", "1249767", "139.199.77.120:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-03-27 07:29:38", "1249772", "8.138.26.50:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:37", "1249771", "8.130.34.85:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:37", "1249773", "47.106.122.50:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60ALIBABA-CN-NET+Hangzhou+Alibaba+Advertising+Co.%2CLtd.%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike", "0", "DonPasci" "2024-03-27 07:29:36", "1249766", "129.211.26.3:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-03-27 07:29:35", "1249764", "122.51.27.35:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-03-27 07:29:35", "1249765", "124.221.102.26:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-03-27 07:29:34", "1249763", "82.157.71.34:7898", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-03-27 07:29:33", "1249761", "43.136.99.149:5000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-27 22:54:07", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-03-27 07:29:33", "1249762", "43.138.72.70:8011", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-03-27 22:54:07", "100", "https://search.censys.io/search?resource=hosts&virtual_hosts=EXCLUDE&q=%28%28labels%3A+%60c2%60%29+and+autonomous_system.name%3D%60TENCENT-NET-AP+Shenzhen+Tencent+Computer+Systems+Company+Limited%60%29+and+services.service_name%3D%60COBALT_STRIKE%60", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-03-27 07:29:31", "1249738", "179.60.147.91:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2024-03-27 07:29:29", "1249735", "3.33.130.190:80", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "None", "infostealer,lokibot,stealer", "0", "SarlackLab" "2024-03-27 07:29:29", "1249737", "179.60.147.94:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2024-03-27 07:29:26", "1249804", "3.127.59.75:19387", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-03-27 07:29:23", "1249506", "117.41.187.235:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems", "sqzrframework480", "0", "500mk500" "2024-03-27 06:50:14", "1249803", "176.123.169.32:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/176.123.169.32", "Hookbot Pegasus,RU-JSCIOT", "0", "drb_ra" "2024-03-27 06:49:55", "1249802", "45.151.44.159:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.151.44.159", "Hookbot Pegasus,HOSTINGSELLING", "0", "drb_ra" "2024-03-27 06:49:53", "1249801", "77.221.154.236:50555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/77.221.154.236", "AEZA-AS,Hookbot Pegasus", "0", "drb_ra" "2024-03-27 06:49:26", "1249800", "117.72.9.31:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/117.72.9.31", "Supershell", "0", "drb_ra" "2024-03-27 06:48:46", "1249799", "103.165.81.103:1145", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/103.165.81.103", "DcRat,STARBOWLTD-AS-AP Starbow Ltd.", "0", "drb_ra" "2024-03-27 06:48:43", "1249798", "46.246.84.23:5000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/46.246.84.23", "DcRat,PORTLANE www.portlane.com", "0", "drb_ra" "2024-03-27 06:48:21", "1249797", "70.31.125.114:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/70.31.125.114", "BACOM,Qakbot", "0", "drb_ra" "2024-03-27 06:48:18", "1249796", "68.32.77.99:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/68.32.77.99", "CMCS,Qakbot", "0", "drb_ra" "2024-03-27 06:48:15", "1249795", "41.96.10.172:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/41.96.10.172", "ALGTEL-AS,Qakbot", "0", "drb_ra" "2024-03-27 06:47:41", "1249794", "52.173.131.28:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/52.173.131.28", "Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2024-03-27 06:47:35", "1249793", "54.84.224.146:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/54.84.224.146", "AMAZON-AES,Havoc", "0", "drb_ra" "2024-03-27 06:47:17", "1249792", "92.116.36.151:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/92.116.36.151", "Havoc,VERSATEL", "0", "drb_ra" "2024-03-27 06:46:11", "1249791", "134.209.171.201:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/134.209.171.201", "DIGITALOCEAN-ASN,Mythic", "0", "drb_ra" "2024-03-27 06:45:52", "1249790", "92.118.112.155:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BruteRatel", "Brute Ratel C4", "", "50", "https://search.censys.io/hosts/92.118.112.155", "Brute Ratel C4,GIR-AS", "0", "drb_ra" "2024-03-27 06:45:44", "1249789", "54.145.56.118:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/54.145.56.118", "AMAZON-AES,Covenant", "0", "drb_ra" "2024-03-27 01:05:14", "1249787", "194.147.140.158:2323", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-03-27 05:04:17", "100", "None", "NanoCore,RAT", "0", "abuse_ch" "2024-03-26 22:30:10", "1249769", "45.11.182.29:80", "ip:port", "botnet_cc", "win.socks5_systemz", "None", "Socks5 Systemz", "", "100", "None", "Socks5Systemz", "0", "abuse_ch" "2024-03-26 21:07:44", "1249744", "172.232.208.90:2223", "ip:port", "botnet_cc", "win.pikabot", "None", "Pikabot", "", "100", "", "None", "0", "Cryptolaemus1" "2024-03-26 21:07:44", "1249745", "213.199.41.33:13721", "ip:port", "botnet_cc", "win.pikabot", "None", "Pikabot", "", "100", "", "None", "0", "Cryptolaemus1" "2024-03-26 21:07:44", "1249746", "194.233.91.144:5000", "ip:port", "botnet_cc", "win.pikabot", "None", "Pikabot", "", "100", "", "None", "0", "Cryptolaemus1" "2024-03-26 21:07:44", "1249747", "158.220.95.215:5242", "ip:port", "botnet_cc", "win.pikabot", "None", "Pikabot", "", "100", "", "None", "0", "Cryptolaemus1" "2024-03-26 21:07:44", "1249748", "84.247.157.112:13783", "ip:port", "botnet_cc", "win.pikabot", "None", "Pikabot", "", "100", "", "None", "0", "Cryptolaemus1" "2024-03-26 21:07:43", "1249742", "158.220.95.214:5243", "ip:port", "botnet_cc", "win.pikabot", "None", "Pikabot", "", "100", "", "None", "0", "Cryptolaemus1" "2024-03-26 21:07:43", "1249743", "64.23.199.206:1194", "ip:port", "botnet_cc", "win.pikabot", "None", "Pikabot", "", "100", "", "None", "0", "Cryptolaemus1" "2024-03-26 20:46:56", "1249741", "154.219.163.85:808", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,DXTL-HK DXTL Tseung Kwan O Service", "0", "drb_ra" # Number of entries: 424