################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2024-04-26 19:49:50 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2024-04-26 19:49:50", "1262647", "webcamcn.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/bd462515ea9ffe66fc27d9baa0fcc4bf733385829c2fc5676129aaeeb2e0af88/", "SilverFox", "0", "NDA0N" "2024-04-26 19:49:49", "1262648", "156.248.54.11:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/bd462515ea9ffe66fc27d9baa0fcc4bf733385829c2fc5676129aaeeb2e0af88/", "SilverFox", "0", "NDA0N" "2024-04-26 19:49:48", "1262649", "216.224.125.193:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/bd462515ea9ffe66fc27d9baa0fcc4bf733385829c2fc5676129aaeeb2e0af88/", "SilverFox", "0", "NDA0N" "2024-04-26 19:49:47", "1262650", "38.181.20.8:9227", "ip:port", "botnet_cc", "win.krbanker", "BlackMoon", "KrBanker", "", "100", "https://tria.ge/240426-m4es3sfa2x", "None", "0", "NDA0N" "2024-04-26 19:49:47", "1262651", "27.124.46.73:9817", "ip:port", "botnet_cc", "win.krbanker", "BlackMoon", "KrBanker", "", "100", "https://tria.ge/240426-m7x4tsfa95", "None", "0", "NDA0N" "2024-04-26 19:49:46", "1262652", "http://109.172.112.246/f993692117a3fda2.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:45", "1262653", "109.172.112.246:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:44", "1262654", "185.172.128.111:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:43", "1262655", "http://nitio.com/koo1/Decipher.csv", "url", "payload_delivery", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:42", "1262656", "http://nitio.com/koo/kPyQGTBbZSwVOy6.bin", "url", "payload_delivery", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:41", "1262657", "http://nitio.com/k1/fdoImu226.bin", "url", "payload_delivery", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:39", "1262658", "http://nitio.com/k2/Unconscientiousness.jpb", "url", "payload_delivery", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:38", "1262659", "nitio.com", "domain", "payload_delivery", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:37", "1262660", "94.156.8.104:80", "ip:port", "payload_delivery", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "RemcosRAT", "0", "NDA0N" "2024-04-26 19:49:36", "1262661", "http://94.156.8.104/yFtqL16.bin", "url", "payload_delivery", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "RemcosRAT", "0", "NDA0N" "2024-04-26 19:49:35", "1262662", "94.156.128.246:3323", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://bazaar.abuse.ch/sample/9cb9f9145a6ee0e02edeb9bc4def3214418342fe7e3a130ba8511a1c8ed77fcd/", "None", "0", "NDA0N" "2024-04-26 19:49:34", "1262663", "101.99.92.10:13500", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://tria.ge/240426-pswzbsce3x", "apk", "0", "NDA0N" "2024-04-26 19:49:15", "1262701", "tampabayllc.top", "domain", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "None", "infostealer,lokibot,stealer", "0", "SarlackLab" "2024-04-26 19:49:14", "1262739", "192.169.69.26:7719", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-26 19:49:13", "1262740", "moranhq.duckdns.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-26 19:49:10", "1262646", "156.248.54.11.webcamcn.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/bd462515ea9ffe66fc27d9baa0fcc4bf733385829c2fc5676129aaeeb2e0af88/", "SilverFox", "0", "NDA0N" "2024-04-26 19:49:09", "1262645", "hm2.webcamcn.xyz", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/bd462515ea9ffe66fc27d9baa0fcc4bf733385829c2fc5676129aaeeb2e0af88/", "SilverFox", "0", "NDA0N" "2024-04-26 19:49:08", "1262644", "154.53.42.53:8448", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "None", "0", "MarsT" "2024-04-26 19:49:07", "1262643", "85.209.11.243:15647", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "50", "", "None", "0", "MarsT" "2024-04-26 19:49:06", "1262642", "93.71.184.63:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "None", "0", "MarsT" "2024-04-26 19:49:05", "1262636", "pronethellas.com", "domain", "payload_delivery", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "formbook", "0", "NDA0N" "2024-04-26 19:49:04", "1262635", "https://pronethellas.com/dezX/OBLQLSGPaA72.bin", "url", "payload_delivery", "win.cloudeye", "GuLoader,vbdropper", "CloudEyE", "", "100", "", "Formbook", "0", "NDA0N" "2024-04-26 19:49:03", "1262633", "www.theertyuiergthjk.homes", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:03", "1262634", "theertyuiergthjk.homes", "domain", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "100", "", "None", "0", "NDA0N" "2024-04-26 19:49:02", "1262632", "http://www.theertyuiergthjk.homes/s8o3/", "url", "botnet_cc", "win.formbook", "win.xloader", "Formbook", "", "100", "", "None", "0", "NDA0N" "2024-04-26 18:49:49", "1263005", "49.233.206.56:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/49.233.206.56", "Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-26 18:47:57", "1263004", "95.217.210.118:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/95.217.210.118", "Havoc,HETZNER-AS", "0", "drb_ra" "2024-04-26 18:47:51", "1263003", "34.210.168.103:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/34.210.168.103", "AMAZON-02,Havoc", "0", "drb_ra" "2024-04-26 18:47:41", "1263002", "147.78.103.182:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/147.78.103.182", "Havoc,NETRESEARCH", "0", "drb_ra" "2024-04-26 18:47:38", "1263001", "147.45.79.42:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/147.45.79.42", "AEZA-AS,Havoc", "0", "drb_ra" "2024-04-26 18:47:32", "1263000", "51.15.249.226:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/51.15.249.226", "Havoc,Online SAS", "0", "drb_ra" "2024-04-26 18:46:04", "1262999", "213.199.35.149:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BruteRatel", "Brute Ratel C4", "", "50", "https://search.censys.io/hosts/213.199.35.149", "Brute Ratel C4,CONTABO", "0", "drb_ra" "2024-04-26 17:30:32", "1262998", "http://185.104.181.135/zC", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/185.104.181.135", "AS48881,c2,censys,CobaltStrike,cs-watermark-987654321,DATA-NODE-AS", "0", "DonPasci" "2024-04-26 17:29:25", "1262997", "185.104.181.135:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/185.104.181.135", "AS48881,c2,censys,CobaltStrike,cs-watermark-987654321,DATA-NODE-AS", "0", "DonPasci" "2024-04-26 17:27:34", "1262996", "88.214.27.89:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/88.214.27.89", "AS-ALVIVA,AS209272,c2,censys,CobaltStrike,cs-watermark-1580103824", "0", "DonPasci" "2024-04-26 17:24:51", "1262995", "37.27.45.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/37.27.45.203", "AS24940,c2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2024-04-26 17:23:30", "1262994", "37.27.11.209:8023", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/37.27.11.209", "AS24940,c2,censys,CobaltStrike,cs-watermark-987654321,HETZNER-AS", "0", "DonPasci" "2024-04-26 17:20:46", "1262986", "riptode.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:46", "1262987", "oktes.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:46", "1262988", "hypaton.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:46", "1262989", "vances.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:46", "1262990", "meday.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:46", "1262991", "woo2tech.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:46", "1262992", "yestohe.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:46", "1262993", "vtlintro.xyz", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:41", "1262981", "95.217.246.168:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "2024-04-26 20:04:19", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:41", "1262982", "78.47.186.226:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:41", "1262983", "78.47.14.240:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:41", "1262984", "37.27.11.177:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:41", "1262985", "116.203.0.165:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:40", "1262980", "116.203.167.106:5432", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "2024-04-26 20:04:19", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:36", "1262979", "https://vtlintro.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:35", "1262978", "https://yestohe.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:34", "1262977", "https://woo2tech.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:33", "1262976", "https://meday.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:32", "1262974", "https://hypaton.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:32", "1262975", "https://vances.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:31", "1262973", "https://oktes.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:30", "1262972", "https://riptode.xyz/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:29", "1262971", "https://116.203.0.165/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:28", "1262970", "https://37.27.11.177/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:27", "1262969", "https://78.47.14.240/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:26", "1262967", "https://95.217.246.168/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:26", "1262968", "https://78.47.186.226/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:20:25", "1262966", "https://116.203.167.106:5432/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-26 17:15:34", "1262965", "sol.ethvseos.nl", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/185.196.9.172", "c2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2024-04-26 17:13:56", "1262963", "185.196.9.172:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/185.196.9.172", "AS42624,c2,censys,CobaltStrike,cs-watermark-666666666,SIMPLECARRIER", "0", "DonPasci" "2024-04-26 17:13:56", "1262964", "185.196.9.172:2096", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/185.196.9.172", "AS42624,c2,censys,CobaltStrike,cs-watermark-666666666,SIMPLECARRIER", "0", "DonPasci" "2024-04-26 17:13:28", "1262962", "159.89.124.149:8085", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-04-26 17:49:56", "60", "None", "None", "0", "Rony" "2024-04-26 17:13:27", "1262961", "159.89.124.149:8084", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-04-26 17:49:56", "60", "None", "None", "0", "Rony" "2024-04-26 17:13:25", "1262960", "94.232.45.77:8085", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "2024-04-26 17:49:55", "60", "None", "None", "0", "Rony" "2024-04-26 17:10:10", "1262959", "212.46.38.250:443", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "75", "None", "None", "0", "Rony" "2024-04-26 17:08:36", "1262958", "51.195.211.231:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/51.195.211.231", "AS16276,OVH,panel,UNAM", "0", "DonPasci" "2024-04-26 16:57:01", "1262957", "149.88.82.88:8888", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/149.88.82.88", "AS142032,c2,censys,HFTCL-AS-AP,RAT", "0", "DonPasci" "2024-04-26 16:55:48", "1262956", "137.175.77.94:8848", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/137.175.77.94", "AS54600,c2,censys,PEG-SV,RAT", "0", "DonPasci" "2024-04-26 16:54:10", "1262955", "38.180.25.208:8000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/38.180.25.208", "AS9009,c2,censys,M247,RAT", "0", "DonPasci" "2024-04-26 16:51:36", "1262954", "202.47.118.167:80", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/202.47.118.167", "AS56209,c2,censys,RAT,RKINFRATEL-IN", "0", "DonPasci" "2024-04-26 16:50:08", "1262953", "191.82.222.55:2000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/191.82.222.55", "AS22927,c2,censys,RAT,Telefonica de Argentina", "0", "DonPasci" "2024-04-26 16:49:08", "1262952", "177.102.67.107:5000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/177.102.67.107", "AS27699,c2,censys,RAT,TELEFONICA BRASIL", "0", "DonPasci" "2024-04-26 16:48:07", "1262951", "175.137.217.128:9876", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/175.137.217.128", "AS4788,c2,censys,RAT,TTSSB-MY", "0", "DonPasci" "2024-04-26 16:45:12", "1262947", "187.135.138.133:2080", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.138.133", "AS8151,c2,censys,DarkComet,UNINET", "0", "DonPasci" "2024-04-26 16:45:12", "1262948", "187.135.138.133:2086", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.138.133", "AS8151,c2,censys,DarkComet,UNINET", "0", "DonPasci" "2024-04-26 16:45:12", "1262949", "187.135.138.133:2095", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.138.133", "AS8151,c2,censys,DarkComet,UNINET", "0", "DonPasci" "2024-04-26 16:45:12", "1262950", "187.135.138.133:2222", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.138.133", "AS8151,c2,censys,DarkComet,UNINET", "0", "DonPasci" "2024-04-26 16:45:11", "1262944", "187.135.138.133:2052", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.138.133", "AS8151,c2,censys,DarkComet,UNINET", "0", "DonPasci" "2024-04-26 16:45:11", "1262945", "187.135.138.133:2053", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.138.133", "AS8151,c2,censys,DarkComet,UNINET", "0", "DonPasci" "2024-04-26 16:45:11", "1262946", "187.135.138.133:2079", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.138.133", "AS8151,c2,censys,DarkComet,UNINET", "0", "DonPasci" "2024-04-26 16:43:28", "1262942", "141.11.93.161:80", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/141.11.93.161", "AS8100,ASN-QUADRANET-GLOBAL,c2,censys,DarkComet", "0", "DonPasci" "2024-04-26 16:43:28", "1262943", "141.11.93.161:443", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/141.11.93.161", "AS8100,ASN-QUADRANET-GLOBAL,c2,censys,DarkComet", "0", "DonPasci" "2024-04-26 16:42:22", "1262941", "91.132.49.90:81", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/91.132.49.90", "AS47516,c2,censys,DarkComet,DEHOST-BILISIM", "0", "DonPasci" "2024-04-26 16:40:53", "1262940", "a51493ca2948491e60759223c3be8502", "md5_hash", "payload", "win.bitter_rat", "None", "Bitter RAT", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:40:52", "1262939", "dcdae583da8a1b01a8ad0caef6a7f6f3b6f1eb6dd3298ac7d904200f52712446", "sha256_hash", "payload", "win.bitter_rat", "None", "Bitter RAT", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:40:50", "1262938", "87c1d51cea91b80dd236b1f2ef12d78867ece1ca", "sha1_hash", "payload", "win.bitter_rat", "None", "Bitter RAT", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:40:05", "1262936", "1b17680574d595b6211da1ca0664113f78cfb0e678c209dd61664d0f99841942", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:40:05", "1262937", "c91f9c9ffa73cd9d586d34f73beee0cd", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:40:01", "1262935", "0c6c645322b236944142fdffacbb610906177ee3", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:57", "1262933", "42e35e59355e78dc581115d24babd4424422efacfdb6710395c27e84243959df", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:57", "1262934", "c27c3107bb20803c3f5d8eab7258bb48", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:55", "1262932", "9e8384e96c6542eaf091cec68c351b8bde8d1b96", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:51", "1262930", "96b0bc34b0b56a08f072fa86b980bc99ed38403dfd37e0c2c87e691c5c87ac9b", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:51", "1262931", "565aa174e2e5cbae5811f5ed0f1d5e70", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:49", "1262928", "93115e1730da5003243c419c7d841ca3", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:49", "1262929", "4ae3d13959acd0d263f115c9ebab24ffef4aec9e", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:48", "1262927", "6501a306d8930d9e9504ab23bc393eaef11b2a9ec1098037d07842431ec35c92", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:46", "1262925", "982f1903db530be43b0d0fc4ce976e8e", "md5_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:46", "1262926", "f78e99d234fada2af2a61ed5b3095aeb1be16247", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:45", "1262924", "0c0d782dac4f8afdf63e33666febfe1aea6605c1a64ae532a8b84d2d315b176b", "sha256_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:44", "1262923", "e2a9534e65f2ae33df71b136cfef600eab4f3627", "sha1_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:43", "1262922", "4621fea50e1982e6f753efe7d1be2b35", "md5_hash", "payload", "win.sigloader", "None", "SigLoader", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:42", "1262921", "6b2874507fc8b7782d11f202840850ba6edd8befbb8c163c4d53775fb8d20603", "sha256_hash", "payload", "win.sigloader", "None", "SigLoader", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:41", "1262920", "46072b07bfa96583ed03149a04411cbcf04eadf9", "sha1_hash", "payload", "win.sigloader", "None", "SigLoader", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:39", "1262918", "fce48ed70e8f1e2259e2b5e471e5c10e0a37223db8cd251c900669d5deb86740", "sha256_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:39", "1262919", "8342a62cbd21058faf999a350267b4f9", "md5_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:37", "1262917", "6e37c47f6252c55b274a9b16c266861055986a26", "sha1_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:36", "1262915", "d0295c334677da7ca28746b3feff2e82320314322d99af837090c4e87b362479", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:36", "1262916", "cc800aee4d8f6b42601be444e284354e", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:34", "1262913", "6795efba98699a0cae3c4f729b83ace9", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:34", "1262914", "ef00c39a62b2b5cc4ccd2fea63c0dfa8aadb85c2", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:33", "1262912", "026387aa4411dac1107e403fb44fa90c5a34ec5ab0068af13e3f8f9f0b0f46cd", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:31", "1262910", "1c089552c29f12843d8cd8e2bbf5cf5b", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:31", "1262911", "a46482db507cf67307880919b85dc2187d2a2512", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:30", "1262909", "76dbfa281b158a18c83d08a907f087b7330da28bdd2298eb9ee2f23c1df40491", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:29", "1262908", "6f3e611fc7d7d5938b99575bcd96366d6e213eab", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:28", "1262907", "f9f0b2b6c628789336ab905f82269982", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:27", "1262906", "c33bc714fc0af2273157acd48be009b787742f2711fd6d5f81fc0c85a54a4e41", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:26", "1262905", "3d98fff19ff36e1bb307e885bc22bf7d2e84e941", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:25", "1262903", "451f300d14014ed0d89f00dde44295272d1672507a449a6106dc450493baa52e", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:25", "1262904", "10fb9b71859bfc7ae5aff462a88ade70", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:23", "1262902", "3e6c00c0d6d443741216b79e7f500d927b4cb60a", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:22", "1262900", "1625ac230aa5ca950573f3ba0b1a7bd4c7fbd3e3686f9ecd4a40f1504bf33a11", "sha256_hash", "payload", "win.troldesh", "Shade", "Troldesh", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:22", "1262901", "74143402c40ac2e61e9f040a2d7e2d00", "md5_hash", "payload", "win.troldesh", "Shade", "Troldesh", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:20", "1262898", "19d8a91e9b3652cfc0bb5165e5c3ff52", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:20", "1262899", "4053dc85bb86c47c63f96681d6a62c21cd6342a3", "sha1_hash", "payload", "win.troldesh", "Shade", "Troldesh", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:19", "1262897", "a7026eb135336fc541bb8cf376de89754873bfe36cba3098fbd6bdfb8c22a89d", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:17", "1262895", "1544dbca0efc2c0105dd7d52a21a8891", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:17", "1262896", "649f59eae10939df994db941aabc1fb78f6a0aae", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:16", "1262894", "d5038b0adfdfc36c23dbaafd982bb50bb0e9fc10838e731e10d182d91b28d970", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:15", "1262893", "7fbacdb27457829215cd182eab0a4e4bb4379648", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:14", "1262892", "8bdfe306f813ba1a65ecf6e1da4085c1", "md5_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:13", "1262891", "857fd5543f14e01ea3b08d3aca6ee6763042a48d7b04c9f035a4a37a4d2e0039", "sha256_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:12", "1262890", "7bca83400323c71ee5bd1d655004a4a762e1c71b", "sha1_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:11", "1262888", "6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1", "sha256_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:11", "1262889", "4b905e6548f4d5040fab8962cb71877e", "md5_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:09", "1262887", "15c3785700d10e32ce7e17d706194dd9baa8442a", "sha1_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:08", "1262885", "d0be212a60bf7479492be23497cf0e933b8c6fda4e68b0d9724c7dc18e30fa37", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:08", "1262886", "10f54a1a68bce057dc9abbc2851a6235", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:06", "1262883", "7f26737f63fcd5b7e2695f438e341075", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:06", "1262884", "aa70b6be5f6e35655d0a5e25c450b47f4a23ffd0", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:05", "1262882", "ba7b9fc2750021800299ae2473acdcc6f5bf93e391bebe5da3cd7959904980ff", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:03", "1262881", "325092e21e3089979756be19047c44bc4d036dc6", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:02", "1262880", "c49a9a589af8da0d09c69670b2579ab9", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:01", "1262879", "a411f79466c5b91feae82cddf2cff3cd20130cec9955bf5003f0ce1febd5143f", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:39:00", "1262878", "51a936428711d9bd1307ffd3e75436a0e4568eb2", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:59", "1262877", "e7c340f6eab299b03ba3ffd6760268f9", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:58", "1262876", "c6f1edef594e1e06a4d16cc58539d4e50ccc5799a675c42291d81fcc567c9d30", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:57", "1262875", "66669dc3f7e70675b52b5c6293f4365026da17b9", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:56", "1262873", "3c54f1e2d58d392a6bcd2e6c836d1479888e3c334b8e6f5511a65bc1506681fb", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:56", "1262874", "4e62c4b92779d99998cd908a0966bf7d", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:54", "1262872", "e02dc74baae821c91f12c890db595f9b08db418c", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:53", "1262870", "e20de80a71ce98da7d15176e36f66326ca635c42726f29e87ed0c4b01d2937e7", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:53", "1262871", "a20e41f9774504d4bace9a2a8a7989c6", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:51", "1262869", "b7e082069f682b7e35325e53f204d7216573e1e5", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:50", "1262867", "39e37a6736984b617a47818ffdbd202199c75f769821d4939f1d61dff621098d", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:50", "1262868", "edeb34f392872f3c9e220bc9dcf9ba86", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:48", "1262865", "5ea66f46264b909eacc61b8648278e24", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:48", "1262866", "e9fb6ff7cd47ec7b08391f4c1ecc1e684bf28ff7", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:47", "1262864", "cdc6416614ef3f4b401aff0d519668cd08f7c99f4ebf7c7392ba67193b2c0fea", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:45", "1262862", "280ae1955701d5f84f59ef9f5b8c7412", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:45", "1262863", "72de1f4263613095b85b3c33922cd67a3d94cd7d", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:44", "1262861", "b48a14f185cfd77e01733db2837277db8f47d04f77e6ac7093f0a88927a115fc", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:43", "1262860", "6651afec36ec273a284886892bb22050c3f9931e", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:42", "1262859", "2604da714120c51aa0d1cbb9208cd2f2", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:41", "1262858", "7e6660995d4046f42d7810c4a83d0cac121f9d2a977a69337ad022b50a255852", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:40", "1262857", "2a4a33b87804665b4efcc395f83f7c2c41b0b3d7", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:39", "1262855", "41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:39", "1262856", "6fd558cf3add096970e15d1e62ca1957", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:37", "1262854", "78e95fabcfe8ef7bb6419f8456deccc3d5fa4c23", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:36", "1262852", "7fd14673f73717b024728ae4248be0a1579f480a261c4f4d94742f230a01cb47", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:36", "1262853", "7a6e9d01d9162c7537ba8091187e4235", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:34", "1262851", "f5b69f4b0ec8cd0a4b7bab26a0de167c8cc535cd", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:33", "1262849", "f2198deecddd5ae56620b594b6b20bf8a20f9c983d4c60144bc6007a53087ce4", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:33", "1262850", "407ea767aa26ae13f9ff20d0999c8dda", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:31", "1262847", "dbe4440d32dc0b20dee76c192587ab33", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:31", "1262848", "07e615132ef78e827047ffc4cc6c9d44f5a976fd", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:30", "1262846", "8059dc704b71f1a978547729e4afdf62f0c834950758ca8bb6a25fa6fca0b03d", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:28", "1262844", "46d004a90bfc51d6447a0661f440e7a5", "md5_hash", "payload", "win.cmsbrute", "None", "CMSBrute", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:28", "1262845", "d5c94559655c5fc5bc552fce62aad8673731a3bb", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:27", "1262843", "a50139923127672a8083b6d24b45e102e358aa0fcb8b558a85386cf9892605aa", "sha256_hash", "payload", "win.cmsbrute", "None", "CMSBrute", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:26", "1262842", "fe33bb099ec660d4cc2607a34bcf55c92c5dc0f8", "sha1_hash", "payload", "win.cmsbrute", "None", "CMSBrute", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:25", "1262841", "814d30fd5617213cc9765f05bf823181", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:24", "1262840", "6b260c2a031fee21a1796091021415225b006baa888bfa2a37c3f79ca86ca9c8", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:23", "1262839", "7556260b8e59cea8f9048cf793f7c52ce75fff85", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:22", "1262838", "c93c9f74b4f78e098f297fd4dafff423", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:21", "1262837", "7176ddc82577be37240e7842e497ed7a16af40ff27cf8db62439422f93994c47", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:19", "1262836", "f516c24f73d9448263a4b3f12145d05ab2019c07", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:17", "1262834", "37109eb42fff729d1786ca4b676167f7acaa918a4abaf3bb465cfed6efa2b134", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:17", "1262835", "ed1e2fd68e9de44ea4e01c7897f64411", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:15", "1262832", "f564f9251bd76e796906aebb35ae478a", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:15", "1262833", "a42eb4e6084ac91d1fad3ef9fe01d8d3e9db0c26", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:14", "1262831", "386af47105d3e905ab5c1327fa634dd38e8af6d29f380cfbf0546549734d22f9", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:12", "1262829", "840cbf490ce0600e1057f72949a37c73", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:12", "1262830", "e6b87808a2a2b26bcda776e971e442598402b2bd", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:11", "1262828", "b09a0b160629c46cd40123518cf4beed875c630f8836e2fea5d894c43fd58093", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:10", "1262827", "151c7c81a8f1e9dd889eef12e8c4ca6749495dac", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:09", "1262826", "872fc876d25908a93236dcf98e09e3de", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:08", "1262825", "a6cd55461ca16e33b153c509417d91eec660cc6d447764c9a312a0ad871ca9c5", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:07", "1262824", "06da1381d9aaa978ace25c409a59c3d6560975c0", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:06", "1262822", "ea9deb59fc6309ddda6806eb4f7ce780eb54f1b0b7eca72b366bc8f110c5222a", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:06", "1262823", "baf61e5dbe33cf47ad6ddc4076a07af9", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:04", "1262821", "1fc141512c6a2a4715fd533d0adc1d8ce3c7842f", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:03", "1262820", "d797aae1eaf481e9c887482192b84109", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:02", "1262819", "cbda8606094d0493370b0f219edaba9be92444967aa9259d3e9323314dca2daa", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:38:00", "1262818", "acf58b4eb3f0ffda9a2cd91def583422a11ed873", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:59", "1262816", "cd3e530bfaf604d4e59e78d8d8761ab63f0d3d57beff38c1f4802993226af6bb", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:59", "1262817", "f78fac7fbb75ddcc67dd7cb5b6b6ea97", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:57", "1262814", "1fb40e73578701cc0fa99a9e1fd840d4", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:57", "1262815", "a9b9c8f3121cb128882d3e59b7ba2b045ce0792f", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:55", "1262813", "a637cb5b10bcdf7d7f77c408b3e81af8f006f9e506c5fd47ef28cea8d8f7f1d3", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:53", "1262811", "96b085b3f6ee7441236cee54161309d0", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:53", "1262812", "58aaee87a639eaff32999cfe02e34063edf9b0fb", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:40", "1262810", "222.239.35.173:4449", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/222.239.35.173", "AS9318,c2,censys,RAT,SKB-AS", "0", "DonPasci" "2024-04-26 16:37:37", "1262809", "132d0526eda9bdadbb2b402d44738d4fc91255556325b6a1991e053d1710fcce", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:35", "1262807", "8db4915ba4e6bb27cb249554a18a9f4c", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:35", "1262808", "88cf7eaf5db9a625a4fd922afe4c851abdd86b0b", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:34", "1262806", "470e7bcb766a436b50d28e362621b59467b6e6aa4146b467f4175a8b5c9eaa04", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:33", "1262805", "fd3e06212f9da365c2106dcd808caf291ccb3a2a", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:32", "1262803", "1c6bb4115d8b51391fd600bc70d88a8e9cc9e6406cd7f626087ff4cead341784", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:32", "1262804", "6781c522f3390cc4947959d168e61bbc", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:30", "1262801", "661c97c107efc1d69510c2c4ea7aad09", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:30", "1262802", "8c94b577b260a9a1606af373ee25ab65478d797d", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:28", "1262800", "be630b379514bcea2ea2bb6285c966812b818b49c345ff5ce2ee2e714543f5dd", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:26", "1262798", "28da32c1cf8ead709f4888f84a697c28", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:26", "1262799", "90a923d3c504672057fbdc3fbf42c3be8db5fd8c", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:24", "1262797", "c10f8bc18521b4c90063ae5fc1e0e95e40ed35be3758d90f597d7cc1e3853ade", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:22", "1262795", "d88a9970ec7a11ade4a6dfc3d8150496", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:22", "1262796", "45122f3c46fb3400cc6710a830a259da54b07298", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:21", "1262794", "c159014c79f8dc4d7888b0c092286f9b47fb2b1497dfbfa7c0620d78257127e2", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:20", "1262793", "90e72afbb1eed4c0f20fbc8a7ef5e3069ece0eef", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:19", "1262792", "b4306234a3b45c69df6a6a7cecd6070c", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:18", "1262791", "13129eaaaee8200a17214e947f0e984d10050e79c2cd5a963d7ada54ce3aa0a8", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:17", "1262790", "323197c988bc794e3a6314fce81dc20c48d234ee", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:16", "1262789", "4498a75f6f27e3e03a0b14ba933c0a06", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:15", "1262788", "270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:13", "1262787", "259d54f92d825925cf87c9057d5d0c47a0c50bfb", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:12", "1262785", "5f302f2c568cfc3bef4f7690b84d15dd58caace21a60f76d807e909ff8f81e5e", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:12", "1262786", "ae73eb4cbe39e4a9e28a367331329a12", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:10", "1262783", "df0a67f2a0c162c5a5dee0a8fcd8ab22", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:10", "1262784", "fa827d6b4f9c94dd137fc24b201259a4c8293913", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:09", "1262782", "e62255f98543e0bb1abf017af13fd483e1382158021b7edde65fa55c1ad290cf", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:07", "1262780", "ee4e08febd22e594c7bcb70ea1b0252a", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:07", "1262781", "07981693f5b38fa99a88aca0e13ba5b6022b1465", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:06", "1262779", "3b6c00f64a1d047dfbed967d4fe8f320f4e4de9421a82d94dcb3eba07f23d939", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:05", "1262778", "b1594033fa6e0377ccaea80d1556459128c61a13", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:03", "1262777", "ca4c78e5b146a4eddfcde39610ff1943", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:02", "1262776", "1c3448b78546786cd23b0642700e6c05b49c786f1bbf2f14c60cfff2b378736f", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:37:00", "1262775", "9ac38a6f5a9e77b724f4df58ad54ac5d90183e15", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:58", "1262774", "76935bfc6a1783ae507f5af7bb7a5691", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:57", "1262773", "9cb9f9145a6ee0e02edeb9bc4def3214418342fe7e3a130ba8511a1c8ed77fcd", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:54", "1262772", "11de68dc07c94d552afaca0e3d9d5950ced39b3a", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:53", "1262771", "5a12438b3b4c926c12a9376c7bf13426", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:52", "1262770", "1a794211deaa0ecb6abc6101d7c1bd61111b4dd2d895ee7ecf78fbf17f4c9ab3", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:50", "1262769", "c3185c6a5e5f07a5befbe4af7131d05634f5d1a3", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:48", "1262768", "3b43da1be0c39802b78f6b2c55c4d7e6", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:47", "1262767", "00f5cb420d8caf253b67e22714104ce1fb2d75341286c6e3ff31f527e7e5f5eb", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:45", "1262766", "c7735b309f6543439e447def8351d7238f7c9d58", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2024-04-26 16:36:23", "1262765", "173.249.52.60:6000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/173.249.52.60", "AS51167,c2,censys,CONTABO,RAT", "0", "DonPasci" "2024-04-26 16:34:14", "1262759", "184.174.96.94:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:34:14", "1262760", "184.174.96.94:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:34:14", "1262761", "184.174.96.94:2222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:34:14", "1262762", "184.174.96.94:4444", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:34:14", "1262763", "184.174.96.94:5555", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:34:14", "1262764", "207.32.219.85:8888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:34:13", "1262755", "46.246.14.22:2000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:34:13", "1262756", "88.229.18.221:888", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:34:13", "1262757", "88.229.18.221:20000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:34:13", "1262758", "142.202.191.162:222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "c2,censys,RAT", "0", "DonPasci" "2024-04-26 16:27:35", "1262753", "94.156.65.26:6006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/94.156.65.26", "AS394711,c2,censys,LIMENET,NL,RAT", "0", "DonPasci" "2024-04-26 16:27:35", "1262754", "94.156.65.26:7777", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/94.156.65.26", "AS394711,c2,censys,LIMENET,NL,RAT", "0", "DonPasci" "2024-04-26 16:24:58", "1262752", "94.154.172.83:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/94.154.172.83", "AS208046,c2,censys,COLOCATIONX-DATACENTER,SuperShell", "0", "DonPasci" "2024-04-26 16:23:18", "1262751", "45.15.156.173:8080", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/45.15.156.173", "AS211409,c2,censys,GALAXY-AS,RAT", "0", "DonPasci" "2024-04-26 16:20:02", "1262750", "116.196.82.90:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/116.196.82.90", "AS23724,c2,censys,CHINANET-IDC-BJ-AP,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2024-04-26 16:15:46", "1262748", "18.232.156.244:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "", "AMAZON-AES,AS14618,c2,censys,CobaltStrike,cs-watermark-1643466659", "0", "DonPasci" "2024-04-26 16:15:46", "1262749", "44.221.39.41:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "", "AMAZON-AES,AS14618,c2,censys,CobaltStrike,cs-watermark-1862346740", "0", "DonPasci" "2024-04-26 16:15:45", "1262747", "54.145.84.81:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "", "AMAZON-AES,AS14618,c2,censys,CobaltStrike,cs-watermark-1643466659", "0", "DonPasci" "2024-04-26 16:13:39", "1262746", "http://3.86.13.34/visit.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.86.13.34", "AMAZON-AES,AS14618,c2,censys,CobaltStrike,cs-watermark-615814514", "0", "DonPasci" "2024-04-26 16:12:09", "1262745", "3.86.13.34:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.86.13.34", "AMAZON-AES,AS14618,c2,censys,CobaltStrike,cs-watermark-615814514", "0", "DonPasci" "2024-04-26 16:10:40", "1262744", "http://154.201.83.203/pixel.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.201.83.203/", "AS142032,c2,censys,CobaltStrike,cs-watermark-391144938,HFTCL-AS-AP", "0", "DonPasci" "2024-04-26 16:09:42", "1262743", "154.201.83.203:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.201.83.203", "AS142032,c2,censys,CobaltStrike,cs-watermark-391144938,HFTCL-AS-AP", "0", "DonPasci" "2024-04-26 16:08:00", "1262742", "http://154.12.23.153/activity", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.12.23.153", "AS142032,c2,censys,CobaltStrike,cs-watermark-426352781,HFTCL-AS-AP", "0", "DonPasci" "2024-04-26 16:06:35", "1262741", "154.12.23.153:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/154.12.23.153", "AS142032,c2,censys,CobaltStrike,cs-watermark-426352781,cs-watermark-666666,HFTCL-AS-AP", "0", "DonPasci" "2024-04-26 15:59:11", "1262738", "http://www.nickelviper.com/push", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/18.132.148.106", "c2,censys,CobaltStrike,cs-watermark-368745360", "0", "DonPasci" "2024-04-26 15:58:00", "1262737", "www.nickelviper.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/18.132.148.106", "c2,censys,CobaltStrike,cs-watermark-368745360", "0", "DonPasci" "2024-04-26 15:56:50", "1262736", "18.132.148.106:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/18.132.148.106", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-368745360", "0", "DonPasci" "2024-04-26 15:55:17", "1262734", "http://ns1.anonymouskids.uk/image/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.132.209.99", "c2,censys,CobaltStrike,cs-watermark-1580103824", "0", "DonPasci" "2024-04-26 15:55:17", "1262735", "srothanhlong.vn", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-26 15:54:24", "1262733", "ns1.anonymouskids.uk", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.132.209.99", "c2,censys,CobaltStrike,cs-watermark-1580103824", "0", "DonPasci" "2024-04-26 15:53:01", "1262731", "3.132.209.99:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.132.209.99", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-1580103824", "0", "DonPasci" "2024-04-26 15:53:01", "1262732", "3.132.209.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.132.209.99", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-1580103824", "0", "DonPasci" "2024-04-26 15:51:31", "1262730", "https://ao2gmabl4c.execute-api.us-east-1.amazonaws.com/api/search/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.9.188.172", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 15:48:59", "1262729", "3.9.188.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.9.188.172", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 15:47:30", "1262728", "3.0.50.245:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.0.50.245", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 15:45:42", "1262727", "104.214.168.71:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/104.214.168.71", "AS8075,c2,censys,CobaltStrike,cs-watermark-987654321,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2024-04-26 15:41:48", "1262726", "http://mail.metadate.services/push", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/167.179.76.158", "c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 15:41:06", "1262725", "mail.metadate.services", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/167.179.76.158", "c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 15:39:03", "1262724", "167.179.76.158:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/167.179.76.158", "AS-CHOOPA,AS20473,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 15:37:06", "1262723", "http://65.20.85.214/dpixel", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/65.20.85.214", "AS-CHOOPA,AS20473,c2,censys,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2024-04-26 15:35:56", "1262722", "65.20.85.214:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/65.20.85.214", "AS-CHOOPA,AS20473,c2,censys,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2024-04-26 15:32:31", "1262721", "124.156.166.78:7654", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/124.156.166.78", "AS132203,c2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP-CN", "0", "DonPasci" "2024-04-26 15:30:54", "1262720", "http://43.157.90.6/load", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.157.90.6", "AS132203,c2,censys,CobaltStrike,TENCENT-NET-AP-CN", "0", "DonPasci" "2024-04-26 15:30:04", "1262719", "43.157.90.6:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.157.90.6", "AS132203,c2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP-CN", "0", "DonPasci" "2024-04-26 15:27:23", "1262718", "https://192.227.137.122/dot.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/192.227.137.122", "AS-COLOCROSSING,AS36352,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-26 15:26:31", "1262716", "192.227.137.122:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/192.227.137.122", "AS-COLOCROSSING,AS36352,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-26 15:26:31", "1262717", "192.227.137.122:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/192.227.137.122", "AS-COLOCROSSING,AS36352,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-26 15:24:15", "1262715", "152.42.244.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/152.42.244.175", "AS14061,c2,censys,CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN", "0", "DonPasci" "2024-04-26 15:22:56", "1262714", "http://134.209.27.35/oscp/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/134.209.27.35", "AS14061,c2,censys,CobaltStrike,cs-watermark-925432753,DIGITALOCEAN-ASN", "0", "DonPasci" "2024-04-26 15:22:05", "1262713", "134.209.27.35:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/134.209.27.35", "AS14061,c2,censys,CobaltStrike,cs-watermark-925432753,DIGITALOCEAN-ASN", "0", "DonPasci" "2024-04-26 15:19:43", "1262712", "http://47.236.28.67/updates.rss", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.236.28.67", "ALIBABA-CN-NET,AS45102,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 15:18:54", "1262711", "47.236.28.67:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.236.28.67", "ALIBABA-CN-NET,AS45102,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 15:15:36", "1262710", "http://service-qyygkf1k-1307679590.gz.tencentapigw.com.cn/api/getit", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.94.66.120", "AS55990,c2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2024-04-26 15:14:47", "1262709", "service-qyygkf1k-1307679590.gz.tencentapigw.com.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.94.66.120", "AS55990,c2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2024-04-26 15:14:04", "1262708", "1.94.66.120:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.94.66.120", "AS55990,c2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2024-04-26 15:13:01", "1262707", "1.94.52.236:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/1.94.52.236", "AS55990,c2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2024-04-26 15:10:35", "1262706", "123.57.172.34:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.57.172.34", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-6", "0", "DonPasci" "2024-04-26 15:07:49", "1262705", "47.120.17.76:3306", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.120.17.76", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2024-04-26 15:04:13", "1262704", "http://47.92.151.17/lib/v2/wcp-consent.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.92.151.17", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2024-04-26 15:03:33", "1262703", "47.92.151.17:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.92.151.17", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2024-04-26 15:02:35", "1262702", "39.104.28.176:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/39.104.28.176", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 15:00:10", "1262699", "39.100.109.229:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/39.100.109.229", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-26 14:58:41", "1262698", "39.98.43.192:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/39.98.43.192", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2024-04-26 14:55:59", "1262696", "8.141.166.236:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.141.166.236", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2024-04-26 14:55:59", "1262697", "8.141.166.236:10001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.141.166.236", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2024-04-26 14:54:36", "1262695", "8.137.76.34:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.137.76.34", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-26 14:53:35", "1262694", "8.134.92.24:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.134.92.24", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-305419896", "0", "DonPasci" "2024-04-26 14:52:20", "1262693", "8.130.66.214:10001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.130.66.214", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-26 14:51:12", "1262692", "http://8.130.29.62/IE9CompatViewList.xml", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.130.29.62", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-26 14:50:19", "1262691", "8.130.29.62:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.130.29.62", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-26 14:48:04", "1262690", "150.158.54.83:7500", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/150.158.54.83", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:46:04", "1262689", "124.222.15.103:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/124.222.15.103", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:44:23", "1262688", "123.206.115.56:6667", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.206.115.56", "AS45090,c2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:43:12", "1262687", "http://122.51.89.45/dot.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/122.51.89.45", "AS45090,c2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:42:28", "1262686", "122.51.89.45:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/122.51.89.45", "AS45090,c2,censys,CobaltStrike,cs-watermark-305419896,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:41:28", "1262685", "http://119.91.218.68/ca", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/119.91.218.68", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:40:08", "1262684", "119.91.218.68:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/119.91.218.68", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:38:59", "1262683", "114.132.245.246:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/114.132.245.246", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:37:44", "1262682", "111.229.200.233:3333", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/111.229.200.233", "AS45090,c2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:35:11", "1262680", "111.229.35.119:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/111.229.35.119", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:35:11", "1262681", "111.229.35.119:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/111.229.35.119", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:33:26", "1262679", "101.35.198.25:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.35.198.25", "AS45090,c2,censys,CobaltStrike,cs-watermark-1234567890,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:31:49", "1262678", "http://43.136.43.49/IE9CompatViewList.xml", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.136.43.49", "AS45090,c2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 14:29:39", "1262677", "43.136.43.49:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.136.43.49", "AS45090,c2,censys,CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP", "0", "DonPasci" "2024-04-26 13:01:54", "1262676", "http://47.113.150.236:7777/dot.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-26 13:01:30", "1262675", "https://185.229.237.201/metro91/admin/1/ppptp.jpg", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Servereasy Srl", "0", "drb_ra" "2024-04-26 13:01:19", "1262674", "http://111.230.98.22/cm", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-26 13:01:10", "1262673", "http://43.130.252.161:8888/__utm.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-26 13:00:57", "1262672", "http://209.222.0.68/visit.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-26 15:43:25", "100", "None", "CobaltStrike,cs-watermark-987654321,The Constant Company LLC", "0", "drb_ra" "2024-04-26 13:00:43", "1262671", "http://60.205.115.92:8011/ptj", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-26 13:00:26", "1262670", "https://38.147.170.150:8443/activity", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,LUCIDACLOUD LIMITED", "0", "drb_ra" "2024-04-26 13:00:04", "1262669", "http://8.138.119.180:8080/owa/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-26 12:59:56", "1262668", "http://43.139.205.56/en_US/all.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-26 12:59:40", "1262667", "http://111.230.98.22:7777/ca", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-26 12:59:31", "1262666", "118.31.116.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-26 12:59:30", "1262665", "https://118.31.116.9/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-26 12:59:12", "1262664", "http://38.147.170.150:5555/updates.rss", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,LUCIDACLOUD LIMITED", "0", "drb_ra" "2024-04-26 10:14:47", "1262641", "8.138.119.180:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-26 10:14:46", "1262640", "https://8.138.119.180/owa/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-26 10:14:37", "1262639", "1.14.96.69:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-26 10:14:36", "1262638", "https://1.14.96.69/ca", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-26 09:44:44", "1262637", "45.142.182.80:5900", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-26 09:09:07", "1262606", "192.169.69.25:5654", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-26 09:09:06", "1262607", "craftedfollowing.duckdns.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-26 07:38:14", "1262580", "46.246.86.14:1994", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-26 07:30:12", "1262605", "172.94.9.228:3980", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2024-04-26 06:50:31", "1262604", "5.253.40.118:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/5.253.40.118", "Hookbot Pegasus,STARK-INDUSTRIES", "0", "drb_ra" "2024-04-26 06:50:24", "1262603", "64.227.140.244:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/64.227.140.244", "DIGITALOCEAN-ASN,Hookbot Pegasus", "0", "drb_ra" "2024-04-26 06:50:17", "1262602", "93.127.202.69:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/93.127.202.69", "AS-HOSTINGER,Hookbot Pegasus", "0", "drb_ra" "2024-04-26 06:50:14", "1262601", "14.178.208.233:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/14.178.208.233", "Hookbot Pegasus,VNPT-AS-VN VNPT Corp", "0", "drb_ra" "2024-04-26 06:50:08", "1262600", "18.159.103.213:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/18.159.103.213", "AMAZON-02,Evilginx EvilGoPhish", "0", "drb_ra" "2024-04-26 06:49:56", "1262599", "77.91.70.104:80", "ip:port", "botnet_cc", "win.meduza", "None", "Meduza Stealer", "", "50", "https://search.censys.io/hosts/77.91.70.104", "AEZA-AS,Meduza Stealer", "0", "drb_ra" "2024-04-26 06:49:45", "1262598", "54.202.238.187:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/54.202.238.187", "AMAZON-02,Supershell", "0", "drb_ra" "2024-04-26 06:49:37", "1262597", "45.207.36.33:2088", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.207.36.33", "SONDERCLOUDLIMITED-AS-AP SonderCloud Limited,Supershell", "0", "drb_ra" "2024-04-26 06:49:05", "1262596", "45.207.36.50:2088", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.207.36.50", "SONDERCLOUDLIMITED-AS-AP SonderCloud Limited,Supershell", "0", "drb_ra" "2024-04-26 06:48:37", "1262595", "190.70.119.188:4859", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/190.70.119.188", "DcRat,EPM Telecomunicaciones S.A. E.S.P.", "0", "drb_ra" "2024-04-26 06:48:17", "1262594", "45.141.84.135:54183", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "", "50", "https://search.censys.io/hosts/45.141.84.135", "MEDIALAND-AS,Pupy RAT", "0", "drb_ra" "2024-04-26 06:47:50", "1262593", "35.192.76.216:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/35.192.76.216", "GOOGLE-CLOUD-PLATFORM,Havoc", "0", "drb_ra" "2024-04-26 06:47:17", "1262592", "193.227.134.120:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bb24678a8afe2f43d657e207353ac8600826c72bec732fdd2779c632522249a0%22", "Bianlian Go Trojan,LOGOL-AS", "0", "drb_ra" "2024-04-26 06:47:16", "1262591", "185.234.216.209:20037", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220ceee088e288ff57dd9b16e53c69f3af4c2f4721196598cb594bf0a5553d3307%22", "Bianlian Go Trojan,CHANGWAY-AS", "0", "drb_ra" "2024-04-26 06:46:14", "1262590", "45.95.174.253:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.95.174.253", "Mythic,VELIANET-AS velia.net Internetdienste GmbH", "0", "drb_ra" "2024-04-26 06:46:06", "1262589", "45.95.174.39:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.95.174.39", "Mythic,VELIANET-AS velia.net Internetdienste GmbH", "0", "drb_ra" "2024-04-26 06:45:38", "1262588", "149.28.25.144:55556", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://search.censys.io/hosts/149.28.25.144", "AS-CHOOPA,Sliver", "0", "drb_ra" "2024-04-26 06:45:37", "1262587", "149.28.25.144:5432", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://search.censys.io/hosts/149.28.25.144", "AS-CHOOPA,Sliver", "0", "drb_ra" "2024-04-26 05:55:05", "1262586", "http://39.105.191.1:18888/lt8E", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/7e6660995d4046f42d7810c4a83d0cac121f9d2a977a69337ad022b50a255852/", "cobaltstrike", "0", "abuse_ch" "2024-04-26 05:50:12", "1262585", "39.105.191.1:18888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike", "0", "abuse_ch" "2024-04-26 03:15:12", "1262584", "http://taketa.top/JavascriptPollMultigeneratordatalife.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-26 02:58:05", "1262583", "85.203.42.194:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,ROYALE-AS", "0", "drb_ra" "2024-04-26 02:58:04", "1262582", "http://85.203.42.194/en_US/all.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,ROYALE-AS", "0", "drb_ra" "2024-04-26 02:55:12", "1262581", "http://45.77.223.48/~blog/?ajax=a", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2024-04-26 00:40:12", "1262579", "5.42.92.179:18418", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-26 01:13:09", "100", "None", "RedLineStealer", "0", "abuse_ch" "2024-04-25 22:58:17", "1262578", "http://124.70.154.188/load", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Huawei Cloud Service data center", "0", "drb_ra" "2024-04-25 22:13:27", "1262577", "http://103.116.245.79:808/dot.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,HFTCL-AS-AP High Family Technology Co. Limited", "0", "drb_ra" "2024-04-25 22:13:22", "1262576", "https://175.178.54.48/dot.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 22:13:18", "1262575", "44.194.227.114:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1862346740", "0", "drb_ra" "2024-04-25 22:13:17", "1262573", "https://dct4jph3as9lp.cloudfront.net/ms", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1862346740", "0", "drb_ra" "2024-04-25 22:13:17", "1262574", "dct4jph3as9lp.cloudfront.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1862346740", "0", "drb_ra" "2024-04-25 22:13:12", "1262571", "https://85.203.42.194/visit.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,ROYALE-AS", "0", "drb_ra" "2024-04-25 22:13:12", "1262572", "85.203.42.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,ROYALE-AS", "0", "drb_ra" "2024-04-25 22:13:00", "1262569", "https://23.94.169.124/loginin.html", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-666666666", "0", "drb_ra" "2024-04-25 22:13:00", "1262570", "23.94.169.124:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-666666666", "0", "drb_ra" "2024-04-25 22:12:56", "1262567", "https://8.134.11.7/pixel.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 22:12:56", "1262568", "8.134.11.7:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 22:07:06", "1262565", "flypadi.com", "domain", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "None", "infostealer,lokibot,stealer", "0", "SarlackLab" "2024-04-25 22:07:04", "1262496", "89.34.237.212:80", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "None", "infostealer,lokibot,stealer", "0", "SarlackLab" "2024-04-25 22:05:13", "1262566", "http://cz24519.tw1.ru/_Defaultwindows.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-25 21:41:09", "1262562", "https://cbg.divineunveil.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:09", "1262563", "https://pgdm.my/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:08", "1262561", "http://tutycholid.com/tangerang/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:07", "1262560", "https://vitrine.izaragency.com/model-2/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:06", "1262559", "https://taifateule.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:05", "1262557", "https://upr.lk/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:05", "1262558", "https://phs124168.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:04", "1262556", "http://phatthanhnghia.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:03", "1262555", "https://quotesparade.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:02", "1262554", "https://ugandainarabic.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:01", "1262553", "https://thayhoicoffee.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:00", "1262551", "https://ideosphere.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:00", "1262552", "http://vegasnights.co.za/wp/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:59", "1262550", "https://audio.daiphucminh.vn/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:58", "1262549", "https://seraphyaromatherapy.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:57", "1262548", "https://milkganache.com.br/chocolate/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:56", "1262547", "http://www.websitedesigningindia.biz/projects/visioncrystal/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:55", "1262546", "https://www.pansy-dz.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:54", "1262545", "https://ideanet.co.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:53", "1262544", "https://newsmedia247.site/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:52", "1262543", "https://reyadtours.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:51", "1262542", "https://bissecci.org/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:50", "1262541", "https://devaccrocs.allianceconsultants.net/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:49", "1262540", "https://manbaulhudaasia.aliyy.my/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:48", "1262539", "https://yahyacarpet.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:47", "1262538", "https://vitrine.izaragency.com/Epicure-Traiteur/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:46", "1262537", "https://antvietnam.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:45", "1262536", "https://direitopositivado.com.br/site/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:44", "1262535", "https://i.thietke.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:43", "1262534", "https://divifar.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:42", "1262533", "http://konsaltakuatorial.com/indigo/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:41", "1262532", "https://iswpcreator.com/networkconnect/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:30:00", "1262531", "https://grizmotras.com/live", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:29:59", "1262530", "https://pewwhranet.com/live", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:58", "1262529", "https://pgdm.my/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:57", "1262528", "https://cbg.divineunveil.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:56", "1262527", "http://tutycholid.com/tangerang/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:55", "1262526", "https://vitrine.izaragency.com/model-2/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:54", "1262525", "https://taifateule.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:53", "1262523", "https://upr.lk/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:53", "1262524", "https://phs124168.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:52", "1262522", "http://phatthanhnghia.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:51", "1262521", "https://quotesparade.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:50", "1262520", "https://ugandainarabic.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:49", "1262518", "http://vegasnights.co.za/wp/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:49", "1262519", "https://thayhoicoffee.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:48", "1262517", "https://ideosphere.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:47", "1262516", "https://audio.daiphucminh.vn/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:46", "1262514", "https://milkganache.com.br/chocolate/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:46", "1262515", "https://seraphyaromatherapy.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:45", "1262513", "http://www.websitedesigningindia.biz/projects/visioncrystal/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:44", "1262512", "https://www.pansy-dz.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:43", "1262511", "https://ideanet.co.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:42", "1262509", "https://reyadtours.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:42", "1262510", "https://newsmedia247.site/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:41", "1262508", "https://bissecci.org/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:40", "1262507", "https://devaccrocs.allianceconsultants.net/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:39", "1262506", "https://manbaulhudaasia.aliyy.my/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:38", "1262505", "https://yahyacarpet.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:37", "1262504", "https://vitrine.izaragency.com/Epicure-Traiteur/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:36", "1262503", "https://antvietnam.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:35", "1262501", "https://i.thietke.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:35", "1262502", "https://direitopositivado.com.br/site/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:34", "1262500", "https://divifar.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:33", "1262499", "http://konsaltakuatorial.com/indigo/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:32", "1262498", "https://iswpcreator.com/networkconnect/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:10:10", "1262497", "https://nlqbgkl5.org/security_check/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 20:44:07", "1262495", "http://45.95.11.217/ad.msi", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 20:43:49", "1262494", "https://wrankaget.site/live/", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "2024-04-25 21:29:58", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 20:43:48", "1262493", "https://jarinamaers.shop/live/", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "2024-04-25 21:29:58", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 20:32:31", "1262454", "https://svif-venezuela.com/data.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "base64-encoded-zip,NetSupport", "0", "NDA0N" "2024-04-25 20:32:30", "1262455", "http://svif-venezuela.com/data.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "base64-encoded-zip,NetSupport", "0", "NDA0N" "2024-04-25 20:32:30", "1262456", "http://94.131.101.129/data.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "base64-encoded-zip,NetSupport", "0", "NDA0N" "2024-04-25 20:32:30", "1262457", "svif-venezuela.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "NetSupport", "0", "NDA0N" "2024-04-25 20:32:29", "1262461", "https://33moneycshlazim33.shop/MmExODA3MDAzZjA5/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 20:32:28", "1262462", "https://moneycsasfasfh.shop/MmExODA3MDAzZjA5/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 20:32:27", "1262460", "trembolone.zapto.org", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-04-25 20:32:27", "1262464", "https://moneycsffhgm7.shop/MmExODA3MDAzZjA5/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 20:32:26", "1262459", "91.92.240.43:43957", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-04-25 20:32:26", "1262463", "https://moneymaskalandd.shop/MmExODA3MDAzZjA5/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 20:32:25", "1262465", "minjuthecutest.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/a18106059f5438c0cb46c20aefd36a3cd7cbf4762a3d4ff2daa7312f4cbc7b79/", "None", "0", "NDA0N" "2024-04-25 20:32:24", "1262489", "91.92.240.43:2006", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,condi", "0", "redrabytes" "2024-04-25 20:32:24", "1262490", "91.92.243.102:1990", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2024-04-25 20:32:23", "1262491", "89.185.30.66:2006", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2024-04-25 20:32:23", "1262492", "45.88.90.46:6969", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2024-04-25 18:50:11", "1262488", "54.36.113.159:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/54.36.113.159", "Hookbot Pegasus,OVH", "0", "drb_ra" "2024-04-25 18:50:05", "1262487", "185.125.50.198:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/185.125.50.198", "H2NEXUS-AS,Hookbot Pegasus", "0", "drb_ra" "2024-04-25 18:49:48", "1262486", "109.120.177.48:80", "ip:port", "botnet_cc", "win.meduza", "None", "Meduza Stealer", "", "50", "https://search.censys.io/hosts/109.120.177.48", "AEZA-AS,Meduza Stealer", "0", "drb_ra" "2024-04-25 18:49:27", "1262485", "120.46.59.252:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/120.46.59.252", "HWCSNET Huawei Cloud Service data center,Supershell", "0", "drb_ra" "2024-04-25 18:49:07", "1262484", "45.63.124.134:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.63.124.134", "AS-CHOOPA,Supershell", "0", "drb_ra" "2024-04-25 18:49:04", "1262483", "52.26.153.104:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/52.26.153.104", "AMAZON-02,Supershell", "0", "drb_ra" "2024-04-25 18:48:59", "1262482", "43.139.113.158:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/43.139.113.158", "Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 18:48:35", "1262481", "147.78.103.197:4443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/147.78.103.197", "DcRat,NETRESEARCH", "0", "drb_ra" "2024-04-25 18:48:28", "1262480", "46.246.80.7:8000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/46.246.80.7", "DcRat,PORTLANE www.portlane.com", "0", "drb_ra" "2024-04-25 18:48:16", "1262479", "193.92.65.11:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/193.92.65.11", "FORTHNET-GR Forthnet,Qakbot", "0", "drb_ra" "2024-04-25 18:48:01", "1262478", "13.126.220.163:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/13.126.220.163", "AMAZON-02,Responder", "0", "drb_ra" "2024-04-25 18:47:56", "1262477", "84.249.120.228:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/84.249.120.228", "Responder,TSF-IP-CORE Telia Finland Oyj", "0", "drb_ra" "2024-04-25 18:47:41", "1262476", "18.253.226.108:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/18.253.226.108", "AMAZON EXPANSION,Havoc", "0", "drb_ra" "2024-04-25 18:47:40", "1262475", "18.253.226.108:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/18.253.226.108", "AMAZON EXPANSION,Havoc", "0", "drb_ra" "2024-04-25 18:47:25", "1262474", "5.42.85.10:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/5.42.85.10", "AEZA-AS,Havoc", "0", "drb_ra" "2024-04-25 18:47:20", "1262473", "18.118.8.124:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/18.118.8.124", "AMAZON-02,Havoc", "0", "drb_ra" "2024-04-25 18:47:13", "1262472", "142.93.142.34:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/142.93.142.34", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-04-25 18:46:21", "1262471", "89.117.172.225:58895", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/89.117.172.225", "Deimos,LIMESTONENETWORKS", "0", "drb_ra" "2024-04-25 18:40:05", "1262470", "http://119.186.205.191:57011/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2024-04-25 18:36:02", "1262469", "45.15.156.9:8081", "ip:port", "botnet_cc", "win.risepro", "None", "RisePro", "2024-04-26 20:00:06", "50", "https://tracker.viriback.com/index.php?q=45.15.156.9", "Risepro,ViriBack", "0", "abuse_ch" "2024-04-25 17:59:48", "1262467", "https://88.214.27.89/preload", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824", "0", "drb_ra" "2024-04-25 17:59:48", "1262468", "88.214.27.89:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824", "0", "drb_ra" "2024-04-25 17:55:20", "1262466", "45.15.156.9:50500", "ip:port", "botnet_cc", "win.risepro", "None", "RisePro", "", "100", "None", "RiseProStealer", "0", "abuse_ch" "2024-04-25 16:13:57", "1262280", "https://138.124.180.84/files/netsupport43.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:57", "1262281", "http://138.124.180.84/files/netsupport43.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:56", "1262282", "https://cdn43.space/files/AdvancedIPScanner.msix", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:56", "1262283", "https://cdn43.space/files/netsupport43.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:56", "1262284", "cdn43.space", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:55", "1262285", "138.124.180.84:80", "ip:port", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:55", "1262286", "138.124.180.84:443", "ip:port", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:55", "1262287", "http://byvlsa.com", "url", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "", "magecart", "0", "cyberja" "2024-04-25 16:13:54", "1262288", "http://cdn-report.com", "url", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "", "magecart", "0", "cyberja" "2024-04-25 16:13:54", "1262290", "http://woocomnerce.com", "url", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "", "magecart", "0", "cyberja" "2024-04-25 16:13:53", "1262291", "http://hollandtrees.com", "url", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "", "magecart", "0", "cyberja" "2024-04-25 16:13:53", "1262292", "89.185.30.66:43957", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-04-25 16:13:52", "1262279", "http://138.124.180.84/files/AdvancedIPScanner.msix", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:52", "1262293", "bot.qngxgw.eu.org", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-04-25 16:13:51", "1262275", "193.222.62.236:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "KeitaroTDS,SocGholish", "0", "threatcat_ch" "2024-04-25 16:13:51", "1262278", "https://138.124.180.84/files/AdvancedIPScanner.msix", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 15:32:00", "1262453", "94.232.45.77:443", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "60", "None", "None", "0", "Rony" "2024-04-25 15:24:26", "1262451", "212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:26", "1262452", "d41582bde613bd63caffa80f482e692b", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:23", "1262450", "d1ccf0f0f4224e4daa412c868729977cddec079e", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:09", "1262449", "362978ed1c1eec5ff19b744601e082a2", "md5_hash", "payload", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:08", "1262448", "af6a9b7e7aefeb903c76417ed2b8399b73657440ad5f8b48a25cfe5e97ff868f", "sha256_hash", "payload", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:05", "1262447", "9c9e834e1c38a50fc6cb3ceef4963a4a0026d5af", "sha1_hash", "payload", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:04", "1262445", "c84f8c3f58c2d8193d9f78cffb67205037b48b66c1287e06413f11cbe0e16038", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:04", "1262446", "fcc226702f89fb80675c9b20156500f3", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:00", "1262443", "301a50dbf2903823a87860c5fcd8941d", "md5_hash", "payload", "win.fatduke", "None", "FatDuke", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:00", "1262444", "0f8b46119867e39e95de3b2f3b1aaa9784c2664d", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:59", "1262442", "b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575", "sha256_hash", "payload", "win.fatduke", "None", "FatDuke", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:56", "1262441", "180936e169c0b303d89aef3ee3e01083b8b4219f", "sha1_hash", "payload", "win.fatduke", "None", "FatDuke", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:55", "1262439", "9eef226fdb7d6c554cd552fc3f597ebfd6d77e33b95db53f7a631a75acf0c270", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:55", "1262440", "439f6db2adb770a0f825879c91da9904", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:52", "1262438", "6b997f099e01ba06378a58115f65d515a22f5fb1", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:51", "1262436", "7468b2db67d7df89dc67b64c6a6a487bc67da85c11e03036b26290d8218101a6", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:51", "1262437", "23e189bd0552c1601a8e0f9ba8d15c86", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:48", "1262435", "4094f42d511ab76f00f62dad7d40d42015e87651", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:47", "1262433", "ba1c1884ec9bc5326e183aa6a6f31a7f0f3a78f0ae04a5d13aba1eba1ac3448e", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:47", "1262434", "12d3e11ae0227e8182db020a1f875b67", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:44", "1262431", "b47307545c821c03b617776a41df1741", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:44", "1262432", "ec4525cf7bd7b85e9fbd3101faf7dafaeb83424e", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:43", "1262430", "0f2be1e974ae7ee9be5354fbef333e105cce5c25473648e66a67269d560220f4", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:40", "1262428", "8ddbe91dac2d37f344e4e8dd94dc73ee", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:40", "1262429", "086f735fcd95e8d3608e22494ae3cadd4d9d7acb", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:39", "1262427", "aad1d01aac286d947ba465b0a639add4188cd87aff233946b293f3fd91986438", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:37", "1262425", "4f8fb134c680d0e05861a34827751834", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:37", "1262426", "7928fb3558db9214709fd473597c52bc72f761dc", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:36", "1262424", "9c9ed624eaf441b4637d50fe25d386636c5cb59fb69f5b824afc7cec6dfff7f0", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:34", "1262422", "6ce756cf6ff2be0a373ed026d603ff3a", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:34", "1262423", "5a20d1ff30218dea67d3ff7f61e16e5cc958006f", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:33", "1262421", "88c8961a315e2badff5a30985646c2349a8c115a20a892a52b0888001d2af94a", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:31", "1262419", "19f46c713419f534c1532645b764c7b4", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:31", "1262420", "ad6ed291a7893369188f7da9b93fa544f9400af4", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:30", "1262418", "8b7851ae383ee5e1d106322f99d0a6149044e317ed310ce7464ff7d82afa725c", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:28", "1262417", "f61f07d60704ff3d843596a6068b12f565bbed23", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:27", "1262415", "0b80ebd4dffd54e98c8dd781246d247546f9e47ca86eca4215b07d8631370891", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:27", "1262416", "b0df4f1b7801ed3666e01ee888e4c2af", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:25", "1262414", "d9cdc9cc4b68e351e2b14e42a8adb93210fe64b9", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:24", "1262412", "81f6b674f3bc9a33424293cba5b2f63a9717afcdc1e6619a2a335d0e41546a03", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:24", "1262413", "a517b351592a68de19d643d3702433e6", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:22", "1262411", "e49d9ec67336d00a7c6772aebbbb28e8af82cfd4", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:21", "1262409", "0e40646d6311552a7f6e7a386a06421d97de655f65b099e455cf22db10afd746", "sha256_hash", "payload", "win.teambot", "FINTEAM", "TeamBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:21", "1262410", "106c2cfb1162fc8fe3cef0958474f1c3", "md5_hash", "payload", "win.teambot", "FINTEAM", "TeamBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:19", "1262407", "f207a52477086eaf27141c780530336d", "md5_hash", "payload", "win.pikabot", "None", "Pikabot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:19", "1262408", "c63e3e70248ac3dbd45cd2a6d51a55e9747fd6e4", "sha1_hash", "payload", "win.teambot", "FINTEAM", "TeamBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:18", "1262406", "ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da", "sha256_hash", "payload", "win.pikabot", "None", "Pikabot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:16", "1262404", "d760dc358592d6717d4d6ca1ca0b4a41", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:16", "1262405", "cb3ea1f333d8b80b5ddda33bb1366a46b22dbeaa", "sha1_hash", "payload", "win.pikabot", "None", "Pikabot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:15", "1262403", "87c5e257097fbb317f8f64250f0796574dfaf1e132e4819dc9c62d9d59c227dd", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:13", "1262401", "d53e9b9d10affcf90e613abccc702ca2", "md5_hash", "payload", "win.typhon_stealer", "Typhon Reborn V2", "Typhon Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:13", "1262402", "c9cecc6110f3568c4b8d38c95f834b3bf7a7c0d8", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:12", "1262400", "0bcfadb848694ee56bf3fad6c3a9df4fde2d60cd52ce2a16be42b06fda520812", "sha256_hash", "payload", "win.typhon_stealer", "Typhon Reborn V2", "Typhon Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:10", "1262399", "24849b1a515347a75804d53c483ce6dffc78dbcc", "sha1_hash", "payload", "win.typhon_stealer", "Typhon Reborn V2", "Typhon Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:09", "1262397", "fa0e9e5559910365f159a438c5b6ebc401dbdfe0e349a63c85f695d61a904500", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:09", "1262398", "a963ffef0ef9cfcee28853394947cb02", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:07", "1262396", "abc9d7df3e07b029aea7b065e9dbfa257b3e951c", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:06", "1262394", "b06ef71a820a829fc010a3bc33b6c630282b94d831e25f972b7173f0783b76c9", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:06", "1262395", "a94578e1a694ba09dc9ed5dc7df60fcc", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:04", "1262393", "8ea85a39e4e456e79db46abfe00f9be73c8e254e", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:03", "1262391", "915bf5a44dfb26884cc24273094cc0043ba7e76eb7557b5f5f962bb75ec3377f", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:03", "1262392", "3d5b5f606bb9ba67e94039a7a6986e73", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:00", "1262390", "2df9bc47d9719d24b3e3a2d06738cc95e5e33aa0", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:59", "1262388", "3708d1bd614bd0a96c34dc96c7ef75bb6386b401b6e81b019293a8964447c90a", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:59", "1262389", "b1048f879fa97d356045037bddc4add3", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:57", "1262386", "b321fbc4a5947b5e623708e11a166692", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:57", "1262387", "5e4a581b9756c930af7f0f07020fa668e1ec7143", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:56", "1262385", "d1396a1ec855bd2cd988d0473161c5fba7ac170ba8e2f31b00d2689b517a0f22", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:54", "1262383", "7b3e62bcbeed62a180220669f6a0c548", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:54", "1262384", "a47346617fe2b1dda2920a23179daf9b36bbb06e", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:53", "1262382", "32cad0a627c9f3bf1172d0fc11a5492b2ff20e3e5509f53e0ac83e87d15f2a5d", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:52", "1262381", "3d12e7bf87ce03fe4c59c5127e225dfd37b7a530", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:51", "1262380", "b3dde3d29de6b58cd247ccd2193e4ced", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:50", "1262379", "c1c4559afcf94b6134fad4507537eced00e44d77000ec17b61352439558c5b43", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:49", "1262378", "2a1b433479743a064c3fb8a46d3b677c1af4a115", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:48", "1262376", "e2798e218dd3dc6dcef7a86a0f143acbbbb6d6b4a3aff594b1186c878fecc91a", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:48", "1262377", "b54147f2898416a133000ca23f2f698d", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:46", "1262375", "481632cb0bc1b7e9073140a882e5412278044533", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:45", "1262373", "43f846c12c24a078ebe33f71e8ea3b4f75107aeb275e2c3cd9dc61617c9757fc", "sha256_hash", "payload", "win.phobos", "None", "Phobos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:45", "1262374", "4e93c194b641d9b849f270531ec14d20", "md5_hash", "payload", "win.phobos", "None", "Phobos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:43", "1262371", "0323dc105421401d34155403f091ecbe", "md5_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:43", "1262372", "8b5a21254a0c10e3ca2570eeba490755197b544e", "sha1_hash", "payload", "win.phobos", "None", "Phobos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:42", "1262370", "a3ebc58cb7aebd21137225e16f6686642708e665fceb1f77e54c2413f6c0e706", "sha256_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:40", "1262368", "50e5dec57451005668704281688ca55d", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:40", "1262369", "f71675f7d669437852c55c308cbf3f25e0e923df", "sha1_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:39", "1262367", "062683257386c9e41a1cd1493f029d817445c37f7c65386d54122fa466419ce1", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:38", "1262366", "67dd4ac7eb8c193b39149b34d3a0d5bc21c3f200", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:37", "1262364", "1ecea8b0bc92378bf2bdd1c14ae1628c573569419b91cc34504d2c3f8bb9f8b2", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:37", "1262365", "b7b4c97132d03eead1fa9a9352dee6c2", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:35", "1262363", "c9eb1bdc528076fa9c91668addf0723294ac1575", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:34", "1262361", "62c2c1f7335ed8b0a2120b1cf42a4c55cae1869a0245bef10d51de037e0d7ddf", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:34", "1262362", "bd129b2710c1f8fa9aa98dcc35c5b6b9", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:32", "1262359", "946a0735432aca25fa370970e97a3dbb", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:32", "1262360", "572034f781967e768d6d9b49de62217561538a45", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:31", "1262358", "7628ace4f2627bc65377a8123ce9e05849e4e4b3fd5b862e03ffcee42274ccfb", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:29", "1262356", "3b5a9930c02e7e42ac52627179137656", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:29", "1262357", "9ffac6be378c7379a8ea11a5a439445a46f6bb5c", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:28", "1262355", "5d6a67ab649ed8610da623191e8925e4804c9d0eb424b8f50be64b20c098a890", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:26", "1262353", "0cddb3e724f9bb0314bf8c50db240cf0", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:26", "1262354", "c7c8753c5ff727097fdf8b02b457d34e6f88ac18", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:25", "1262352", "3ebacca195af8a57792fa7fa13c371bc68078d8c33f0d16220c6b65df1271d3e", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:24", "1262351", "8018274d23411ab33bf16168036de21e2790aa0b", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:23", "1262350", "2ad3527444357f19cd120fa1b8bd2f23", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "2024-04-26 16:40:58", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:22", "1262349", "dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "2024-04-26 16:40:58", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:21", "1262348", "ac986ab9967bc084565ed13aa9434eafcc6d4752", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "2024-04-26 16:40:56", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:20", "1262346", "480b540cb344d74306d03347658b2018a4b8504f4055ad15ba43456953d7b33c", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "2024-04-26 16:40:55", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:20", "1262347", "41de8e3e7412b6e97b60fdbfdd24b0ba", "md5_hash", "payload", "win.stealc", "None", "Stealc", "2024-04-26 16:40:55", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:18", "1262345", "fa48e5a86b5f2b04b79f6c3459339a16c2db6aaa", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "2024-04-26 16:40:53", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:17", "1262343", "deb91032be610ab0761ed5e1076877458b9adbbbf79ae250672fc1c2f5fc8d0a", "sha256_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2024-04-26 16:40:49", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:17", "1262344", "34730f3da822589c3b36ec7197ede429", "md5_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2024-04-26 16:40:50", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:15", "1262341", "11b19b59f657910f0af49721a77bc2dd", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-26 16:40:47", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:15", "1262342", "666691e4d03bb9d885184e80d5ec5639ef56a886", "sha1_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "2024-04-26 16:40:48", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:14", "1262340", "c03858657307a20f2da776ba010c76495276e80306c19b70f44342c8bcaece85", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-26 16:40:47", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:12", "1262338", "68dfe1e08b8cc7d19ff72334fdd09db8", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "2024-04-26 16:40:44", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:12", "1262339", "3078779d892bd96e5dfddb76d491f52eefd39a2d", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-26 16:40:45", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:11", "1262337", "a5f4363625928d7fb64087212bd9d094972260739b274f44b53bbbd5be6d19b7", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "2024-04-26 16:40:44", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:09", "1262335", "0213307d4a5c33c73fc8763498a054e5", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:42", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:09", "1262336", "34fb36f9b553c26b0753f540b6a8af1760bb74dc", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "2024-04-26 16:40:42", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:08", "1262334", "6266398586cea7e8cc4154202bb9f5541b1a6b6b5640f0efdd2f2ef9e82c7ae6", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:41", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:06", "1262332", "6acbb1fb58dccd74db667187b22de689", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "2024-04-26 16:40:39", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:06", "1262333", "2c6978c737ad7b1a9547ed3365fef15996d98137", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:39", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:05", "1262331", "c792057cb761da8872421a6c906c4481b260bdb5d27b86378efdd2af39319687", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "2024-04-26 16:40:38", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:03", "1262329", "c3783358a70c67db7ba565a68872b2d6", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:36", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:03", "1262330", "cf0df5b247b15157cfce47473d1b063705d10b44", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "2024-04-26 16:40:37", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:02", "1262328", "2e546d749c2e13895babd1d2bca41978605c1ba3967ca0b21709646120704760", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:36", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:00", "1262326", "254d0303fffb227dde317b5e2bb664ae", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:34", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:00", "1262327", "e0c97fdd090069d6fb47589643fad0d8365b537a", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:34", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:58", "1262325", "78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:33", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:57", "1262324", "f538ce2f5b72eaf0ecfb4a0b4a8af43436c0fb46", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:31", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:56", "1262323", "cd6222a478ab6d10ad8580a791d311c2", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:31", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:55", "1262322", "a74b536fee9f0b123007a407dc96d6f6b5ade2c67532936666dc9ed345cf279c", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:30", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:54", "1262321", "0219966f1b45dc289dade12d868b92478c18d120", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-26 16:40:29", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:53", "1262319", "3796fdf35ca6c4557746dc1de61e477fe9972bc44a2fb23503e302c27fab4335", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-26 16:40:28", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:53", "1262320", "46d06b32a50fd0c1a1981695e6504aa5", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-26 16:40:28", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:51", "1262318", "562f1b0f554ab339d851e7c031059d20a1c88af6", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-26 16:40:26", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:50", "1262316", "dec445c2434579d456ac0ae1468a60f1bad9f5de6c72b88e52c28f88e6a4f6d0", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "2024-04-26 16:40:24", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:50", "1262317", "2212e086551552532c3da53d857167a4", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "2024-04-26 16:40:25", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:48", "1262314", "717ec46d474a5b5ab7d90ce92ffd3215", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "2024-04-26 16:40:22", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:48", "1262315", "c3f095ba1a5d96e078fd8665dc807f516b81ef7e", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "2024-04-26 16:40:22", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:47", "1262313", "074591e29714930d84379bbfa55bf142929f2d1116214ac44e4e39820f7e4dfa", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "2024-04-26 16:40:21", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:45", "1262311", "74e9f3ba74c619021b87520b083c6a1d", "md5_hash", "payload", "win.stealc", "None", "Stealc", "2024-04-26 16:40:19", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:45", "1262312", "5d0a886a14774fb73b59533ab90b1bf8439fd402", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "2024-04-26 16:40:20", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:44", "1262310", "47307dc63a88e7e1ba5eb0230a0ac39092bd5c284896909d5e9f274f47939483", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "2024-04-26 16:40:19", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:43", "1262309", "72db70927e2be7ce030ecb812b9ea241b46d7ad0", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "2024-04-26 16:40:17", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:42", "1262308", "d3ccea4baebe97ae4b7adf2c95ce4e20", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2024-04-26 16:40:17", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:41", "1262307", "3ec2af4b5c9bb02513b905dfa7217efdcec08dce2c3d9621bd4792d50e548cf1", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2024-04-26 16:40:16", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:39", "1262305", "ae88072b3a34f52af18b1f67ebb8a123", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2024-04-26 16:40:14", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:39", "1262306", "2c2436357a6d2fa47fb895a6ff0a64ed2c6a1af3", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2024-04-26 16:40:14", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:38", "1262304", "ba0ebdbc3867696b266eed6a797b9ca9d7c7b9ae88e6190dcc62c9ba88d9eb8a", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2024-04-26 16:40:13", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:36", "1262302", "365526e3609e29a309f253eb2de5fbdc", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2024-04-26 16:40:09", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:36", "1262303", "44245e20a33f771fa393ed862c134df57700f198", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2024-04-26 16:40:10", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:35", "1262301", "4add51cd45b7fd60dbbd612c464438ae9a0a80e0f7f40b5b6cc4a00a10b916ea", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2024-04-26 16:40:09", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:33", "1262300", "4f6a114223790634a249fc7ab3b92c04f17e5f60", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "2024-04-26 16:40:06", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:32", "1262298", "3d4faa1e7f7466857b35c91bda2637ea24783903e14a94ee43508118b56ed17c", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "2024-04-26 16:40:00", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:32", "1262299", "678d5e7b91062c3b4c1ea39343cda69a", "md5_hash", "payload", "win.stealc", "None", "Stealc", "2024-04-26 16:40:00", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:30", "1262297", "d73be2edfa050ee9ac434b310af55210b64375cf", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "2024-04-26 16:39:58", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:29", "1262296", "acfc823a15fbc0247f1974b9a7dc7cf8", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-26 16:39:54", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:28", "1262295", "2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-26 16:39:54", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:26", "1262294", "3289cb74a353915117e7b1649acbff7449068018", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-26 16:39:52", "95", "None", "None", "0", "Grim" "2024-04-25 13:29:41", "1262277", "dcxwq1.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 13:15:06", "1262276", "91.92.252.234:3232", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3/", "asyncrat", "0", "abuse_ch" "2024-04-25 11:21:31", "1262274", "http://service-dduj2otc-1303958398.gz.tencentapigw.com.cn/api/x", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-668899,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 11:21:17", "1262273", "http://88.214.26.29:8001/__utm.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Alviva Holding Limited,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 11:21:03", "1262272", "173.211.46.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Datacamp Limited", "0", "drb_ra" "2024-04-25 11:21:02", "1262271", "https://173.211.46.172/visit.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Datacamp Limited", "0", "drb_ra" "2024-04-25 11:20:43", "1262270", "http://185.216.117.157/match", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1711276032,Overcasts Limited", "0", "drb_ra" "2024-04-25 11:20:35", "1262269", "80.66.75.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Kakharov Orinbassar Maratuly", "0", "drb_ra" "2024-04-25 11:20:20", "1262268", "https://101.201.46.144:8443/vendorReact.dc6a29.chunk.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 11:20:16", "1262267", "http://88.214.27.89:8000/preload", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824", "0", "drb_ra" "2024-04-25 11:20:02", "1262266", "http://211.159.172.150:4444/g.pixel", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 11:19:53", "1262265", "http://8.134.80.227/ChromeUpdate/ShellEx/default.php", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 11:19:44", "1262263", "https://service-dduj2otc-1303958398.gz.tencentapigw.com.cn/api/x", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-668899,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 11:19:44", "1262264", "service-dduj2otc-1303958398.gz.tencentapigw.com.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-25 11:21:32", "100", "None", "CobaltStrike,cs-watermark-668899,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 11:19:30", "1262260", "https://www.stylejason.com:2096/push", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 11:19:30", "1262261", "www.stylejason.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 10:36:30", "1262219", "https://mopelas.top/ZjM0NjUxNDM5MmVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 10:36:30", "1262220", "https://kambarca.top/ZjM0NjUxNDM5MmVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 10:36:29", "1262221", "https://yedekleregldk.top/ZjM0NjUxNDM5MmVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 10:36:29", "1262222", "https://karaklpak.top/ZjM0NjUxNDM5MmVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 10:34:04", "1262259", "http://1.gamithou.cyou/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:52", "1262257", "https://kuramaservices.xyz/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:52", "1262258", "http://78.40.116.170:3000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:51", "1262256", "http://91.92.254.165:7070/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:50", "1262255", "https://158.220.106.37:3000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:49", "1262253", "http://51.38.70.1/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:49", "1262254", "http://89.117.151.8/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:48", "1262252", "https://57.129.16.213:3000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:15:13", "1262251", "46.246.4.2:7045", "ip:port", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "None", "Vjw0rm", "0", "abuse_ch" "2024-04-25 10:13:43", "1262250", "185.172.128.6:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1158277545,EVILEMPIRE-AS", "0", "drb_ra" "2024-04-25 10:13:37", "1262248", "qax.gsldedie.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-25 10:13:37", "1262249", "170.106.169.138:2087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-25 10:13:36", "1262247", "https://qax.gsldedie.sbs:2087/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-25 10:13:31", "1262246", "185.42.14.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "BITWEB-AS,CobaltStrike,cs-watermark-1158277545", "0", "drb_ra" "2024-04-25 10:13:30", "1262245", "dvbtools.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-25 10:13:42", "100", "None", "BITWEB-AS,CobaltStrike,cs-watermark-1158277545", "0", "drb_ra" "2024-04-25 10:13:29", "1262244", "https://dvbtools.com/DocumentId", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "BITWEB-AS,CobaltStrike,cs-watermark-1158277545", "0", "drb_ra" "2024-04-25 10:13:21", "1262243", "https://101.200.197.134/g.pixel", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 10:10:38", "1262242", "78.40.116.170:8872", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 10:10:18", "1262241", "youlovemedontyou.bounceme.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 09:47:26", "1262240", "209.14.69.249:666", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 19:51:10", "100", "", "botnet,c2,mirai", "0", "abus3reports" "2024-04-25 09:47:11", "1262239", "nocrynetworking.duckdns.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 09:40:12", "1262238", "45.95.169.113:4190", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-25 10:09:54", "100", "None", "NanoCore,RAT", "0", "abuse_ch" "2024-04-25 09:12:10", "1262237", "s.sushiking.world", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262231", "139.59.156.81:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262232", "159.203.9.75:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262233", "159.223.220.220:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262234", "161.35.210.154:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262235", "174.138.51.159:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262236", "174.138.51.232:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262223", "64.23.232.47:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262224", "64.23.251.7:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262225", "64.23.251.20:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262226", "64.225.17.60:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262227", "64.226.124.214:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262228", "68.183.48.122:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262229", "138.197.90.26:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262230", "139.59.41.182:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 08:52:16", "1262215", "128.199.180.45:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 09:04:06", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 08:52:16", "1262216", "138.68.97.101:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 09:04:06", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 08:52:16", "1262217", "138.68.97.171:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 09:04:06", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 08:52:16", "1262218", "146.190.135.213:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 09:04:07", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 08:30:18", "1262214", "http://176.123.168.151/4track/TesttrafficEternal/private3/Secure7db/7private3/WordpressLocal/Windows/cpuvoiddbtraffic/2Base/ProviderExternalpipeJavascriptupdateSqldbasyncTemporary.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-25 08:15:16", "1262213", "http://a0947291.xsph.ru/1606aca9.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-25 08:05:16", "1262212", "45.95.169.113:3190", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-25 08:23:02", "100", "None", "NanoCore,RAT", "0", "abuse_ch" "2024-04-25 07:58:24", "1262211", "http://118.31.118.253/j.ad", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 07:57:35", "1262210", "https://118.31.118.253/activity", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 07:40:15", "1262209", "http://45.77.223.48/~blog/?ajax=ee", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2024-04-25 07:28:38", "1262206", "lsagjogu8ztaueghasdjsdigh.cc", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:38", "1262207", "hitler.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:38", "1262208", "kz.hitler.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:08", "1262203", "pve.rebirthltd.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:08", "1262204", "rebirthltd.top", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:08", "1262205", "scan.rebirthltd.top", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262189", "secure-network-rebirthltd.ru", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262190", "bot.secure-network-rebirthltd.ru", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262191", "rebirthltd.dev", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262192", "scan.rebirthltd.dev", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262193", "secure-cyber-security-rebirthltd.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262194", "sex.secure-cyber-security-rebirthltd.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262195", "rebirth-network.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262196", "security.rebirth-network.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262197", "vps.rebirth-network.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262198", "adolfhitler.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262199", "kz.adolfhitler.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262200", "secure-core-rebirthltd.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262201", "security.secure-core-rebirthltd.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262202", "fuck-niggers.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:23:52", "1262188", "45.32.168.59:6363", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-25 06:49:58", "1262187", "91.92.247.254:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/91.92.247.254", "Hookbot Pegasus,LIMENET", "0", "drb_ra" "2024-04-25 06:49:29", "1262186", "45.207.36.45:2088", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.207.36.45", "SONDERCLOUDLIMITED-AS-AP SonderCloud Limited,Supershell", "0", "drb_ra" "2024-04-25 06:48:40", "1262185", "46.246.82.21:6000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/46.246.82.21", "DcRat,PORTLANE www.portlane.com", "0", "drb_ra" "2024-04-25 06:48:27", "1262184", "41.99.107.210:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/41.99.107.210", "ALGTEL-AS,Qakbot", "0", "drb_ra" "2024-04-25 06:48:22", "1262183", "69.159.0.21:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/69.159.0.21", "BACOM,Qakbot", "0", "drb_ra" "2024-04-25 06:48:18", "1262182", "77.126.168.121:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/77.126.168.121", "PARTNER-AS,Qakbot", "0", "drb_ra" "2024-04-25 06:48:13", "1262181", "154.82.65.35:8443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "", "50", "https://search.censys.io/hosts/154.82.65.35", "Pupy RAT,TERAEXCH", "0", "drb_ra" "2024-04-25 06:47:59", "1262180", "64.23.159.147:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/64.23.159.147", "DIGITALOCEAN-ASN,Responder", "0", "drb_ra" "2024-04-25 06:47:56", "1262179", "209.151.148.194:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/209.151.148.194", "Responder,UPCLOUDUSA", "0", "drb_ra" "2024-04-25 06:47:46", "1262178", "51.8.90.242:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/51.8.90.242", "Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2024-04-25 06:47:41", "1262177", "3.250.35.163:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/3.250.35.163", "AMAZON-02,Havoc", "0", "drb_ra" "2024-04-25 06:47:40", "1262176", "3.250.35.163:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/3.250.35.163", "AMAZON-02,Havoc", "0", "drb_ra" "2024-04-25 06:47:36", "1262175", "86.60.160.90:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/86.60.160.90", "Havoc,SSPOY-AS", "0", "drb_ra" "2024-04-25 06:47:24", "1262174", "31.42.185.190:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/31.42.185.190", "Havoc,YURTEH-AS", "0", "drb_ra" "2024-04-25 06:47:18", "1262173", "164.92.80.224:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/164.92.80.224", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-04-25 06:47:15", "1262172", "80.87.206.160:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/80.87.206.160", "Havoc,OVH", "0", "drb_ra" "2024-04-25 06:47:12", "1262171", "50.114.37.38:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/50.114.37.38", "Havoc,RELIABLESITE", "0", "drb_ra" "2024-04-25 06:45:58", "1262170", "129.226.154.137:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/129.226.154.137", "Mythic,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-25 06:30:06", "1262169", "91.92.253.249:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9/", "asyncrat", "0", "abuse_ch" "2024-04-25 06:30:05", "1262168", "91.92.253.249:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9/", "asyncrat", "0", "abuse_ch" "2024-04-25 06:25:16", "1262167", "91.92.253.249:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2024-04-25 05:40:14", "1262166", "172.160.240.225:7654", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2024-04-25 05:16:17", "1262157", "18.192.31.165:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-25 05:16:15", "1262158", "3.125.223.134:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-25 05:16:13", "1262148", "http://107.172.157.239:8000/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "", "cobaltstrike,supershell,Yakit", "0", "Abodovic" "2024-04-25 05:16:11", "1262162", "91.149.202.222:5667", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "binware,catDDoS,kane", "1", "skidreporter" "2024-04-25 05:16:09", "1262163", "159.253.120.176:5667", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "binware,catDDoS,kane", "1", "skidreporter" "2024-04-25 03:10:15", "1262165", "http://45.77.223.48/~blog/?ajax=posts.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2024-04-25 02:57:00", "1262164", "https://123.57.85.206:4000/fwlink", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 01:00:14", "1262161", "41.249.109.159:10000", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-25 01:27:13", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-25 00:20:14", "1262160", "80.66.89.223:38183", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "RedLineStealer", "0", "abuse_ch" "2024-04-24 23:55:13", "1262159", "http://golovkcc.beget.tech/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-24 22:55:17", "1262156", "https://www.fiash.info:2053/api/3", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED", "0", "drb_ra" "2024-04-24 22:45:16", "1262155", "18.158.249.75:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-24 23:03:19", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 22:45:15", "1262154", "3.125.209.94:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 22:45:12", "1262153", "3.125.102.39:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-24 23:03:19", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 22:13:16", "1262152", "45.148.120.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,PHANES-NETWORKS", "0", "drb_ra" "2024-04-24 22:13:15", "1262151", "https://45.148.120.189/ptj", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,PHANES-NETWORKS", "0", "drb_ra" "2024-04-24 22:13:11", "1262149", "https://193.32.179.234/c/msdownload/update/others/2016/12/29136388_", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,FORTIS-AS Hosting services", "0", "drb_ra" "2024-04-24 22:13:11", "1262150", "193.32.179.234:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,FORTIS-AS Hosting services", "0", "drb_ra" "2024-04-24 21:05:01", "1262139", "95.169.196.22:118", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 19:45:49", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:05:00", "1262140", "185.196.11.177:45", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:05:00", "1262141", "212.70.149.10:35342", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:58", "1262142", "94.156.79.77:3966", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:56", "1262143", "2.58.95.123:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:56", "1262144", "94.156.79.155:5958", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:55", "1262145", "66.187.4.175:1337", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:54", "1262146", "3.121.139.82:12138", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-24 21:04:51", "1262110", "https://www.briccodeldente.it/wp-content/themes/white-rock-progression/l3h0y5.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:50", "1262137", "82.205.72.17:8080", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-24 21:04:49", "1262138", "aboft7e.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-24 21:04:46", "1262109", "https://dreamerz.vn/wp-content/themes/twentytwentyone/0srbuw.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:44", "1262107", "https://www.savetheworldpodcast.com/wp-content/themes/twentytwentyone/msecgc.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:43", "1262108", "https://retrobox.rocks/wp-content/themes/twentytwentyfour/vhpg2j.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:42", "1262106", "https://djibek.com/wp-content/themes/twentytwentyone/sb9ivy.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:41", "1262105", "wavebysudryez.fr", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://twitter.com/crep1x/status/1782887599788486787", "WaveStealer", "0", "NDA0N" "2024-04-24 21:04:40", "1262103", "93.123.39.16:1312", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "None", "Mirai", "0", "elfdigest" "2024-04-24 20:38:05", "1262147", "5.230.68.74:443", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "75", "None", "None", "0", "Rony" # Number of entries: 847