################################################################
# ThreatFox IOCs: recent ip-port - CSV format                  #
# Last updated: 2025-11-10 00:02:40 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2025-11-10 00:02:40", "1637713", "82.115.16.75:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/82.115.16.75", "AS212552,BITCOMMAND,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-11-10 00:02:15", "1637711", "102.96.215.214:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/102.96.215.214", "AS36925,ASMedi,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-11-10 00:02:15", "1637712", "93.198.181.8:81", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://search.censys.io/hosts/93.198.181.8", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci"
"2025-11-10 00:01:33", "1637710", "38.102.86.69:6006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/38.102.86.69", "AS26832,AsyncRAT,C2,censys,RAT,RICAWEBSERVICES", "0", "DonPasci"
"2025-11-10 00:01:18", "1637709", "161.248.179.122:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/161.248.179.122", "AS150895,C2,censys,EZTECH-VN,RAT,Remcos", "0", "DonPasci"
"2025-11-10 00:01:07", "1637708", "91.92.243.101:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-11-10 00:06:08", "100", "https://search.censys.io/hosts/91.92.243.101", "AS214943,C2,censys,Latrodectus,RAILNET", "0", "DonPasci"
"2025-11-09 22:47:09", "1637688", "64.185.236.213:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/baf46e0a92eb971f0e35461a222d318714bfd3efe44bd4155ab47ccaf96548a1", "AS18450,c2,Rhadamanthys,stealer,virustotal,WEBNX", "0", "DonPasci"
"2025-11-09 22:47:09", "1637689", "64.185.236.213:44133", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/baf46e0a92eb971f0e35461a222d318714bfd3efe44bd4155ab47ccaf96548a1", "AS18450,c2,Rhadamanthys,stealer,virustotal,WEBNX", "0", "DonPasci"
"2025-11-09 22:44:26", "1637687", "45.156.87.148:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/115561a393928f151b95b6f8a8766e3cc840326822303ddae07f571f21fa530b", "AS51396,c2,PFCLOUD,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 22:40:49", "1637685", "94.156.155.89:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.vmray.com/analyses/_vt/ba565e70297a/report/overview.html", "AS207957,c2,Rhadamanthys,SERVHOST-AS,stealer,vmray", "0", "DonPasci"
"2025-11-09 22:36:35", "1637683", "38.180.233.19:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/92611a27bf605f2901d5c306de94cf479bf281d5fac86afce8aa9a95fb5fd828", "AS58061,c2,Rhadamanthys,SCALAXY-AS,stealer,virustotal", "0", "DonPasci"
"2025-11-09 22:33:54", "1637682", "193.111.117.0:56001", "ip:port", "botnet_cc", "win.resolver_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "100", "https://www.joesandbox.com/analysis/1806876/0/html", "AS207043,c2,DEDIK-IO,joesandbox,PureRAT,rat,ResolverRAT", "0", "DonPasci"
"2025-11-09 22:30:04", "1637681", "37.221.66.129:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/31790639ba63e87fde930dcb529f97f9478900b25ba7aeadbc84a692bf442d45", "AS48753,AVAHOHST,c2,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 22:13:30", "1637676", "23.27.164.2:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/99f4cb721b81268061e52929844bfff4ece475f15bbe60031b857bdf74aacbe6", "AS149440,c2,EVOXTENTERPRISE-AS-AP,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 22:08:08", "1637675", "5.252.155.19:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/3a0cb37e5f668d8be9521416de8b07f3b524f6edbe1db97863c986dae2539964", "AS215826,c2,PARTNER-HOSTING-LTD,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 22:01:54", "1637673", "185.102.115.211:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/709b649f8c717fe5097d9befdcee79b6bbff251c7178a99300623034ff1f940e", "AS215826,c2,PARTNER-HOSTING-LTD,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 21:58:10", "1637671", "176.46.141.8:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://any.run/report/3c8634e850fe61385241aca08f358871b4a682fd0aa370de753f89f895986dea/104babcd-66cd-41fd-a3e8-60d6c266df7a", "anyrun,AS214196,c2,Rhadamanthys,stealer,VLADYLSAV-NAUMETS", "0", "DonPasci"
"2025-11-09 21:50:00", "1637667", "80.97.160.211:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/7083e4ba502e0f342e822af79a962758e803af4d4d50bd109597446167fe1eaf", "AS48753,AVAHOHST,c2,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 20:48:32", "1637659", "206.245.132.113:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/926b40f73c076366af45094748160ceccce0818fd2b67b51e79c6abd4ff7080b", "AS26042,c2,FIBERSTATE,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 20:47:05", "1637658", "196.251.69.129:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/53f7feae0f5030f9c850d792524d76be44ad6dba06a51f08db279c12821e46c1", "AS401120,c2,CHEAPY-HOST,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 20:02:08", "1637652", "182.254.171.19:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/182.254.171.19", "AdaptixC2,AS45090,C2,censys,TENCENT-NET-AP", "0", "DonPasci"
"2025-11-09 20:01:42", "1637651", "45.81.113.237:8080", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-11-09 23:00:25", "100", "https://search.censys.io/hosts/45.81.113.237", "AS205463,C2,censys,PEMBEGULISG,Quasar,RAT", "0", "DonPasci"
"2025-11-09 20:01:21", "1637650", "91.92.120.105:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/91.92.120.105", "AS44901,BELCLOUD,C2,censys,RAT,Remcos", "0", "DonPasci"
"2025-11-09 20:01:08", "1637649", "91.92.243.103:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-11-09 20:02:07", "100", "https://search.censys.io/hosts/91.92.243.103", "AS214943,C2,censys,Latrodectus,RAILNET", "0", "DonPasci"
"2025-11-09 19:55:27", "1637647", "92.205.187.34:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/41c1346afc5bd376fb0132a236647a5b94c4eedc943ad40a8d4aee1a20f3e268/", "asyncrat", "0", "abuse_ch"
"2025-11-09 19:55:26", "1637645", "92.205.187.34:1604", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/41c1346afc5bd376fb0132a236647a5b94c4eedc943ad40a8d4aee1a20f3e268/", "asyncrat", "0", "abuse_ch"
"2025-11-09 19:55:26", "1637646", "92.205.187.34:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/41c1346afc5bd376fb0132a236647a5b94c4eedc943ad40a8d4aee1a20f3e268/", "asyncrat", "0", "abuse_ch"
"2025-11-09 19:55:05", "1637644", "157.20.182.18:1948", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2025-11-09 19:52:31", "1637643", "194.102.104.154:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/536ef5e9a9fb1c08d42dd05c27efa59119367aa62b5a2c5df5f0b6bbdaa0f39c", "AS48753,AVAHOHST,c2,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 19:50:04", "1637642", "92.205.187.34:7771", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2025-11-09 19:40:22", "1637452", "147.185.221.31:19832", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/b2399c31bbf662df6ed5ce34b2e31912701911d39cf4bb0fc609be5cf35c92e9/", "xworm", "0", "abuse_ch"
"2025-11-09 19:40:21", "1637451", "103.249.133.92:19832", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/b2399c31bbf662df6ed5ce34b2e31912701911d39cf4bb0fc609be5cf35c92e9/", "xworm", "0", "abuse_ch"
"2025-11-09 19:38:40", "1637438", "45.156.87.63:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/20b9e09d1591b0eb44648fa31e45822583b78c82a4487d081d2b1a0e175bd32b", "AS51396,c2,PFCLOUD,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 19:36:17", "1637436", "45.153.34.240:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/19c8728acd2e313b20f0a5056545920b5210873674aa3ec9910387453c208234", "AS51396,c2,PFCLOUD,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 19:33:59", "1637435", "45.153.34.184:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/83488673f08cfc76109ccc736f964359d406640ec6b0cf35078c83c3fcf37c27", "AS51396,c2,PFCLOUD,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 19:20:21", "1637433", "172.111.182.5:11276", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/198aa2e30aeea98954e2d908a3987097245e9096bf0e7e7f758885424c4fdf27/", "quasar", "0", "abuse_ch"
"2025-11-09 18:46:57", "1637429", "51.79.119.230:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:46:50", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-09 18:46:36", "1637428", "45.156.25.5:4443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-11-10 02:46:32", "75", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2025-11-09 18:46:18", "1637427", "35.71.175.86:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:46:14", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-09 18:01:27", "1637419", "8.140.42.191:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251109-tezwaafm7z", "AS37963,C2,quasar,rat,triage", "0", "DonPasci"
"2025-11-09 16:02:47", "1637404", "67.217.57.240:1337", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/67.217.57.240", "AS19318,C2,censys,IS-AS-1,Starkillerc2", "0", "DonPasci"
"2025-11-09 16:02:43", "1637403", "3.90.221.14:4841", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/3.90.221.14", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2025-11-09 16:02:36", "1637402", "103.49.92.42:80", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/103.49.92.42", "AS13444,C2,censys,hacktool,Mimikatz,open-dir,TRS-GL-01", "0", "DonPasci"
"2025-11-09 16:01:18", "1637401", "61.37.18.2:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-11-09 23:00:13", "100", "https://search.censys.io/hosts/61.37.18.2", "AS138195,C2,censys,Gh0st,MOACKCOLTD-AS-AP,RAT", "0", "DonPasci"
"2025-11-09 16:01:03", "1637400", "77.83.207.217:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 23:00:11", "100", "https://search.censys.io/hosts/77.83.207.217", "AS216341,C2,censys,CobaltStrike,cs-watermark-1158277545,OPTIMA-AS", "0", "DonPasci"
"2025-11-09 16:01:02", "1637399", "88.214.50.136:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 23:00:10", "100", "https://search.censys.io/hosts/88.214.50.136", "AS216341,C2,censys,CobaltStrike,cs-watermark-1158277545,OPTIMA-AS", "0", "DonPasci"
"2025-11-09 16:01:00", "1637398", "106.54.244.136:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 23:00:09", "100", "https://search.censys.io/hosts/106.54.244.136", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2025-11-09 16:00:59", "1637397", "128.199.86.145:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 23:00:07", "100", "https://search.censys.io/hosts/128.199.86.145", "AS14061,C2,censys,CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN", "0", "DonPasci"
"2025-11-09 15:45:09", "1637395", "47.243.131.179:6666", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2025-11-09 14:51:16", "1637282", "185.176.94.42:9931", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle"
"2025-11-09 14:51:15", "1637291", "194.36.190.73:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-11-10 02:45:25", "90", "https://search.censys.io/hosts/194.36.190.73", "AS60117,C2,censys,HS", "0", "dyingbreeds_"
"2025-11-09 14:51:15", "1637292", "45.192.98.190:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-09 11:27:35", "100", "https://search.censys.io/hosts/45.192.98.190", "AS401696,C2,censys,COGNETCLOUD,Supershell", "0", "dyingbreeds_"
"2025-11-09 14:51:15", "1637293", "36.233.54.27:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/36.233.54.27", "AS3462,Botnet,byob,C2,censys", "0", "dyingbreeds_"
"2025-11-09 14:51:14", "1637294", "38.147.171.111:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-11-09 11:27:57", "100", "https://search.censys.io/hosts/38.147.171.111", "AS139659,C2,censys", "0", "dyingbreeds_"
"2025-11-09 14:51:14", "1637295", "47.103.120.243:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.103.120.243", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-09 14:51:14", "1637296", "167.172.182.247:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/167.172.182.247", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-09 14:51:13", "1637297", "195.66.25.17:2083", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/195.66.25.17", "AS215540,censys,GCS-AS,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-09 14:51:13", "1637298", "130.51.80.40:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/130.51.80.40", "AS23352,censys,GoPhish,Phishing,SERVERCENTRAL", "0", "dyingbreeds_"
"2025-11-09 14:33:45", "1637385", "91.184.247.172:4133", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/0b7c4a8a6528006f02810315f3a6c2b34ae46c2baedfdcb8e028c9047f0ff945", "AS48282,c2,Rhadamanthys,stealer,VDSINA-AS,virustotal", "0", "DonPasci"
"2025-11-09 14:33:45", "1637386", "91.184.247.172:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/0b7c4a8a6528006f02810315f3a6c2b34ae46c2baedfdcb8e028c9047f0ff945", "AS48282,c2,Rhadamanthys,stealer,VDSINA-AS,virustotal", "0", "DonPasci"
"2025-11-09 14:31:02", "1637384", "144.124.244.117:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/b458cd7b111dcc7af5a774bc986e7ef0c80f64b9da912ea48bf0b4b38e70b53f", "AS216071,c2,Rhadamanthys,stealer,VDSINA,virustotal", "0", "DonPasci"
"2025-11-09 14:27:35", "1637383", "104.164.55.233:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/bc441cfd0938a756232470a6fd768427f0b0a272b7f915aa9b21df75a6700694", "AS212477,c2,Rhadamanthys,ROYALE-AS,stealer,virustotal", "0", "DonPasci"
"2025-11-09 14:24:24", "1637381", "194.33.61.137:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/91f46c99cfc6ccfa1bd2a609eb9a26eea6a7eb53213557a33a1a29e88b74eb91", "AS215826,c2,PARTNER-HOSTING-LTD,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 14:22:10", "1637380", "176.46.141.23:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/4e8e93a1f1c50a1594122caaaf837a79e0043501670f385abe09fe6374a2860b", "AS214196,c2,Rhadamanthys,stealer,virustotal,VLADYLSAV-NAUMETS", "0", "DonPasci"
"2025-11-09 14:18:08", "1637379", "156.225.64.230:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/0e42c5019ecb9284b997c184d6c5eebb2017cd2979ac3c6b00d1c3ae0da4b136", "AS149440,c2,EVOXTENTERPRISE-AS-AP,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 14:14:12", "1637377", "166.88.96.129:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/a5a1fde1062faf2d36804499a0d3952b9081c39350696b5289eaa33a42beab65", "AS149440,c2,EVOXTENTERPRISE-AS-AP,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 14:11:37", "1637376", "94.156.236.154:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/0199acb277289aee8c0a55d1f745ba75992deeea06be3421b6c9e68f83285a9b", "AS41745,c2,FORTIS-AS,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 14:06:44", "1637374", "156.225.64.164:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/3372878764cf668a1d959035be012593ce63b6acf2efbafb8fe377bd5a4658ab", "AS149440,c2,EVOXTENTERPRISE-AS-AP,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 14:01:10", "1637373", "66.78.40.82:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/4ff4344d36d29b313c71dfa1e70c351499fbbbd942cf59f6db7bd1b70f241ca6", "AS215659,c2,MOEMOEKYUN,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:59:24", "1637372", "194.55.137.74:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.vmray.com/analyses/_vt/abf052189d7c/report/ioc.html", "AS-GEOHOSTING,AS41111,c2,Rhadamanthys,stealer,vmray", "0", "DonPasci"
"2025-11-09 13:56:42", "1637370", "80.66.72.37:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/c95653238d78d5b2abfc71cf84ee5b93cd2d61e6fb6584aadd6b378f8155f16c", "AS215540,c2,GCS-AS,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:53:21", "1637369", "109.172.54.126:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/1b01d8fa280cf929d939dc83669e17aa2055680fd8f3ecec82f99c9451bfbf84", "AS215540,c2,GCS-AS,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:50:04", "1637368", "185.198.234.100:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/52d65bd014cc950a0b8425e4817fbe8ddfc3e5aa9cd712b3a7b131bd1818f223", "AS212477,c2,Rhadamanthys,ROYALE-AS,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:47:43", "1637367", "185.198.234.232:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/9ff39f903b4518fb9342590c1e442dbe2827c4de447f1036ed6839345b2bb19a", "AS212477,c2,Rhadamanthys,ROYALE-AS,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:43:46", "1637365", "185.242.245.10:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/5d98c453710ba52901a01fc5632f070ee4f5abf438dafd3d76c784a271ba532f", "AS214927,c2,PSB-AS,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:40:32", "1637364", "194.33.61.152:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/f9f4b5a62995c810d3286243d0b40753bebc1c7fae4b9b1edfbf8845affad555", "AS215826,c2,PARTNER-HOSTING-LTD,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:34:13", "1637363", "144.31.191.199:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/fba4c365451046835ed762c50d67b83d66f90fd5a4b35b1eb0844852e2e0600e/relations", "AS212743,c2,ETERNITY-AS,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:30:44", "1637361", "5.149.248.82:35888", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/0d295e0f201156b5f87b2cc1312ece7631cb561c81f495b001ec9e1a14526926", "AS59711,c2,HZ-EU-AS,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:27:55", "1637360", "104.248.88.63:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/0d295e0f201156b5f87b2cc1312ece7631cb561c81f495b001ec9e1a14526926", "AS14061,c2,DIGITALOCEAN-ASN,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:23:20", "1637358", "104.164.55.96:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1802522/0/html", "AS212477,c2,joesandbox,Rhadamanthys,ROYALE-AS,stealer", "0", "DonPasci"
"2025-11-09 13:17:20", "1637357", "80.253.251.193:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/d54d72e5401ebd4b1480cc7016746895987358104888434beec00b49ce095d7a", "AS215540,c2,GCS-AS,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 13:09:07", "1637355", "77.105.143.139:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.vmray.com/analyses/_vt/aa6a1ab0320c/report", "AS216071,c2,Rhadamanthys,stealer,VDSINA,vmray", "0", "DonPasci"
"2025-11-09 13:09:06", "1637354", "109.107.178.32:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.vmray.com/analyses/_vt/aa6a1ab0320c/report", "AS216071,c2,Rhadamanthys,stealer,VDSINA,vmray", "0", "DonPasci"
"2025-11-09 13:00:53", "1637351", "217.156.67.101:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/8ec4f2e0dd5ba0870e25e97624fabf216df60263576c00976d5a5074ea32f868", "AS48753,AVAHOHST,c2,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 12:57:14", "1637349", "213.176.79.90:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://any.run/report/f6a5e71a41393987ddc7cb40b0ff30adc06c7cd1d84f2e0eb9a994ee02d1c946/45b887d8-3f70-4f3a-91c5-b2c000e9a4a6", "anyrun,AS215826,c2,PARTNER-HOSTING-LTD,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-09 12:54:56", "1637348", "195.24.236.23:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://threatfox.abuse.ch/ioc/1629729/", "AS60223,c2,NETIFACE-AS,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-09 12:49:54", "1637347", "83.147.18.16:8445", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-11-10 02:49:30", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch"
"2025-11-09 12:49:52", "1637346", "70.36.99.102:54585", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.virustotal.com/gui/file/c18156abdede0429603b8df114ad8deaccf20a39298ea749423875a89d5b612e", "AS22439,c2,PERFECT-INTERNATIONAL,Rhadamanthys,stealer,virustotal", "0", "DonPasci"
"2025-11-09 11:48:50", "1637316", "176.46.141.40:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1810605/0/iochtml", "AS214196,c2,joesandbox,Rhadamanthys,stealer,VLADYLSAV-NAUMETS", "0", "DonPasci"
"2025-11-09 11:46:17", "1637314", "217.156.122.8:5888", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1810618/0/iochtml", "AS48753,AVAHOHST,c2,joesandbox,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-09 11:44:01", "1637313", "80.97.160.202:5888", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1810618/0/iochtml", "AS48753,AVAHOHST,c2,joesandbox,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-09 11:41:30", "1637311", "176.65.132.72:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1810619/0/iochtml", "AS51396,c2,joesandbox,PFCLOUD,rhadamanthys,stealer", "0", "DonPasci"
"2025-11-09 11:41:30", "1637312", "176.65.132.73:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1810619/0/iochtml", "AS51396,c2,joesandbox,PFCLOUD,rhadamanthys,stealer", "0", "DonPasci"
"2025-11-09 11:28:15", "1637303", "36.255.98.252:80", "ip:port", "botnet_cc", "osx.amos", "Atomic macOS Stealer", "AMOS", "", "100", "https://search.censys.io/hosts/36.255.98.252", "AS208137,C2,censys,FPS12,odyssey,panel,stealer", "0", "DonPasci"
"2025-11-09 11:27:05", "1637301", "221.14.182.99:54002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 23:00:10", "100", "https://search.censys.io/hosts/221.14.182.99", "AS4837,C2,censys,CHINA169-BACKBONE,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci"
"2025-11-09 10:48:11", "1637288", "101.132.71.240:1443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-10 02:47:58", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-09 09:19:59", "1637274", "23.27.177.183:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://x.com/TuringAlex/status/1986746682084839459", "APT,BADCALL,Lazarus", "0", "abuse_ch"
"2025-11-09 09:00:03", "1637271", "91.231.222.220:7076", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch"
"2025-11-09 08:47:53", "1637268", "91.92.243.2:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2025-11-10 02:47:31", "75", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2025-11-09 08:47:53", "1637269", "91.92.243.87:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2025-11-10 02:47:31", "75", "None", "drb-ra,EyePyramid", "0", "abuse_ch"
"2025-11-09 08:47:15", "1637267", "51.79.117.159:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:46:50", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-09 08:03:05", "1637259", "154.49.3.43:8080", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-11-10 02:44:05", "100", "https://search.censys.io/hosts/154.49.3.43", "AdaptixC2,AS174,C2,censys,COGENT-174", "0", "DonPasci"
"2025-11-09 08:03:05", "1637260", "185.154.195.94:1337", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/185.154.195.94", "AdaptixC2,AS9123,C2,censys,TIMEWEB-AS", "0", "DonPasci"
"2025-11-09 08:02:43", "1637258", "104.194.153.132:7000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-11-10 02:43:19", "100", "https://search.censys.io/hosts/104.194.153.132", "AS14956,C2,censys,DcRAT,RAT,ROUTERHOSTING", "0", "DonPasci"
"2025-11-09 08:02:37", "1637257", "95.112.70.120:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-10 02:47:35", "100", "https://search.censys.io/hosts/95.112.70.120", "AS6805,C2,censys,Mythic,TDDE-ASN1", "0", "DonPasci"
"2025-11-09 08:02:34", "1637256", "64.94.85.199:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/64.94.85.199", "AS399629,BLNWX,C2,censys,RAT,Sectop", "0", "DonPasci"
"2025-11-09 08:02:17", "1637255", "62.60.226.65:43155", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-11-10 02:47:02", "100", "https://search.censys.io/hosts/62.60.226.65", "AS214351,C2,censys,FEMOIT,RAT,Remcos", "0", "DonPasci"
"2025-11-09 08:01:32", "1637254", "207.148.70.26:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 11:00:09", "100", "https://search.censys.io/hosts/207.148.70.26", "AS-VULTR,AS20473,C2,censys,CobaltStrike,cs-watermark-305419896", "0", "DonPasci"
"2025-11-09 07:57:06", "1637249", "103.237.86.164:3435", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-11-09 07:57:06", "1637250", "203.202.232.87:40406", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-11-09 07:57:06", "1637251", "203.202.232.87:40407", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-11-09 07:57:06", "1637252", "23.140.8.132:22033", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-11-09 07:54:47", "1637242", "185.240.104.20:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-11-09 07:54:47", "1637243", "185.240.104.20:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-11-09 07:54:47", "1637244", "185.240.104.20:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots"
"2025-11-09 07:49:41", "1637146", "108.165.228.132:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 00:00:58", "100", "https://search.censys.io/hosts/108.165.228.132", "AS55286,C2,censys,SERVER-MANIA", "0", "dyingbreeds_"
"2025-11-09 07:49:39", "1637145", "111.229.148.93:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 00:00:57", "100", "https://search.censys.io/hosts/111.229.148.93", "AS45090,C2,censys", "0", "dyingbreeds_"
"2025-11-09 07:49:39", "1637147", "23.249.20.52:14994", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-11-09 00:01:48", "75", "https://search.censys.io/hosts/23.249.20.52", "AS152156,C2,censys,RAT", "0", "dyingbreeds_"
"2025-11-09 07:49:38", "1637148", "93.144.224.162:1338", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-11-10 02:47:33", "100", "https://search.censys.io/hosts/93.144.224.162", "AS30722,C2,censys,RAT,VODAFONE-IT-ASN", "0", "dyingbreeds_"
"2025-11-09 07:49:38", "1637149", "45.156.87.7:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-11-10 02:46:32", "100", "https://search.censys.io/hosts/45.156.87.7", "AS51396,C2,censys,Hookbot,PFCLOUD", "0", "dyingbreeds_"
"2025-11-09 07:49:37", "1637151", "188.68.168.150:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "https://search.censys.io/hosts/188.68.168.150", "AS50596,C2,censys,ITNET33,Loader,T34loader", "0", "dyingbreeds_"
"2025-11-09 07:49:37", "1637152", "78.46.167.21:8081", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/78.46.167.21", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_"
"2025-11-09 07:49:36", "1637153", "72.60.113.48:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/72.60.113.48", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-09 07:49:36", "1637154", "173.212.254.5:38364", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/173.212.254.5", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-09 07:49:35", "1637227", "196.251.116.84:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle"
"2025-11-09 07:40:21", "1637232", "162.220.12.209:8990", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/adb8b0b453f04365cc3dd487d7875c7e7139faf1959ababd7e7c630aaf459207/", "quasar", "0", "abuse_ch"
"2025-11-09 06:02:35", "1637217", "156.240.108.30:446", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251109-dxe1tszlbj", "AS140227,C2,rat,triage,valleyrat", "0", "DonPasci"
"2025-11-09 06:02:35", "1637218", "156.240.108.30:443", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/251109-dxe1tszlbj", "AS140227,C2,rat,triage,valleyrat", "0", "DonPasci"
"2025-11-09 06:02:08", "1637215", "160.202.133.151:6293", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://tria.ge/251109-d32f1s1res", "AS60781,C2,RedLine,RedlineStealer,stealer,triage", "0", "DonPasci"
"2025-11-09 06:01:07", "1637213", "23.95.198.241:61315", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251109-anfn8axmbn", "AS36352,C2,rat,remcos,triage", "0", "DonPasci"
"2025-11-09 06:01:03", "1637212", "90.100.52.173:9999", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251109-evzg5azqeq", "AS3215,C2,triage,xworm", "0", "DonPasci"
"2025-11-09 04:01:48", "1637198", "150.40.127.100:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-11-09 11:01:39", "100", "https://search.censys.io/hosts/150.40.127.100", "AS211619,C2,censys,MAXKO,moobot", "0", "DonPasci"
"2025-11-09 04:01:38", "1637197", "54.92.90.78:56213", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-11-10 02:46:57", "100", "https://search.censys.io/hosts/54.92.90.78", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-11-09 04:01:37", "1637196", "51.112.231.248:6727", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-11-10 02:46:48", "100", "https://search.censys.io/hosts/51.112.231.248", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-11-09 04:01:35", "1637195", "154.64.231.55:8889", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-11-09 11:01:27", "100", "https://search.censys.io/hosts/154.64.231.55", "AS979,C2,censys,NETLAB-SDN,RAT,Venom", "0", "DonPasci"
"2025-11-09 04:01:34", "1637194", "179.145.48.152:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-11-10 02:44:44", "100", "https://search.censys.io/hosts/179.145.48.152", "AS27699,C2,censys,Havoc,TELEFONICA", "0", "DonPasci"
"2025-11-09 04:01:27", "1637193", "92.118.56.54:7755", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-11-10 02:47:32", "100", "https://search.censys.io/hosts/92.118.56.54", "AS40021,AsyncRAT,C2,censys,CONTABO-40021,RAT", "0", "DonPasci"
"2025-11-09 04:01:26", "1637192", "92.205.187.34:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-11-10 02:47:32", "100", "https://search.censys.io/hosts/92.205.187.34", "AS21499,AsyncRAT,C2,censys,GODADDY-SXB,RAT", "0", "DonPasci"
"2025-11-09 02:50:01", "1637184", "77.83.207.218:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-10 02:49:23", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-09 02:49:36", "1637183", "36.213.15.83:10443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-10 02:49:01", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2025-11-09 02:40:03", "1637178", "45.141.215.75:8080", "ip:port", "botnet_cc", "win.xenorat", "None", "XenoRAT", "", "100", "None", "XenoRAT", "0", "abuse_ch"
"2025-11-09 00:02:18", "1637161", "13.38.46.18:789", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-11-10 02:43:43", "100", "https://search.censys.io/hosts/13.38.46.18", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-11-08 21:45:05", "1637131", "108.187.7.85:447", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2025-11-08 20:03:12", "1637118", "196.75.213.17:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/196.75.213.17", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci"
"2025-11-08 20:02:47", "1637117", "54.95.111.44:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-11-10 02:46:57", "100", "https://search.censys.io/hosts/54.95.111.44", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci"
"2025-11-08 20:02:43", "1637116", "178.16.55.222:4449", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-11-08 23:00:41", "100", "https://search.censys.io/hosts/178.16.55.222", "AS214943,C2,censys,RAILNET,RAT,Venom", "0", "DonPasci"
"2025-11-08 20:02:39", "1637115", "45.77.41.162:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-10 02:46:36", "100", "https://search.censys.io/hosts/45.77.41.162", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci"
"2025-11-08 20:02:32", "1637114", "113.45.36.119:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-08 23:00:25", "100", "https://search.censys.io/hosts/113.45.36.119", "AS55990,C2,censys,HWCSNET,Supershell", "0", "DonPasci"
"2025-11-08 20:02:22", "1637113", "158.94.209.119:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-11-10 02:44:11", "100", "https://search.censys.io/hosts/158.94.209.119", "AS214943,C2,censys,RAILNET,Sliver", "0", "DonPasci"
"2025-11-08 20:01:44", "1637112", "23.249.28.150:14994", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-11-08 23:00:16", "100", "https://search.censys.io/hosts/23.249.28.150", "AS152156,C2,censys,Gh0st,NARUTO-AS-HK,RAT", "0", "DonPasci"
"2025-11-08 20:01:26", "1637111", "103.143.11.214:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-08 23:00:09", "100", "https://search.censys.io/hosts/103.143.11.214", "AS138152,C2,censys,CobaltStrike,cs-watermark-100000,YISUCLOUDLTD-HK", "0", "DonPasci"
"2025-11-08 18:46:12", "1637102", "207.246.112.9:6000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-11-10 02:45:47", "75", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch"
"2025-11-08 18:44:19", "1637101", "158.69.116.15:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:44:09", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-08 18:44:10", "1637100", "15.197.186.130:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:44:01", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-08 18:43:49", "1637099", "13.40.132.190:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-11-10 02:43:43", "75", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2025-11-08 18:43:41", "1637098", "119.36.33.26:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:43:35", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-08 18:43:38", "1637097", "112.213.120.162:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-11-10 02:43:32", "75", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2025-11-08 18:43:30", "1637096", "107.172.3.15:40056", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-11-10 02:43:25", "75", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2025-11-08 16:55:27", "1637087", "216.250.249.20:2416", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/ac81821876a286971f7672aab9ff662ecdb9df9daa4caaec21e2694dd50b5094/", "xworm", "0", "abuse_ch"
"2025-11-08 16:46:10", "1637084", "47.79.19.147:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 08:58:07", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2025-11-08 16:45:39", "1637080", "196.251.72.110:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle"
"2025-11-08 16:02:31", "1637078", "45.156.87.226:8080", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/45.156.87.226", "AS51396,C2,censys,Gafgyt,open-dir,PFCLOUD", "0", "DonPasci"
"2025-11-08 16:02:19", "1637077", "45.156.25.5:80", "ip:port", "botnet_cc", "win.nimplant", "None", "Nimplant", "2025-11-08 23:00:48", "100", "https://search.censys.io/hosts/45.156.25.5", "AS56971,C2,censys,Nimplant", "0", "DonPasci"
"2025-11-08 16:02:15", "1637076", "16.170.141.201:8001", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-11-10 02:44:13", "100", "https://search.censys.io/hosts/16.170.141.201", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-11-08 16:02:14", "1637075", "16.51.132.109:1911", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-11-10 02:44:14", "100", "https://search.censys.io/hosts/16.51.132.109", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-11-08 16:02:13", "1637073", "86.54.42.167:3000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-11-10 02:47:24", "100", "https://search.censys.io/hosts/86.54.42.167", "AS42624,C2,censys,DcRAT,RAT,SWISSNETWORK02", "0", "DonPasci"
"2025-11-08 16:02:13", "1637074", "139.59.253.102:7771", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-11-08 23:00:43", "100", "https://search.censys.io/hosts/139.59.253.102", "AS14061,C2,censys,DcRAT,DIGITALOCEAN-ASN,RAT", "0", "DonPasci"
"2025-11-08 16:02:10", "1637072", "47.129.1.178:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-11-10 02:46:43", "100", "https://search.censys.io/hosts/47.129.1.178", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci"
"2025-11-08 16:02:07", "1637071", "91.92.242.95:3000", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-11-08 23:00:35", "100", "https://search.censys.io/hosts/91.92.242.95", "AS214943,C2,censys,Hookbot,RAILNET", "0", "DonPasci"
"2025-11-08 16:02:06", "1637070", "159.65.115.176:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-10 02:44:12", "100", "https://search.censys.io/hosts/159.65.115.176", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci"
"2025-11-08 16:02:05", "1637069", "77.3.46.159:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-10 02:47:13", "100", "https://search.censys.io/hosts/77.3.46.159", "AS6805,C2,censys,Mythic,TDDE-ASN1", "0", "DonPasci"
"2025-11-08 16:01:46", "1637068", "45.156.87.170:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-11-10 02:46:32", "100", "https://search.censys.io/hosts/45.156.87.170", "AS51396,C2,censys,PFCLOUD,RAT,Remcos", "0", "DonPasci"
"2025-11-08 16:01:43", "1637067", "47.108.14.32:4434", "ip:port", "botnet_cc", "elf.gobrat", "None", "GobRAT", "", "100", "https://search.censys.io/hosts/47.108.14.32", "ALIBABA-CN-NET,AS37963,C2,censys,GobRAT,RAT", "0", "DonPasci"
"2025-11-08 16:01:32", "1637066", "185.177.238.244:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-10 02:48:55", "100", "https://search.censys.io/hosts/185.177.238.244", "AS215540,C2,censys,CobaltStrike,GCS-AS", "0", "DonPasci"
"2025-11-08 16:00:57", "1637064", "38.147.170.119:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-10 02:49:03", "100", "https://search.censys.io/hosts/38.147.170.119", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci"
"2025-11-08 16:00:57", "1637065", "185.212.44.194:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-10 02:48:55", "100", "https://search.censys.io/hosts/185.212.44.194", "AS39378,C2,censys,CobaltStrike,cs-watermark-666666666,SERVINGA", "0", "DonPasci"
"2025-11-08 16:00:56", "1637063", "88.214.50.137:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-08 23:00:13", "100", "https://search.censys.io/hosts/88.214.50.137", "AS216341,C2,censys,CobaltStrike,cs-watermark-1158277545,OPTIMA-AS", "0", "DonPasci"
"2025-11-08 16:00:55", "1637062", "77.83.207.218:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-08 23:00:12", "100", "https://search.censys.io/hosts/77.83.207.218", "AS216341,C2,censys,CobaltStrike,cs-watermark-1158277545,OPTIMA-AS", "0", "DonPasci"
"2025-11-08 15:38:33", "1636910", "103.43.8.226:57899", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "Mirai", "0", "elfdigest"
"2025-11-08 15:38:31", "1636932", "158.94.208.29:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-08 12:00:54", "100", "https://search.censys.io/hosts/158.94.208.29", "AS214943,C2,censys,RAILNET", "0", "dyingbreeds_"
"2025-11-08 15:38:30", "1636931", "47.94.197.104:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-09 08:58:36", "100", "https://search.censys.io/hosts/47.94.197.104", "AS37963,C2,censys", "0", "dyingbreeds_"
"2025-11-08 15:38:29", "1636933", "8.137.147.224:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-08 12:00:59", "100", "https://search.censys.io/hosts/8.137.147.224", "AS37963,C2,censys", "0", "dyingbreeds_"
"2025-11-08 15:38:29", "1636934", "149.56.190.183:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-11-10 02:44:00", "90", "https://search.censys.io/hosts/149.56.190.183", "AS16276,C2,censys,OVH", "0", "dyingbreeds_"
"2025-11-08 15:38:29", "1636935", "39.97.51.221:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-08 12:02:04", "100", "https://search.censys.io/hosts/39.97.51.221", "AS37963,C2,censys,Supershell", "0", "dyingbreeds_"
"2025-11-08 15:38:28", "1636936", "41.251.52.112:81", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-11-10 02:46:24", "100", "https://search.censys.io/hosts/41.251.52.112", "AS36903,C2,censys,MT-MPLS,RAT", "0", "dyingbreeds_"
"2025-11-08 15:38:28", "1636937", "91.92.242.95:4000", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-11-08 12:02:12", "100", "https://search.censys.io/hosts/91.92.242.95", "AS214943,C2,censys,Hookbot,RAILNET", "0", "dyingbreeds_"
"2025-11-08 15:38:28", "1636939", "44.244.204.235:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-11-10 02:46:27", "100", "https://search.censys.io/hosts/44.244.204.235", "AMAZON-02,AS16509,C2,censys", "0", "dyingbreeds_"
"2025-11-08 15:38:27", "1636940", "46.101.113.8:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/46.101.113.8", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-08 15:38:26", "1636938", "3.8.23.180:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-11-10 02:46:07", "100", "https://search.censys.io/hosts/3.8.23.180", "AMAZON-02,AS16509,C2,censys", "0", "dyingbreeds_"
"2025-11-08 15:38:26", "1636941", "46.62.245.242:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/46.62.245.242", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_"
"2025-11-08 15:38:25", "1636942", "107.173.221.187:7777", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/107.173.221.187", "AS-COLOCROSSING,AS36352,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-08 15:38:25", "1636943", "54.208.235.233:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.208.235.233", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-08 15:38:25", "1636944", "52.59.22.113:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.59.22.113", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-08 15:38:24", "1636945", "52.59.22.113:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/52.59.22.113", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-08 15:38:24", "1636946", "34.200.163.136:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/34.200.163.136", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2025-11-08 14:33:32", "1637050", "83.217.208.189:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1809120/0/iochtml", "AS215826,c2,joesandbox,PARTNER-HOSTING-LTD,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-08 14:32:08", "1637049", "5.252.155.81:58121", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1809076/0/iochtml", "AS215826,c2,joesandbox,PARTNER-HOSTING-LTD,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-08 14:28:15", "1637048", "80.66.72.64:443", "ip:port", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "https://tria.ge/251107-2sm3mszmav", "AS215540,c2,donut,GCS-AS,triage", "0", "DonPasci"
"2025-11-08 14:24:23", "1637046", "176.46.141.16:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1808534/0/iochtml", "AS214196,c2,joesandbox,Rhadamanthys,stealer,VLADYLSAV-NAUMETS", "0", "DonPasci"
"2025-11-08 14:16:57", "1637043", "202.71.14.117:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1809349/0/iochtml", "AS43641,c2,joesandbox,Rhadamanthys,SOLLUTIUM-NL,stealer", "0", "DonPasci"
"2025-11-08 14:15:32", "1637042", "93.115.172.166:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1809349/0/iochtml", "AS43641,joesandbox,Rhadamanthys,SOLLUTIUM-NL,stealer", "0", "DonPasci"
"2025-11-08 14:12:43", "1637041", "217.156.66.207:5888", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1809353/0/iochtml", "AS48753,AVAHOHST,c2,joesandbox,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-08 14:11:23", "1637040", "80.97.160.208:5888", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1809353/0/iochtml", "AS48753,AVAHOHST,c2,joesandbox,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-08 14:05:59", "1637036", "78.159.156.87:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1809797/0/iochtml", "AS214943,c2,joesandbox,RAILNET,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-08 14:03:46", "1637034", "196.251.69.183:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1809808/0/iochtml", "AS401120,c2,CHEAPY-HOST,joesandbox,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-08 14:01:34", "1637033", "176.46.141.22:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1810441/0/iochtml", "AS214196,c2,joesandbox,Rhadamanthys,stealer,VLADYLSAV-NAUMETS", "0", "DonPasci"
"2025-11-08 13:59:57", "1637032", "193.23.199.125:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1810443/0/iochtml", "AS210457,c2,joesandbox,KYONIX,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-08 13:58:51", "1637031", "94.74.164.203:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1810444/0/iochtml", "AS214196,c2,joesandbox,Rhadamanthys,stealer,VLADYLSAV-NAUMETS", "0", "DonPasci"
"2025-11-08 13:55:16", "1637029", "176.65.132.69:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "2025-11-09 11:41:30", "100", "https://www.joesandbox.com/analysis/1810536/0/iochtml", "AS51396,c2,joesandbox,PFCLOUD,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-08 13:53:58", "1637028", "80.97.160.155:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1810541/0/iochtml", "AS48753,AVAHOHST,c2,joesandbox,Rhadamanthys,stealer", "0", "DonPasci"
"2025-11-08 12:42:48", "1636997", "160.202.133.137:43269", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://x.com/K_N1kolenko/status/1986764066270884234", "AS60781,c2,LEASEWEB-NL-AMS-01,redline,stealer", "0", "DonPasci"
"2025-11-08 12:42:48", "1636998", "88.214.50.113:55888", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://x.com/K_N1kolenko/status/1986764066270884234", "AS216341,c2,OPTIMA-AS,redline,stealer", "0", "DonPasci"
"2025-11-08 12:36:47", "1636988", "31.57.97.206:4444", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://x.com/K_N1kolenko/status/1986775482184921314", "AS213200,c2,FZINK,xworm", "0", "DonPasci"
"2025-11-08 12:36:47", "1636989", "45.156.87.43:5552", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://x.com/K_N1kolenko/status/1986775482184921314", "AS51396,c2,PFCLOUD,xworm", "0", "DonPasci"
"2025-11-08 12:36:47", "1636990", "85.121.4.92:1604", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://x.com/K_N1kolenko/status/1986775482184921314", "ALEXHOST,AS200019,c2,xworm", "0", "DonPasci"
"2025-11-08 12:36:47", "1636991", "107.175.246.23:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://x.com/K_N1kolenko/status/1986775482184921314", "AS-COLOCROSSING,AS36352,c2,xworm", "0", "DonPasci"
"2025-11-08 12:36:47", "1636992", "157.245.210.115:6781", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://x.com/K_N1kolenko/status/1986775482184921314", "AS14061,c2,DIGITALOCEAN-ASN,xworm", "0", "DonPasci"
"2025-11-08 12:36:47", "1636993", "165.227.150.223:5465", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://x.com/K_N1kolenko/status/1986775482184921314", "AS14061,c2,DIGITALOCEAN-ASN,xworm", "0", "DonPasci"
"2025-11-08 12:36:47", "1636994", "172.245.246.82:2000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://x.com/K_N1kolenko/status/1986775482184921314", "AS-COLOCROSSING,AS36352,c2,xworm", "0", "DonPasci"
"2025-11-08 12:36:47", "1636995", "188.137.178.184:1488", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://x.com/K_N1kolenko/status/1986775482184921314", "AS210895,c2,PODAON-PL-1,xworm", "0", "DonPasci"
"2025-11-08 12:02:47", "1636983", "2.57.241.239:8090", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-11-10 02:45:39", "100", "https://search.censys.io/hosts/2.57.241.239", "AS43180,BianLian,C2,censys,TRUNKNETWORKS-AS", "0", "DonPasci"
"2025-11-08 12:02:12", "1636982", "45.156.87.7:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-11-08 23:00:35", "100", "https://search.censys.io/hosts/45.156.87.7", "AS51396,C2,censys,Hookbot,PFCLOUD", "0", "DonPasci"
"2025-11-08 12:02:10", "1636981", "102.117.162.65:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-10 02:43:04", "100", "https://search.censys.io/hosts/102.117.162.65", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci"
"2025-11-08 12:02:07", "1636980", "88.214.50.85:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/88.214.50.85", "AS216341,C2,censys,OPTIMA-AS,RAT,Sectop", "0", "DonPasci"
"2025-11-08 12:01:50", "1636977", "143.92.32.222:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-11-10 02:43:54", "100", "https://search.censys.io/hosts/143.92.32.222", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,RAT,Remcos", "0", "DonPasci"
"2025-11-08 12:01:50", "1636978", "185.208.158.217:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-11-10 02:44:58", "100", "https://search.censys.io/hosts/185.208.158.217", "AS42624,C2,censys,RAT,Remcos,SWISSNETWORK02", "0", "DonPasci"
"2025-11-08 12:01:46", "1636976", "47.108.197.82:4434", "ip:port", "botnet_cc", "elf.gobrat", "None", "GobRAT", "", "100", "https://search.censys.io/hosts/47.108.197.82", "ALIBABA-CN-NET,AS37963,C2,censys,GobRAT,RAT", "0", "DonPasci"
"2025-11-08 11:59:59", "1636971", "194.68.45.100:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 11:59:59", "1636972", "45.58.183.18:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 11:59:58", "1636963", "23.228.66.219:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 11:59:58", "1636964", "104.152.54.52:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 11:59:58", "1636965", "199.71.214.87:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 11:59:58", "1636966", "172.83.156.122:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 11:59:58", "1636967", "186.233.185.155:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 11:59:58", "1636968", "94.125.182.255:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 11:59:58", "1636969", "45.88.202.250:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 11:59:58", "1636970", "185.243.218.59:6667", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/6d1fe6ab3cd04ca5d1ab790339ee2b6577553bc042af3b7587ece0c195267c9b/", "botnet,irc,ssh", "0", "NDA0E"
"2025-11-08 08:58:10", "1636903", "193.161.193.99:48377", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots"
"2025-11-08 08:57:08", "1636896", "103.133.109.188:1230", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-11-08 08:57:08", "1636897", "198.23.175.60:9898", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-11-08 08:57:08", "1636898", "80.64.19.173:5004", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots"
"2025-11-08 08:46:48", "1636251", "40.160.60.97:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:46:22", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-08 08:46:46", "1636250", "40.160.53.203:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:46:21", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-08 08:46:34", "1636249", "34.202.63.188:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:46:11", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-08 08:45:06", "1636248", "183.232.157.70:46657", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:44:50", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-08 08:44:16", "1636247", "158.69.52.200:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:44:10", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-08 08:43:07", "1636246", "103.161.255.216:20493", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-11-10 02:43:06", "75", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2025-11-08 08:10:25", "1636240", "192.30.240.101:1287", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/3b5662eca92d7837248d35902a9f2f3214f78c10fa3883f78c92a0ac875be452/", "xworm", "0", "abuse_ch"
"2025-11-08 08:01:51", "1636238", "196.251.87.155:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/196.251.87.155", "AS401120,C2,censys,CHEAPY-HOST,Gafgyt,open-dir", "0", "DonPasci"
"2025-11-08 08:01:29", "1636237", "63.177.93.228:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-11-08 11:00:27", "100", "https://search.censys.io/hosts/63.177.93.228", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci"
"2025-11-08 08:01:27", "1636236", "45.155.69.224:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/45.155.69.224", "AS214927,C2,censys,PSB-AS,RAT,Sectop", "0", "DonPasci"
"2025-11-08 08:01:11", "1636235", "18.230.45.123:4444", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-11-10 02:44:48", "100", "https://search.censys.io/hosts/18.230.45.123", "AMAZON-02,AS16509,C2,censys,RAT,Remcos", "0", "DonPasci"
"2025-11-08 08:01:08", "1636234", "47.108.74.39:4434", "ip:port", "botnet_cc", "elf.gobrat", "None", "GobRAT", "", "100", "https://search.censys.io/hosts/47.108.74.39", "ALIBABA-CN-NET,AS37963,C2,censys,GobRAT,RAT", "0", "DonPasci"
"2025-11-08 06:01:44", "1636182", "85.192.42.92:300", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-11-10 02:47:23", "100", "https://tria.ge/251108-d2hyaaaw4e", "AS210644,asyncrat,C2,rat,triage", "0", "DonPasci"
"2025-11-08 04:02:39", "1636170", "3.96.200.29:35057", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-11-10 02:46:08", "100", "https://search.censys.io/hosts/3.96.200.29", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-11-08 04:02:38", "1636169", "16.62.85.86:2181", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-11-10 02:44:14", "100", "https://search.censys.io/hosts/16.62.85.86", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci"
"2025-11-08 04:02:35", "1636168", "47.243.131.179:4449", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-11-08 11:00:34", "100", "https://search.censys.io/hosts/47.243.131.179", "ALIBABA-CN-NET,AS45102,C2,censys,RAT,Venom", "0", "DonPasci"
"2025-11-08 04:02:33", "1636167", "20.196.129.27:80", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-11-08 11:00:30", "100", "https://search.censys.io/hosts/20.196.129.27", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Quasar,RAT", "0", "DonPasci"
"2025-11-08 04:01:42", "1636165", "143.92.32.177:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-11-10 02:43:54", "100", "https://search.censys.io/hosts/143.92.32.177", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,RAT,Remcos", "0", "DonPasci"
"2025-11-08 04:00:51", "1636164", "113.45.205.53:8182", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-11-10 02:48:11", "100", "https://search.censys.io/hosts/113.45.205.53", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci"
# Number of entries: 260