################################################################ # ThreatFox IOCs: recent ip-port - CSV format # # Last updated: 2024-04-24 22:45:16 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2024-04-24 22:45:16", "1262155", "18.158.249.75:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-24 23:03:19", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 22:45:15", "1262154", "3.125.209.94:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 22:45:12", "1262153", "3.125.102.39:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-24 23:03:19", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 22:13:16", "1262152", "45.148.120.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,PHANES-NETWORKS", "0", "drb_ra" "2024-04-24 22:13:11", "1262150", "193.32.179.234:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,FORTIS-AS Hosting services", "0", "drb_ra" "2024-04-24 21:05:01", "1262139", "95.169.196.22:118", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:05:00", "1262140", "185.196.11.177:45", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:05:00", "1262141", "212.70.149.10:35342", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:58", "1262142", "94.156.79.77:3966", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:56", "1262143", "2.58.95.123:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:56", "1262144", "94.156.79.155:5958", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:55", "1262145", "66.187.4.175:1337", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:54", "1262146", "3.121.139.82:12138", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-24 21:04:50", "1262137", "82.205.72.17:8080", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-24 21:04:40", "1262103", "93.123.39.16:1312", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "None", "Mirai", "0", "elfdigest" "2024-04-24 20:38:05", "1262147", "5.230.68.74:443", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "75", "None", "None", "0", "Rony" "2024-04-24 18:51:17", "1262135", "45.88.186.159:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "https://search.censys.io/hosts/45.88.186.159", "RELIABLESITE,SocGholish", "0", "drb_ra" "2024-04-24 18:51:17", "1262136", "45.88.186.159:80", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "https://search.censys.io/hosts/45.88.186.159", "RELIABLESITE,SocGholish", "0", "drb_ra" "2024-04-24 18:50:09", "1262134", "89.208.105.144:80", "ip:port", "botnet_cc", "win.meduza", "None", "Meduza Stealer", "", "50", "https://search.censys.io/hosts/89.208.105.144", "AEZA-AS,Meduza Stealer", "0", "drb_ra" "2024-04-24 18:49:59", "1262133", "20.67.206.46:443", "ip:port", "botnet_cc", "win.pikabot", "None", "Pikabot", "", "50", "https://search.censys.io/hosts/20.67.206.46", "MICROSOFT-CORP-MSN-AS-BLOCK,Pikabot", "0", "drb_ra" "2024-04-24 18:49:42", "1262132", "47.94.88.4:8889", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/47.94.88.4", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell", "0", "drb_ra" "2024-04-24 18:49:41", "1262131", "47.94.88.4:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/47.94.88.4", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell", "0", "drb_ra" "2024-04-24 18:49:36", "1262130", "104.194.79.234:8044", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/104.194.79.234", "IT7NET,Supershell", "0", "drb_ra" "2024-04-24 18:49:15", "1262129", "8.213.212.170:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/8.213.212.170", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Supershell", "0", "drb_ra" "2024-04-24 18:49:06", "1262128", "43.129.31.59:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/43.129.31.59", "Supershell,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-24 18:49:00", "1262127", "18.166.176.116:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/18.166.176.116", "AMAZON-02,Supershell", "0", "drb_ra" "2024-04-24 18:48:25", "1262126", "130.63.213.199:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/130.63.213.199", "Qakbot,YORKU-AS", "0", "drb_ra" "2024-04-24 18:48:11", "1262125", "35.72.161.191:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/35.72.161.191", "AMAZON-02,Responder", "0", "drb_ra" "2024-04-24 18:47:48", "1262124", "103.82.132.120:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/103.82.132.120", "CLOUDFLY-VN CLOUDFLY CORPORATION,Havoc", "0", "drb_ra" "2024-04-24 18:47:47", "1262123", "103.82.132.120:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/103.82.132.120", "CLOUDFLY-VN CLOUDFLY CORPORATION,Havoc", "0", "drb_ra" "2024-04-24 18:47:42", "1262122", "143.198.237.101:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/143.198.237.101", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-04-24 18:47:20", "1262121", "195.123.226.83:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/195.123.226.83", "Havoc,ITL-BG", "0", "drb_ra" "2024-04-24 18:47:07", "1262120", "92.243.64.130:28002", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220eb3668ca29c7282383a6f007feaecb473382c5c0a09815ca110e8faeefb8b25%22", "Bianlian Go Trojan,M247", "0", "drb_ra" "2024-04-24 18:47:04", "1262119", "62.233.57.237:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225af1418e83a7eff292165b639f1c2757511f9cedadafe808f857736e9d82fd24%22", "Bianlian Go Trojan,GREENFLOID-AS", "0", "drb_ra" "2024-04-24 18:46:21", "1262118", "213.87.44.192:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/213.87.44.192", "Deimos,MTSNET Moscow Russia", "0", "drb_ra" "2024-04-24 18:46:14", "1262117", "219.144.98.12:4506", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/219.144.98.12", "CHINANET-IDC-SN China Telecom Group,Deimos", "0", "drb_ra" "2024-04-24 18:46:09", "1262116", "98.98.118.81:4505", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/98.98.118.81", "Deimos,ZEN-ECN", "0", "drb_ra" "2024-04-24 18:45:43", "1262115", "217.237.87.199:3389", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/217.237.87.199", "Covenant,DTAG Internet service provider operations", "0", "drb_ra" "2024-04-24 15:26:51", "1262102", "193.233.132.139:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "https://app.any.run/tasks/0b56b793-ed22-4d78-ae02-7ed46294f9cf/", "AS216319,c2,SUNHOST-AS", "0", "DonPasci" "2024-04-24 15:22:01", "1262100", "185.62.58.73:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/185.62.58.73", "AS62370,c2,censys,HAVOC,NL,SNEL", "0", "DonPasci" "2024-04-24 15:17:21", "1262099", "82.153.64.23:9999", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/82.153.64.23", "AS197649,c2,censys,RAT,SERVERSGAME", "0", "DonPasci" "2024-04-24 15:15:28", "1262006", "46.246.84.12:1994", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-24 17:20:32", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 15:12:37", "1261864", "139.162.178.159:2003", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/139.162.178.159", "AKAMAI-LINODE-AP,AS63949,c2,censys,RAT", "0", "DonPasci" "2024-04-24 15:11:00", "1261863", "78.40.117.167:4444", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/78.40.117.167", "ALEXHOST,AS200019,c2,censys,RAT", "0", "DonPasci" "2024-04-24 15:10:05", "1261862", "139.99.133.66:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/2f7971748b7db79bdd724861d1b463b0489b790b9e60e733dea409f73abf9539/", "asyncrat", "0", "abuse_ch" "2024-04-24 15:10:04", "1261861", "139.99.133.66:4444", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/2f7971748b7db79bdd724861d1b463b0489b790b9e60e733dea409f73abf9539/", "remcos", "0", "abuse_ch" "2024-04-24 15:04:19", "1261860", "146.70.198.22:60129", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-24 15:02:22", "1261859", "187.135.122.191:2022", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.122.191", "AS8151,c2,censys,DarkComet,UNINET", "0", "DonPasci" "2024-04-24 14:51:03", "1261857", "18.162.61.95:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/18.162.61.95", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-24 14:47:42", "1261854", "3.139.18.182:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.139.18.182", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-1236301411", "0", "DonPasci" "2024-04-24 14:42:51", "1261853", "202.146.220.4:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/202.146.220.4", "AS64050,BCPL-SG,c2,censys,CobaltStrike", "0", "DonPasci" "2024-04-24 14:37:51", "1261852", "123.249.36.186:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.249.36.186", "AS55990,c2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2024-04-24 14:35:02", "1261850", "116.205.188.138:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/116.205.188.138", "AS55990,c2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2024-04-24 14:30:50", "1261848", "8.130.70.205:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.130.70.205", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-24 14:27:51", "1261847", "101.34.87.236:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.34.87.236", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-24 13:08:20", "1261845", "165.227.108.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-970865301,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:07:44", "1261841", "47.92.131.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-24 13:06:42", "1261834", "173.211.46.172:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Datacamp Limited", "0", "drb_ra" "2024-04-24 13:06:30", "1261832", "61.240.29.215:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CHINA UNICOM China169 Backbone,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 13:03:55", "1261819", "156.224.20.92:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Aodao Inc,CobaltStrike,cs-watermark-100000", "0", "drb_ra" "2024-04-24 13:01:41", "1261800", "23.102.7.180:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1622004588,Microsoft Corporation", "0", "drb_ra" "2024-04-24 13:01:09", "1261795", "18.166.113.176:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Amazon.com Inc.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-24 13:00:48", "1261793", "154.213.17.138:90", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Hong Kong FireLine Network LTD", "0", "drb_ra" "2024-04-24 11:50:19", "1261788", "192.144.128.196:1994", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2024-04-24 10:18:40", "1261783", "120.46.91.175:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,HWCSNET Huawei Cloud Service data center", "0", "drb_ra" "2024-04-24 10:18:35", "1261781", "39.100.79.87:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 10:18:24", "1261779", "39.100.109.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 09:10:17", "1261776", "103.113.70.99:2630", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-24 10:05:27", "100", "None", "RedLineStealer", "0", "abuse_ch" "2024-04-24 09:02:11", "1261774", "45.88.90.30:43957", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "https://bazaar.abuse.ch/sample/21f1caac3024e9d7424612573dd8523ad3f877c95674e1562f2171a2b5ce21c1/", "MooBot", "0", "abuse_ch" "2024-04-24 08:01:21", "1261766", "107.148.1.41:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666,PEG TECH INC", "0", "drb_ra" "2024-04-24 07:48:47", "1261763", "93.123.85.131:1337", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "c2,moobot", "0", "abus3reports" "2024-04-24 07:31:11", "1261755", "45.88.90.30:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-04-24 07:31:11", "1261756", "45.88.90.17:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-04-24 07:31:11", "1261757", "89.169.55.166:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-04-24 07:31:11", "1261758", "91.92.240.43:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-04-24 07:15:20", "1261754", "5.42.66.10:50505", "ip:port", "botnet_cc", "win.risepro", "None", "RisePro", "", "100", "None", "RiseProStealer", "0", "abuse_ch" "2024-04-24 06:49:15", "1261753", "45.150.64.135:80", "ip:port", "botnet_cc", "win.meduza", "None", "Meduza Stealer", "", "50", "https://search.censys.io/hosts/45.150.64.135", "Meduza Stealer,STARK-INDUSTRIES", "0", "drb_ra" "2024-04-24 06:48:05", "1261752", "95.179.190.134:23954", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/95.179.190.134", "AS-CHOOPA,AS20473,c2,censys,CobaltStrike", "0", "DonPasci" "2024-04-24 06:48:00", "1261751", "96.70.92.177:465", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/96.70.92.177", "CMCS,Qakbot", "0", "drb_ra" "2024-04-24 06:47:46", "1261750", "122.100.188.124:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/122.100.188.124", "CTM-MO Companhia de Telecomunicacoes de Macau SARL,Responder", "0", "drb_ra" "2024-04-24 06:47:00", "1261749", "158.160.87.195:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fddcd93905a11dba9d326552f27b9a9f26d0dd241d7ee5d1353c2064da8b90aa%22", "Bianlian Go Trojan,YANDEXCLOUD", "0", "drb_ra" "2024-04-24 06:46:41", "1261748", "80.82.76.14:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/80.82.76.14", "AS202425,c2,censys,CobaltStrike,cs-watermark-987654321,INT-NETWORK", "0", "DonPasci" "2024-04-24 06:46:20", "1261747", "140.249.32.157:4506", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/140.249.32.157", "CHINATELECOM-SHANDONG-QINGDAO-IDC Qingdao266000,Deimos", "0", "drb_ra" "2024-04-24 06:38:33", "1261746", "123.57.183.22:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.57.183.22", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-24 06:37:15", "1261745", "101.200.197.134:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.200.197.134", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-24 06:36:02", "1261744", "47.116.170.61:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.116.170.61", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-24 03:28:24", "1261226", "45.156.23.149:80", "ip:port", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "", "None", "1", "gregojff" "2024-04-24 03:28:23", "1261227", "45.156.23.186:80", "ip:port", "payload_delivery", "win.amadey", "None", "Amadey", "2024-04-23 22:37:31", "50", "", "None", "1", "gregojff" "2024-04-24 03:28:23", "1261228", "193.176.190.43:80", "ip:port", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "", "None", "1", "gregojff" "2024-04-24 03:28:23", "1261229", "193.242.145.129:80", "ip:port", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "", "None", "1", "gregojff" "2024-04-24 03:28:22", "1261230", "195.211.124.144:80", "ip:port", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "", "None", "1", "gregojff" "2024-04-24 03:28:22", "1261231", "194.116.214.7:80", "ip:port", "payload_delivery", "win.amadey", "None", "Amadey", "", "50", "", "None", "1", "gregojff" "2024-04-24 03:27:48", "1261740", "46.246.14.10:1994", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-24 03:27:38", "1260989", "3.6.98.232:15030", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-24 03:27:38", "1260990", "3.6.30.85:15030", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-24 03:27:38", "1260998", "3.6.122.107:15030", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-24 03:27:37", "1261000", "154.53.42.53:8847", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "None", "0", "MarsT" "2024-04-24 03:27:37", "1261006", "3.6.115.182:10651", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-24 03:27:36", "1261007", "3.6.98.232:10651", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-24 03:27:36", "1261008", "3.6.122.107:10651", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-24 03:27:35", "1261009", "3.6.30.85:10651", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-24 02:58:01", "1261743", "60.205.245.29:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-24 01:05:14", "1261739", "91.92.252.220:1337", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "RedLineStealer", "0", "abuse_ch" "2024-04-24 00:25:13", "1261738", "193.233.132.47:50500", "ip:port", "botnet_cc", "win.risepro", "None", "RisePro", "", "100", "None", "RiseProStealer", "0", "abuse_ch" "2024-04-23 22:12:09", "1261004", "45.144.3.139:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ASBAXET,CobaltStrike,cs-watermark-1234567890", "0", "drb_ra" "2024-04-23 22:12:03", "1261002", "60.205.245.29:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-23 20:38:12", "1260994", "193.37.69.112:443", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "75", "None", "None", "0", "Rony" "2024-04-23 20:38:12", "1260995", "193.168.143.19:443", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "75", "None", "None", "0", "Rony" "2024-04-23 20:38:11", "1260993", "45.129.199.246:443", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "75", "None", "None", "0", "Rony" "2024-04-23 19:45:30", "1260988", "62.60.130.8:10000", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2024-04-23 22:40:57", "100", "https://search.censys.io/hosts/62.60.130.8", "AS59441,c2,censys,HOSTIRAN-NETWORK,RAT", "0", "DonPasci" "2024-04-23 19:42:27", "1260986", "47.96.107.37:8082", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/47.96.107.37", "ALIBABA-CN-NET,AS37963,c2,censys,RAT,Vshell", "0", "DonPasci" "2024-04-23 19:36:01", "1260985", "213.252.247.202:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2024-04-23 22:38:39", "100", "https://search.censys.io/hosts/213.252.247.202", "AS61272,c2,censys,IST-AS,RAT", "0", "DonPasci" "2024-04-23 19:36:00", "1260984", "213.252.247.202:222", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2024-04-23 22:38:39", "100", "https://search.censys.io/hosts/213.252.247.202", "AS61272,c2,censys,IST-AS,RAT", "0", "DonPasci" "2024-04-23 19:33:34", "1260983", "156.195.128.36:8000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2024-04-23 22:39:18", "100", "https://search.censys.io/hosts/156.195.128.36", "AS8452,c2,censys,RAT,TE-AS TE-AS", "0", "DonPasci" "2024-04-23 19:32:25", "1260982", "128.90.103.36:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2024-04-23 22:38:03", "100", "https://search.censys.io/hosts/128.90.103.36", "AS40861,c2,censys,PARAD-40-ASN,RAT", "0", "DonPasci" "2024-04-23 19:31:22", "1260981", "85.97.168.208:20000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2024-04-23 22:38:40", "100", "https://search.censys.io/hosts/85.97.168.208", "AS9121,c2,censys,RAT,TTNET", "0", "DonPasci" "2024-04-23 19:23:15", "1260979", "185.229.237.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:29:28", "100", "https://search.censys.io/hosts/185.229.237.201", "AS60798,ASSERVEREASY,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-23 19:20:50", "1260978", "94.156.68.3:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:35:52", "100", "https://search.censys.io/hosts/94.156.68.3", "AS394711,c2,censys,CobaltStrike,cs-watermark-100000,LIMENET,NL", "0", "DonPasci" "2024-04-23 19:20:49", "1260977", "94.156.68.3:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:35:52", "100", "https://search.censys.io/hosts/94.156.68.3", "AS394711,c2,censys,CobaltStrike,cs-watermark-100000,LIMENET,NL", "0", "DonPasci" "2024-04-23 19:19:00", "1260975", "172.247.44.182:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:31:16", "100", "https://search.censys.io/hosts/172.247.44.182", "AS40065,c2,censys,CNSERVERS,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-23 19:19:00", "1260976", "154.198.194.220:8089", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:10", "100", "https://search.censys.io/hosts/172.247.44.182", "AS40065,c2,censys,CNSERVERS,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-23 19:16:46", "1260974", "117.72.39.83:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/117.72.39.83", "AS141679,c2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-23 19:15:03", "1260973", "117.72.65.27:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:34:38", "100", "https://search.censys.io/hosts/117.72.65.27", "AS141679,c2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2024-04-23 19:13:31", "1260971", "148.135.46.9:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:08", "100", "https://search.censys.io/hosts/148.135.46.9", "AS35916,c2,censys,CobaltStrike,cs-watermark-100000,MULTA-ASN1", "0", "DonPasci" "2024-04-23 19:13:31", "1260972", "148.135.46.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:09", "100", "https://search.censys.io/hosts/148.135.46.9", "AS35916,c2,censys,CobaltStrike,cs-watermark-100000,MULTA-ASN1", "0", "DonPasci" "2024-04-23 19:09:33", "1260969", "170.130.55.123:444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:29:26", "100", "https://search.censys.io/hosts/170.130.55.123", "AS62904,c2,censys,CobaltStrike,cs-watermark-1158277545", "0", "DonPasci" "2024-04-23 19:07:45", "1260967", "103.146.141.15:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:31:44", "100", "https://search.censys.io/hosts/103.146.141.15", "AS142403,c2,censys,CobaltStrike,cs-watermark-987654321,YISUCLOUDLTD-HK", "0", "DonPasci" "2024-04-23 19:07:45", "1260968", "154.92.18.140:54321", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/103.146.141.15", "AS142403,c2,censys,CobaltStrike,cs-watermark-987654321,YISUCLOUDLTD-HK", "0", "DonPasci" "2024-04-23 19:05:11", "1260966", "114.116.50.214:59527", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/114.116.50.214", "AS4808,c2,censys,CHINA169-BJ,CobaltStrike", "0", "DonPasci" "2024-04-23 19:02:46", "1260965", "118.193.62.169:3036", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:14", "100", "https://search.censys.io/hosts/118.193.62.169", "AS135377,c2,censys,CobaltStrike,cs-watermark-987654321,UCLOUD-HK-AS-AP", "0", "DonPasci" "2024-04-23 19:01:24", "1260964", "101.36.117.53:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:33:06", "100", "https://search.censys.io/hosts/101.36.117.53", "AS135377,c2,censys,CobaltStrike,cs-watermark-987654321,UCLOUD-HK-AS-AP", "0", "DonPasci" "2024-04-23 18:58:59", "1260963", "18.144.30.84:8848", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/18.144.30.84", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-426352781", "0", "DonPasci" "2024-04-23 18:52:18", "1260961", "18.166.113.176:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:33:19", "100", "https://search.censys.io/hosts/18.166.113.176", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-23 18:50:21", "1260960", "54.249.71.250:8005", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:31:42", "100", "https://search.censys.io/hosts/54.249.71.250", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-23 18:50:14", "1260959", "185.216.70.211:50555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/185.216.70.211", "Hookbot Pegasus,NETRESEARCH", "0", "drb_ra" "2024-04-23 18:49:33", "1260958", "104.214.168.71:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2024-04-23 22:37:28", "50", "https://search.censys.io/hosts/104.214.168.71", "MICROSOFT-CORP-MSN-AS-BLOCK,Supershell", "0", "drb_ra" "2024-04-23 18:49:06", "1260957", "139.84.234.159:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2024-04-23 22:36:22", "50", "https://search.censys.io/hosts/139.84.234.159", "AS-CHOOPA,Supershell", "0", "drb_ra" "2024-04-23 18:48:29", "1260956", "176.44.95.96:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/176.44.95.96", "Qakbot,SAUDINETSTC-AS", "0", "drb_ra" "2024-04-23 18:48:26", "1260955", "85.107.24.39:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/85.107.24.39", "Qakbot,TTNET", "0", "drb_ra" "2024-04-23 18:48:02", "1260954", "122.248.198.64:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/122.248.198.64", "AMAZON-02,Havoc", "0", "drb_ra" "2024-04-23 18:47:57", "1260953", "178.128.22.83:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2024-04-23 22:41:42", "50", "https://search.censys.io/hosts/178.128.22.83", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-04-23 18:47:08", "1260952", "66.135.9.239:3232", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/66.135.9.239", "AS-CHOOPA,AS20473,c2,censys,CobaltStrike,cs-watermark-699105859", "0", "DonPasci" "2024-04-23 18:46:14", "1260951", "62.210.188.78:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/62.210.188.78", "Mythic,Online SAS", "0", "drb_ra" "2024-04-23 18:45:40", "1260950", "172.96.137.224:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://search.censys.io/hosts/172.96.137.224", "SHOCK-1,Sliver", "0", "drb_ra" "2024-04-23 18:45:29", "1260949", "144.208.127.115:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://search.censys.io/hosts/144.208.127.115", "SHOCK-1,Sliver", "0", "drb_ra" "2024-04-23 18:45:28", "1260948", "144.208.127.115:37821", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://search.censys.io/hosts/144.208.127.115", "SHOCK-1,Sliver", "0", "drb_ra" "2024-04-23 18:44:10", "1260947", "20.2.202.15:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:29:24", "100", "https://search.censys.io/hosts/20.2.202.15", "AS8075,c2,censys,CobaltStrike,cs-watermark-987654321,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2024-04-23 18:39:14", "1260946", "43.130.252.161:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:33:59", "100", "https://search.censys.io/hosts/43.130.252.161", "AS132203,c2,censys,CobaltStrike,cs-watermark-100000,TENCENT-NET-AP-CN", "0", "DonPasci" "2024-04-23 18:30:59", "1260944", "107.175.115.199:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:30:33", "100", "https://search.censys.io/hosts/107.175.115.199", "AS-COLOCROSSING,AS36352,c2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2024-04-23 18:29:33", "1260943", "23.94.133.100:6001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:34:39", "100", "https://search.censys.io/hosts/23.94.133.100", "AS-COLOCROSSING,AS36352,c2,censys,CobaltStrike,cs-watermark-1359593325", "0", "DonPasci" "2024-04-23 18:24:48", "1260941", "138.68.87.151:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:31:39", "100", "https://search.censys.io/hosts/138.68.87.151", "AS14061,c2,censys,CobaltStrike,cs-watermark-323058833,DIGITALOCEAN-ASN", "0", "DonPasci" "2024-04-23 18:21:15", "1260940", "139.9.35.75:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:42", "100", "https://search.censys.io/hosts/139.9.35.75", "AS55990,c2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2024-04-23 18:18:39", "1260939", "139.196.174.180:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/139.196.174.180", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci" "2024-04-23 18:16:54", "1260938", "139.196.154.253:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:34:33", "100", "https://search.censys.io/hosts/139.196.154.253", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-23 18:15:41", "1260937", "123.57.58.184:60000", "ip:port", "botnet_cc", "apk.viper_rat", "None", "Viper RAT", "", "100", "https://search.censys.io/hosts/123.57.58.184", "viper", "0", "DonPasci" "2024-04-23 18:15:10", "1260936", "123.57.58.184:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:35:17", "100", "https://search.censys.io/hosts/123.57.58.184", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2024-04-23 18:14:15", "1260935", "121.199.43.12:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:30:52", "100", "https://search.censys.io/hosts/121.199.43.12", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-0", "0", "DonPasci" "2024-04-23 18:12:50", "1260934", "120.25.2.115:8000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:31:27", "100", "https://search.censys.io/hosts/120.25.2.115", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-23 18:11:53", "1260933", "59.110.126.110:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:33:50", "100", "https://search.censys.io/hosts/59.110.126.110", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-23 18:11:00", "1260932", "47.120.63.146:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:29:30", "100", "https://search.censys.io/hosts/47.120.63.146", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-23 18:10:03", "1260931", "47.120.32.46:10152", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:34:39", "100", "https://search.censys.io/hosts/47.120.32.46", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-23 18:09:08", "1260930", "47.117.156.10:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:52", "100", "https://search.censys.io/hosts/47.117.156.10", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-23 18:08:11", "1260929", "47.98.251.131:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:30:38", "100", "https://search.censys.io/hosts/47.98.251.131", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-23 18:07:17", "1260917", "43.153.202.176:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-23 18:07:10", "1260914", "8.137.93.215:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:31:42", "100", "https://search.censys.io/hosts/8.137.93.215", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2024-04-23 18:06:47", "1260909", "42.193.117.162:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:30:48", "100", "None", "CobaltStrike,cs-watermark-1234567890,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 18:06:41", "1260907", "43.136.176.207:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:35:55", "100", "None", "CobaltStrike,cs-watermark-0,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 18:06:35", "1260904", "193.112.85.116:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:34:07", "100", "None", "CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 18:06:11", "1260899", "119.45.171.159:8889", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:26", "100", "None", "CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 18:06:06", "1260897", "8.134.113.161:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:35:41", "100", "https://search.censys.io/hosts/8.134.113.161", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-23 18:05:49", "1260893", "80.66.75.9:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,GRIZ-INET-SERVICE", "0", "drb_ra" "2024-04-23 18:05:43", "1260890", "101.201.54.74:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:33:18", "100", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-23 18:05:18", "1260885", "119.45.171.159:5555", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 18:05:10", "1260884", "101.33.192.242:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 18:04:55", "1260879", "139.144.33.158:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Akamai Connected Cloud,CobaltStrike,cs-watermark-1757407123", "0", "drb_ra" "2024-04-23 18:04:46", "1260876", "120.55.36.136:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-23 18:04:43", "1260874", "119.45.171.159:6666", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 18:04:38", "1260873", "43.136.38.59:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1580103824,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 18:03:28", "1260870", "103.97.58.61:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:34:05", "100", "None", "CobaltStrike,cs-watermark-987654321,Henan Angran Cloud Computing Technology Co. Ltd", "0", "drb_ra" "2024-04-23 18:03:10", "1260866", "104.248.6.246:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,DigitalOcean LLC", "0", "drb_ra" "2024-04-23 18:03:01", "1260863", "38.34.166.53:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Enzu Inc", "0", "drb_ra" "2024-04-23 18:02:34", "1260857", "111.92.243.236:8083", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,HFTCL-AS-AP High Family Technology Co. Limited", "0", "drb_ra" "2024-04-23 18:02:24", "1260854", "46.101.137.168:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1368851023,DigitalOcean LLC", "0", "drb_ra" "2024-04-23 18:01:40", "1260844", "124.222.218.72:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:34:03", "100", "https://search.censys.io/hosts/124.222.218.72", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 18:01:39", "1260843", "5.188.86.28:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1580103824,Global Layer B.V.", "0", "drb_ra" "2024-04-23 18:00:30", "1260828", "103.143.208.215:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Viet Solutions Services Trading Company Limited", "0", "drb_ra" "2024-04-23 18:00:08", "1260823", "123.206.126.95:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:31:50", "100", "https://search.censys.io/hosts/123.206.126.95", "AS45090,c2,censys,CobaltStrike,cs-watermark-666666,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 18:00:00", "1260821", "119.45.171.159:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 17:59:07", "1260820", "118.89.72.82:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:33:44", "100", "https://search.censys.io/hosts/118.89.72.82", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:58:02", "1260819", "115.159.62.32:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:32", "100", "https://search.censys.io/hosts/115.159.62.32", "AS45090,c2,censys,CobaltStrike,cs-watermark-426352781,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:55:49", "1260818", "101.42.1.218:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:31:56", "100", "https://search.censys.io/hosts/101.42.1.218", "AS45090,c2,censys,CobaltStrike,cs-watermark-666666,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:54:09", "1260817", "101.34.70.89:9000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:30:00", "100", "https://search.censys.io/hosts/101.34.70.89", "AS45090,c2,censys,CobaltStrike,cs-watermark-100000,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:27:25", "1260816", "81.70.236.105:60000", "ip:port", "botnet_cc", "apk.viper_rat", "None", "Viper RAT", "", "100", "https://search.censys.io/hosts/81.70.236.105", "viper", "0", "DonPasci" "2024-04-23 17:27:00", "1260815", "81.70.236.105:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/81.70.236.105", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:25:28", "1260814", "49.235.187.155:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:30:08", "100", "https://search.censys.io/hosts/49.235.187.155", "AS45090,c2,censys,CobaltStrike,cs-watermark-100000,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:23:47", "1260813", "49.233.211.19:60000", "ip:port", "botnet_cc", "apk.viper_rat", "None", "Viper RAT", "", "100", "https://search.censys.io/hosts/49.233.211.19", "viper", "0", "DonPasci" "2024-04-23 17:23:23", "1260811", "49.233.211.19:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:16", "100", "https://search.censys.io/hosts/49.233.211.19", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:23:23", "1260812", "49.233.211.19:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/49.233.211.19", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:22:01", "1260810", "43.136.109.223:60000", "ip:port", "botnet_cc", "apk.viper_rat", "None", "Viper RAT", "", "100", "https://search.censys.io/hosts/43.136.109.223", "viper", "0", "DonPasci" "2024-04-23 17:21:12", "1260809", "43.136.109.223:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.136.109.223", "AS45090,c2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:20:02", "1260808", "1.13.19.92:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:33:56", "100", "https://search.censys.io/hosts/1.13.19.92", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-23 17:17:00", "1260807", "103.254.73.249:63305", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/103.254.73.249", "AS205960,c2,censys,KIDC,RAT", "0", "DonPasci" "2024-04-23 17:15:57", "1260806", "103.254.73.248:63305", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/103.254.73.248", "AS205960,c2,censys,KIDC,RAT", "0", "DonPasci" "2024-04-23 16:40:07", "1260802", "94.156.8.44:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/095a10fc0b992d28fd110516164eb608316a7d2bded28a2e0bd7aa66e895197c/", "asyncrat", "0", "abuse_ch" "2024-04-23 16:40:06", "1260801", "94.156.8.44:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/095a10fc0b992d28fd110516164eb608316a7d2bded28a2e0bd7aa66e895197c/", "asyncrat", "0", "abuse_ch" "2024-04-23 16:40:05", "1260800", "94.156.10.12:80", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/095a10fc0b992d28fd110516164eb608316a7d2bded28a2e0bd7aa66e895197c/", "asyncrat", "0", "abuse_ch" "2024-04-23 16:40:04", "1260799", "94.156.10.12:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/095a10fc0b992d28fd110516164eb608316a7d2bded28a2e0bd7aa66e895197c/", "asyncrat", "0", "abuse_ch" "2024-04-23 16:11:25", "1260559", "94.156.79.77:33966", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-24 14:00:05", "75", "None", "Mirai", "0", "elfdigest" "2024-04-23 15:11:44", "1260579", "217.15.168.60:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:43", "1260574", "158.51.96.17:1025", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:43", "1260575", "185.102.172.136:999", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:43", "1260576", "188.212.100.60:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:43", "1260577", "193.187.174.244:2052", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:43", "1260578", "209.141.44.84:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:42", "1260567", "45.128.232.210:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:42", "1260568", "45.131.64.78:2052", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:42", "1260569", "82.165.230.58:3000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:42", "1260570", "91.92.252.74:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:42", "1260571", "94.156.79.33:10000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:42", "1260572", "149.56.79.119:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:42", "1260573", "152.42.239.228:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:41", "1260561", "2.58.95.133:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:41", "1260562", "15.204.18.234:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:41", "1260563", "15.235.149.59:666", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:41", "1260564", "15.235.149.123:888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:41", "1260565", "37.114.56.22:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 15:11:41", "1260566", "45.128.232.12:1337", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,http-api,ssh-c2", "0", "abus3reports" "2024-04-23 14:07:17", "1260518", "65.191.34.123:6000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2024-04-23 22:42:54", "75", "", "venomrat", "1", "embee_research" "2024-04-23 14:07:17", "1260528", "188.49.116.130:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "75", "", "qakbot", "1", "embee_research" "2024-04-23 14:07:14", "1260532", "65.21.119.50:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2024-04-23 14:07:09", "1260557", "147.78.103.228:10134", "ip:port", "botnet_cc", "win.orcus_rat", "Schnorchel", "Orcus RAT", "", "100", "https://bazaar.abuse.ch/sample/31f17bf44fd2ce3fb0fde898d5bea0c35d18c82d3e2e9fcdae3cb8cd9f9fffb4/", "None", "0", "NDA0N" "2024-04-23 13:00:43", "1260543", "45.136.15.175:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:20", "100", "None", "CobaltStrike,cs-watermark-987654321,LUCID-AS-AP LUCIDACLOUD LIMITED", "0", "drb_ra" "2024-04-23 13:00:23", "1260541", "101.42.228.86:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:33:54", "100", "None", "CobaltStrike,cs-watermark-100000,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 13:00:13", "1260539", "148.135.72.115:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:47", "100", "None", "CobaltStrike,cs-watermark-987654321,MULTA-ASN1", "0", "drb_ra" "2024-04-23 10:12:53", "1260527", "106.75.174.5:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,CT-GUANGZHOU-IDC CHINANET Guangdong province network", "0", "drb_ra" "2024-04-23 10:12:49", "1260525", "45.136.15.175:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:32:19", "100", "None", "CobaltStrike,cs-watermark-987654321,LUCID-AS-AP LUCIDACLOUD LIMITED", "0", "drb_ra" "2024-04-23 10:12:44", "1260523", "139.196.174.180:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-23 22:30:29", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-0", "0", "drb_ra" "2024-04-23 10:12:19", "1260520", "148.135.72.115:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,MULTA-ASN1", "0", "drb_ra" "2024-04-23 09:38:13", "1260517", "91.92.245.231:64418", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-23 08:47:58", "1260516", "193.35.18.127:19286", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "75", "None", "Gafgyt", "0", "elfdigest" "2024-04-23 07:56:18", "1260514", "91.92.241.122:39361", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-23 08:05:29", "100", "None", "RedLineStealer", "0", "abuse_ch" "2024-04-23 06:49:47", "1260513", "45.142.212.16:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.142.212.16", "Hookbot Pegasus,STARK-INDUSTRIES", "0", "drb_ra" "2024-04-23 06:49:41", "1260512", "94.156.64.148:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/94.156.64.148", "Hookbot Pegasus,LIMENET", "0", "drb_ra" "2024-04-23 06:49:37", "1260511", "23.254.144.29:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/23.254.144.29", "Hookbot Pegasus,HOSTWINDS", "0", "drb_ra" "2024-04-23 06:49:20", "1260510", "43.198.238.210:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2024-04-23 22:37:50", "50", "https://search.censys.io/hosts/43.198.238.210", "AMAZON-02,Supershell", "0", "drb_ra" "2024-04-23 06:49:12", "1260509", "117.72.38.14:8008", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2024-04-23 22:37:42", "50", "https://search.censys.io/hosts/117.72.38.14", "Supershell", "0", "drb_ra" "2024-04-23 06:49:09", "1260508", "104.214.168.52:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2024-04-23 22:37:33", "50", "https://search.censys.io/hosts/104.214.168.52", "MICROSOFT-CORP-MSN-AS-BLOCK,Supershell", "0", "drb_ra" "2024-04-23 06:48:34", "1260507", "117.72.64.94:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2024-04-23 22:36:26", "50", "https://search.censys.io/hosts/117.72.64.94", "Supershell", "0", "drb_ra" "2024-04-23 06:48:30", "1260506", "124.221.56.114:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2024-04-23 22:36:45", "50", "https://search.censys.io/hosts/124.221.56.114", "Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-23 06:48:15", "1260505", "46.246.84.12:6000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2024-04-23 22:43:55", "50", "https://search.censys.io/hosts/46.246.84.12", "DcRat,PORTLANE www.portlane.com", "0", "drb_ra" "2024-04-23 06:47:55", "1260504", "151.30.238.53:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2024-04-23 10:15:00", "50", "https://search.censys.io/hosts/151.30.238.53", "ASN-WINDTRE IUNET,Qakbot", "0", "drb_ra" "2024-04-23 06:47:51", "1260503", "189.175.199.252:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/189.175.199.252", "Qakbot,UNINET", "0", "drb_ra" "2024-04-23 06:47:18", "1260502", "103.215.80.54:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2024-04-23 22:41:27", "50", "https://search.censys.io/hosts/103.215.80.54", "CLOUDIE-AS-AP Cloudie Limited,Havoc", "0", "drb_ra" "2024-04-23 06:45:57", "1260501", "3.76.124.183:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/3.76.124.183", "AMAZON-02,Mythic", "0", "drb_ra" "2024-04-23 06:45:49", "1260500", "45.55.38.40:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.55.38.40", "DIGITALOCEAN-ASN,Mythic", "0", "drb_ra" "2024-04-23 06:24:52", "1260473", "116.203.7.96:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-23 06:24:52", "1260474", "95.217.9.149:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-23 06:24:52", "1260475", "95.217.240.166:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-23 06:24:51", "1260468", "95.217.244.99:5432", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-23 06:24:51", "1260469", "95.217.244.99:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-23 06:24:51", "1260470", "49.13.224.6:5432", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-23 06:24:51", "1260471", "65.109.241.217:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-23 06:24:51", "1260472", "116.202.177.31:5432", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2024-04-23 05:26:12", "1260457", "77.221.149.0:5428", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "RedLineStealer", "0", "abuse_ch" "2024-04-23 05:22:35", "1260426", "194.163.130.194:443", "ip:port", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "PowershellEmpire", "0", "NDA0N" "2024-04-23 05:22:33", "1260430", "5.42.65.96:28380", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "infostealer,redline,stealer", "0", "SarlackLab" "2024-04-23 05:22:32", "1260431", "46.246.6.20:1994", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-23 05:22:31", "1260452", "41.200.95.182:5552", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-23 05:22:28", "1260454", "91.92.252.191:5667", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-23 02:25:55", "75", "", "binware,catDDoS,kane", "1", "skidreporter" "2024-04-23 05:22:27", "1260455", "91.92.252.238:5667", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-23 02:25:55", "75", "", "binware,catDDoS,kane", "1", "skidreporter" "2024-04-23 05:21:12", "1260456", "103.95.97.149:4444", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "None", "Meterpreter", "0", "abuse_ch" # Number of entries: 271