################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-12-05 03:27:36 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-12-05 03:27:36", "1667880", "wind.silverh1ll.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 03:29:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 03:17:19", "1667879", "fqz.silverh1ll.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 03:18:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 03:08:07", "1667877", "8q1qk.silverh1ll.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 03:10:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:58:17", "1667876", "cloud.silverh1ll.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:59:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:48:39", "1667875", "116.230.254.66:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-05 02:48:19", "1667874", "www.vxucqb.dpdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-05 02:47:57", "1667873", "leaf.s0ftbyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:49:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:45:17", "1667872", "23.132.164.55:5763", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-12-05 02:37:40", "1667871", "spark.s0ftbyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:38:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:27:55", "1667870", "4vc.s0ftbyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:29:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:17:36", "1667868", "g5wyk.s0ftbyte.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:19:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 02:07:09", "1667867", "trail.softr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 02:08:28", "100", "None", "clearfake", "1", "ttakvam" "2025-12-05 01:57:24", "1667866", "light.softr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:58:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 01:47:12", "1667865", "house.softr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:48:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 01:37:41", "1667861", "ss7e.softr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:37:58", "100", "None", "clearfake", "1", "ttakvam" "2025-12-05 01:27:58", "1667860", "crest.riverl1ght.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:29:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 01:18:16", "1667859", "b0.riverl1ght.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:20:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 01:07:51", "1667858", "ox.riverl1ght.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 01:10:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:57:36", "1667857", "mist.riverl1ght.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:59:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:47:47", "1667856", "i2.windshift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:49:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:37:29", "1667855", "frost.windshift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:39:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:27:26", "1667854", "ma.windshift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:28:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:17:29", "1667853", "194.26.192.195:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch" "2025-12-05 00:17:28", "1667852", "45.138.16.81:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch" "2025-12-05 00:17:27", "1667851", "x5ust.windshift.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:18:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:07:08", "1667850", "nova.brightf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-05 00:08:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-05 00:03:18", "1667849", "93.113.180.31:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/93.113.180.31", "AdaptixC2,AS215703,C2,censys,FREAKHOSTING", "0", "DonPasci" "2025-12-05 00:03:08", "1667848", "212.11.64.108:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/212.11.64.108", "Albiriox,Android,AS42624,censys,SWISSNETWORK02", "0", "DonPasci" "2025-12-05 00:02:45", "1667847", "134.122.200.237:65503", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/134.122.200.237", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,DcRAT,RAT", "0", "DonPasci" "2025-12-05 00:02:28", "1667846", "162.243.28.13:5010", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/162.243.28.13", "AS14061,AsyncRAT,C2,censys,DIGITALOCEAN-ASN,RAT", "0", "DonPasci" "2025-12-05 00:01:42", "1667845", "176.117.107.18:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/176.117.107.18", "AS208191,C2,censys,GOHOST,RAT,Remcos", "0", "DonPasci" "2025-12-04 23:57:50", "1667843", "2lkz.brightf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:58:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:48:01", "1667842", "dawn.brightf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:49:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:47:24", "1667841", "83.97.20.154:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-05 01:48:33", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch" "2025-12-04 23:40:14", "1667840", "191.101.51.135:7705", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-12-04 23:37:45", "1667839", "bxq.brightf1eld.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:39:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:27:57", "1667838", "bd.brightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:29:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:17:39", "1667837", "bloom.brightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:19:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 23:07:18", "1667836", "gxjo.brightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 23:08:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:57:38", "1667805", "cliff.brightl1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:58:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:48:16", "1667804", "shift.stoneh0use.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:48:39", "100", "None", "clearfake", "1", "ttakvam" "2025-12-04 22:37:51", "1667803", "shadow.stoneh0use.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:39:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:28:03", "1667801", "v0k6.stoneh0use.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:29:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:17:47", "1667799", "hmo.stoneh0use.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:19:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 22:07:59", "1667798", "28.darkb1rd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 22:09:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:57:41", "1667797", "caiip.darkb1rd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:59:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:47:23", "1667796", "lake.darkb1rd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:47:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:38:00", "1667795", "forest.darkb1rd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:39:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:28:15", "1667794", "sunrise.deep0asis.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:29:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:16:54", "1667793", "4mjo.deep0asis.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:19:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:10:26", "1667792", "178.250.188.214:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/29615df272e5a8c6a57803cc6fa08061975c2382625462570fab88d78bf5be24/", "xworm", "0", "abuse_ch" "2025-12-04 21:10:24", "1667791", "http://193.37.69.43:96/ZPqB", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/f5c7faca5b5563e4740a6d2196acfb3626ecbcd38da4d690dc23e13e7ecf747c/", "cobaltstrike", "0", "abuse_ch" "2025-12-04 21:08:10", "1667790", "fev5.deep0asis.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 21:09:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 21:05:09", "1667789", "193.37.69.43:96", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike", "0", "abuse_ch" "2025-12-04 20:57:56", "1667788", "field.deep0asis.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:59:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:57:44", "1667787", "151.243.113.71:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "https://bazaar.abuse.ch/sample/c6a83d4a310f3dbeaef1f73bfcbfc96d37856f2dbd32bbd1aa994ff7af15113c/", "None", "0", "abuse_ch" "2025-12-04 20:57:39", "1667786", "jjjgaasda.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/c6a83d4a310f3dbeaef1f73bfcbfc96d37856f2dbd32bbd1aa994ff7af15113c/", "None", "0", "abuse_ch" "2025-12-04 20:48:34", "1667785", "7p1e0901tm70n.cfc-execute.bj.baidubce.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:02", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 20:48:06", "1667784", "alpha.ironbl0om.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:48:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:45:07", "1667783", "69.164.241.252:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "None", "NetSupport", "0", "abuse_ch" "2025-12-04 20:38:40", "1667782", "85.208.84.110:56001", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "https://bazaar.abuse.ch/sample/0b1ecb1d5505123ee64955f4cca064997b0139a31a8bf199097c7ab3d61d6a91/", "None", "0", "abuse_ch" "2025-12-04 20:38:37", "1667781", "asmweosiqsaaw.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/0b1ecb1d5505123ee64955f4cca064997b0139a31a8bf199097c7ab3d61d6a91/", "None", "0", "abuse_ch" "2025-12-04 20:37:48", "1667780", "silent.ironbl0om.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:39:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:36:51", "1667779", "apdlive.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-12-04 20:27:54", "1667778", "quick.ironbl0om.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:28:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:23:16", "1667747", "https://nimbsjoa.com/ttt/tww.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:14", "1667748", "nimbsjoa.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-12-04 19:00:57", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:13", "1667749", "https://nimbsjoa.com/ttt/tee.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:12", "1667750", "https://nimbsjoa.com/ttt/trr.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:12", "1667751", "https://canrtsem.com/blue", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:11", "1667752", "https://deregulatedenergy.com/fdg2.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:23:09", "1667753", "deregulatedenergy.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "https://infosec.exchange/@monitorsg/115662837065188050", "SmartApeSG", "0", "monitorsg" "2025-12-04 20:17:36", "1667777", "tmy.ironbl0om.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:19:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:10:15", "1667776", "188.127.224.49:1998", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2025-12-04 20:07:51", "1667775", "vk8w.st0neleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 20:08:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 20:03:44", "1667774", "51.195.115.244:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-12-04 23:02:15", "100", "https://search.censys.io/hosts/51.195.115.244", "AS16276,BianLian,C2,censys,OVH", "0", "DonPasci" "2025-12-04 20:03:33", "1667773", "94.237.121.155:8080", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/94.237.121.155", "AS202053,C2,censys,hacktool,Mimikatz,open-dir,UPCLOUD", "0", "DonPasci" "2025-12-04 20:03:29", "1667772", "23.132.164.41:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/23.132.164.41", "AS60223,C2,censys,Gafgyt,NETIFACE-AS,open-dir", "0", "DonPasci" "2025-12-04 20:02:38", "1667771", "136.115.26.211:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-04 23:00:36", "100", "https://search.censys.io/hosts/136.115.26.211", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Havoc", "0", "DonPasci" "2025-12-04 20:02:35", "1667770", "5.129.251.54:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-12-04 23:00:32", "100", "https://search.censys.io/hosts/5.129.251.54", "AS9123,C2,censys,Hookbot,TIMEWEB-AS", "0", "DonPasci" "2025-12-04 20:02:15", "1667768", "62.84.188.193:8201", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/62.84.188.193", "AS51167,C2,censys,CONTABO,RAT,Remcos", "0", "DonPasci" "2025-12-04 20:02:15", "1667769", "108.174.56.170:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/108.174.56.170", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-12-04 20:01:57", "1667767", "91.92.242.29:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-12-04 20:01:58", "90", "None", "latrodectus", "0", "Rony" "2025-12-04 20:01:56", "1667766", "173.44.141.136:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 23:00:13", "100", "https://search.censys.io/hosts/173.44.141.136", "AS62904,C2,censys,CobaltStrike", "0", "DonPasci" "2025-12-04 20:01:20", "1667765", "103.235.73.228:8082", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:25", "100", "https://search.censys.io/hosts/103.235.73.228", "ARGONDATANETWORK-AS-AP,AS135360,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2025-12-04 20:01:18", "1667763", "8.148.24.82:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 23:00:12", "100", "https://search.censys.io/hosts/8.148.24.82", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-04 20:01:18", "1667764", "47.115.175.62:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:38", "100", "https://search.censys.io/hosts/47.115.175.62", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-04 19:57:02", "1667762", "r4.st0neleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 19:58:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:47:39", "1667761", "fk3v.st0neleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 19:48:59", "100", "None", "clearfake", "1", "ttakvam" "2025-12-04 19:42:33", "1667760", "http://111.253.220.24/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "https://urlscan.io/result/019aeae3-3fb5-7365-9da3-d310e4e71a83", "c2,hookbot,urlscan", "0", "juroots" "2025-12-04 19:41:55", "1667759", "https://reftec.sbs/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/019aeae2-abe1-7697-960e-b1633daf496f", "c2,spynote,urlscan", "0", "juroots" "2025-12-04 19:37:57", "1667758", "c1uo.st0neleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 19:39:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:28:08", "1667757", "nv47.dreamc0ast.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:17:51", "1667756", "nc.dreamc0ast.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:07:31", "1667755", "crystal.dreamc0ast.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 19:05:08", "1667754", "192.71.211.249:4252", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-12-04 18:57:41", "1667746", "delta.dreamc0ast.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:48:50", "1667745", "95.214.55.246:2305", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-05 02:47:57", "75", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2025-12-04 18:48:30", "1667744", "85.133.214.108:9031", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:47:40", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 18:48:28", "1667743", "ix9.cl0udramble.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:46:13", "1667742", "195.201.9.229:10022", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:45:42", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 18:45:35", "1667741", "185.123.102.239:33315", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2025-12-05 02:45:13", "75", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-12-04 18:43:20", "1667740", "104.140.154.31:30049", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:43:20", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 18:43:17", "1667739", "104.140.154.206:30069", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:43:18", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 18:43:16", "1667737", "104.140.154.177:30073", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:43:16", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 18:43:16", "1667738", "104.140.154.180:30065", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:43:17", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 18:43:14", "1667735", "104.140.154.140:30085", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:43:15", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 18:43:14", "1667736", "104.140.154.141:30079", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:43:15", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 18:43:13", "1667734", "104.140.154.115:30170", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:43:14", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 18:37:39", "1667733", "beta.cl0udramble.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:27:20", "1667732", "lyk4e.cl0udramble.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:18:05", "1667731", "ojlj.cl0udramble.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:08:15", "1667730", "auhf.sunsettrai1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 18:04:04", "1667729", "Xlnpe-21642.portmap.host", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2025-12-04 19:43:49", "100", "https://tria.ge/251204-pa3zxsgm81", "android,C2,domain,spynote,triage", "0", "DonPasci" "2025-12-04 18:03:46", "1667728", "major-barrier.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/251204-rl7hlatpck", "C2,domain,neptunerat,rat,triage", "0", "DonPasci" "2025-12-04 18:02:52", "1667727", "http://89.169.53.244", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/251204-qf647ssrek", "AS210644,C2,stealc,stealer,triage", "0", "DonPasci" "2025-12-04 18:02:21", "1667726", "making-council.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251204-ph5tgswjet", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-12-04 18:01:35", "1667724", "45.145.225.236:8848", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251204-tgyq1aar9x", "AS44486,asyncrat,C2,rat,triage", "0", "DonPasci" "2025-12-04 18:01:35", "1667725", "blessdx6m50isep.dynuddns.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251204-q6n2batmck", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-04 18:01:23", "1667723", "hackersda-46118.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251204-sdadkaymft", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-04 18:01:22", "1667722", "194.9.6.97:8080", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251204-whwn5svpfj", "AS58212,C2,triage,xworm", "0", "DonPasci" "2025-12-04 17:58:02", "1667721", "gamma.sunsettrai1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:49:41", "1667720", "dg.sunsettrai1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:39:51", "1667719", "g41i6.sunsettrai1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:27:34", "1667718", "s8.crystalriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:17:16", "1667717", "8czk.crystalriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 17:07:32", "1667716", "river.crystalriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:57:25", "1667715", "dark.crystalriver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:47:08", "1667714", "7e.c0ldstream.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:37:50", "1667713", "myst.c0ldstream.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:28:01", "1667712", "xhmns.c0ldstream.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:17:45", "1667711", "qgvn.c0ldstream.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:07:25", "1667710", "ember.nightblossom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 16:03:49", "1667709", "91.99.166.113:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:47:51", "100", "https://search.censys.io/hosts/91.99.166.113", "AS24940,censys,EvilGoPhish,HETZNER-AS,panel,Phishing", "0", "DonPasci" "2025-12-04 16:02:15", "1667708", "54.252.59.77:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:47:12", "100", "https://search.censys.io/hosts/54.252.59.77", "AMAZON-02,AS16509,C2,censys,Sliver", "0", "DonPasci" "2025-12-04 16:02:14", "1667707", "84.201.25.12:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:47:39", "100", "https://search.censys.io/hosts/84.201.25.12", "AS214036,C2,censys,Sliver,ULTAHOST-AS", "0", "DonPasci" "2025-12-04 16:02:10", "1667706", "84.32.5.105:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 02:47:40", "100", "https://search.censys.io/hosts/84.32.5.105", "AS62164,C2,censys,HEYMMAN-2,RAT,Remcos", "0", "DonPasci" "2025-12-04 16:02:09", "1667705", "103.83.87.23:24047", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 02:43:13", "100", "https://search.censys.io/hosts/103.83.87.23", "AS44382,C2,censys,RAT,Remcos,WHITELABEL", "0", "DonPasci" "2025-12-04 16:01:55", "1667704", "81.70.186.19:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:54", "100", "https://search.censys.io/hosts/81.70.186.19", "AS45090,C2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2025-12-04 16:01:51", "1667703", "45.64.52.174:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 23:00:15", "100", "https://search.censys.io/hosts/45.64.52.174", "AS152194,C2,censys,CobaltStrike,cs-watermark-426352781,CTGSERVERLIMITED-AS-AP", "0", "DonPasci" "2025-12-04 16:01:17", "1667702", "179.43.182.27:81", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:11", "100", "https://search.censys.io/hosts/179.43.182.27", "AS51852,C2,censys,CobaltStrike,cs-watermark-987654321,PLI-AS", "0", "DonPasci" "2025-12-04 15:57:39", "1667701", "bright.nightblossom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:47:30", "1667700", "sunny.nightblossom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:37:13", "1667699", "6hat8.nightblossom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:28:27", "1667698", "e4hf.stormpiece.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:17:10", "1667697", "dream.stormpiece.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 15:14:27", "1667693", "https://booksbypatriciaschultz.com/liner.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:14:27", "1667696", "booksbypatriciaschultz.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:14:21", "1667690", "80.94.92.103:55555", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle" "2025-12-04 15:14:20", "1667692", "http://193.111.117.194/tet.jpeg", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:14:19", "1667694", "https://fsdtiototoitweot.com/ofofo.js", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:14:18", "1667695", "fsdtiototoitweot.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 15:10:13", "1667691", "45.119.98.147:1688", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-12-04 15:09:04", "1667665", "https://garanti-sans-virus.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/garanti-sans-virus.com", "ClickFix", "0", "CarsonWilliams" "2025-12-04 15:09:03", "1667667", "https://mahleinc.com/8u8u.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115661689031905300", "KongTuke", "0", "monitorsg" "2025-12-04 15:09:03", "1667668", "mahleinc.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2025-12-04 14:08:43", "100", "https://infosec.exchange/@monitorsg/115661689031905300", "KongTuke", "0", "monitorsg" "2025-12-04 15:09:03", "1667669", "https://mahleinc.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115661689031905300", "KongTuke", "0", "monitorsg" "2025-12-04 15:09:02", "1667670", "http://199.217.99.42/m", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115661689031905300", "KongTuke", "0", "monitorsg" "2025-12-04 15:09:01", "1667672", "gqdbvlxq.suprifitas.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/464b97fc61b3df70c20552e03373f8b8b460e2028731114a1a1245c48e59a31b/", "None", "0", "burger" "2025-12-04 15:09:01", "1667685", "https://vqjhg08j-5500.euw.devtunnels.ms/checker/1.pdb", "url", "payload_delivery", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "", "dcrat", "0", "burger" "2025-12-04 15:09:00", "1667687", "https://vqjhg08j-5500.euw.devtunnels.ms/jovial/64th%20Services.exe", "url", "payload_delivery", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "", "dcrat", "0", "burger" "2025-12-04 15:07:52", "1667689", "valley.stormpiece.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:58:02", "1667688", "flame.stormpiece.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:48:11", "1667686", "stone.l1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:37:25", "1667684", "og.l1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:34:19", "1667683", "185.207.136.217:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch" "2025-12-04 14:34:18", "1667682", "185.207.136.222:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch" "2025-12-04 14:34:17", "1667681", "185.207.136.220:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch" "2025-12-04 14:34:15", "1667680", "185.207.136.221:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch" "2025-12-04 14:34:14", "1667679", "185.207.136.216:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/6a1f3f2805f56b4e7fcf6e8c15542754442b33af9451ff300d446a24b5289e4b/", "Mirai", "0", "abuse_ch" "2025-12-04 14:27:39", "1667678", "lzsj.l1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:25:37", "1667677", "46.62.240.214:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 14:25:24", "1667675", "d4d.automanpk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 14:25:24", "1667676", "d4d.aqarhoosh.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 14:25:12", "1667673", "https://d4d.automanpk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 14:25:12", "1667674", "https://d4d.aqarhoosh.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 14:17:28", "1667671", "gate.l1ghtwave.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 14:08:05", "1667666", "omega.shadowsprint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:58:19", "1667664", "gold.shadowsprint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:47:59", "1667663", "gui.shadowsprint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:38:09", "1667662", "bk.shadowsprint.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:27:57", "1667661", "5g95w.brightpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:20:17", "1667660", "87.120.93.222:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "None", "NetSupport", "0", "abuse_ch" "2025-12-04 13:17:38", "1667659", "stream.brightpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:08:03", "1667658", "x78.brightpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 13:05:29", "1667657", "43.156.74.19:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:32", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 13:00:43", "1667656", "109.173.161.202:4444", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-12-05 02:48:33", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-12-04 12:58:38", "1667655", "googlecret.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:08", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 12:57:59", "1667654", "2v2.space", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 19:48:31", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 12:57:36", "1667653", "09.brightpeak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:47:12", "1667652", "23ra.b2yh7ean.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:47:01", "1667643", "https://new.borealis-soft.ch/wp-content/plugins/background-image-cropper/ulgfpl.php?us=5yb8t352", "url", "payload_delivery", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "Latrodectus", "0", "pancak3lullz" "2025-12-04 12:37:24", "1667651", "q7.b2yh7ean.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:28:11", "1667650", "xvv.b2yh7ean.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:18:04", "1667649", "twu.b2yh7ean.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:08:42", "1667648", "5b7q.d1sputl2b.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 12:08:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 12:05:09", "1667647", "186.26.107.31:7771", "ip:port", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "https://tria.ge/251204-g5e8caby8d", "android,AS270939,C2,spynote,triage", "0", "DonPasci" "2025-12-04 12:02:05", "1667646", "185.157.162.16:57441", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 02:45:14", "100", "https://search.censys.io/hosts/185.157.162.16", "AS42675,C2,censys,OBEHOSTING,RAT,Remcos", "0", "DonPasci" "2025-12-04 12:01:41", "1667645", "83.229.122.234:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 23:00:11", "100", "https://search.censys.io/hosts/83.229.122.234", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci" "2025-12-04 12:01:39", "1667644", "121.199.168.99:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:46", "100", "https://search.censys.io/hosts/121.199.168.99", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-12-04 11:57:41", "1667642", "s9o.d1sputl2b.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:47:56", "1667641", "64m.d1sputl2b.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:43:36", "1667640", "profyfk.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-12-04 11:43:19", "1667638", "http://teleta.top/agrybirdsgamerept", "url", "botnet_cc", "win.raccoon", "Mohazo,RaccoonStealer,Racealer,Racoon", "Raccoon", "", "50", "", "c2,raccoon", "0", "juroots" "2025-12-04 11:43:19", "1667639", "http://teletop.top/agrybirdsgamerept", "url", "botnet_cc", "win.raccoon", "Mohazo,RaccoonStealer,Racealer,Racoon", "Raccoon", "", "50", "", "c2,raccoon", "0", "juroots" "2025-12-04 11:42:32", "1667637", "https://hktecentnet.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "https://urlscan.io/result/019ae92b-c5c7-72bf-ab04-4f7ca9e40370", "c2,spynote,urlscan", "0", "juroots" "2025-12-04 11:41:59", "1667636", "https://www.test.my-video-live.cloud/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae92b-474b-742d-8d60-ecc1a5a319e2", "urlscan", "0", "juroots" "2025-12-04 11:41:56", "1667635", "https://mail.geo-home.rw/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae92b-3c77-74fb-8d52-7037423e8705", "urlscan", "0", "juroots" "2025-12-04 11:41:54", "1667634", "https://103.150.186.125/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-05 00:00:42", "50", "https://urlscan.io/result/019ae92b-329a-73b8-b5c2-e01b916247e1", "urlscan", "0", "juroots" "2025-12-04 11:37:34", "1667633", "mb3.d1sputl2b.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:27:16", "1667632", "prqkv.ma5kd7unk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:20:19", "1667631", "134.122.128.202:4567", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-12-04 11:17:25", "1667630", "a83.ma5kd7unk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:15:34", "1667629", "198.23.177.212:49587", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/ee6185134ac3070a52a5f5dff8091fdd7eb2002a7e0246cedb34192cd36fc63d/", "xworm", "0", "abuse_ch" "2025-12-04 11:08:24", "1667628", "zpj.ma5kd7unk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 11:02:41", "1667627", "74.225.248.130:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/74.225.248.130", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-12-04 11:02:40", "1667626", "132.232.190.24:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/132.232.190.24", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 11:02:39", "1667625", "162.220.13.10:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/162.220.13.10", "AS26666,censys,GoPhish,INTERSERVER-LAX,Phishing", "0", "dyingbreeds_" "2025-12-04 11:02:37", "1667624", "65.0.219.47:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/65.0.219.47", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 11:02:35", "1667623", "178.16.52.30:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/178.16.52.30", "AS214943,censys,GoPhish,Phishing,RAILNET", "0", "dyingbreeds_" "2025-12-04 11:02:34", "1667622", "206.84.36.102:81", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/206.84.36.102", "AS265175,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 11:02:32", "1667621", "217.76.57.31:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/217.76.57.31", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 11:02:31", "1667620", "13.232.24.152:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.232.24.152", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 11:02:29", "1667619", "156.67.219.156:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/156.67.219.156", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 11:01:33", "1667618", "191.8.228.50:7000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-12-04 12:02:36", "100", "https://search.censys.io/hosts/191.8.228.50", "AS26599,C2,censys,RAT", "0", "dyingbreeds_" "2025-12-04 11:01:27", "1667617", "185.72.199.74:1717", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-04 12:02:32", "100", "https://search.censys.io/hosts/185.72.199.74", "AS50599,C2,censys,RAT", "0", "dyingbreeds_" "2025-12-04 11:00:53", "1667616", "46.224.76.2:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:46:54", "100", "https://search.censys.io/hosts/46.224.76.2", "AS24940,C2,censys,HETZNER-AS,Mythic", "0", "dyingbreeds_" "2025-12-04 11:00:52", "1667615", "208.85.19.188:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:46:01", "100", "https://search.censys.io/hosts/208.85.19.188", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "dyingbreeds_" "2025-12-04 11:00:36", "1667614", "23.235.188.168:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:35", "100", "https://search.censys.io/hosts/23.235.188.168", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:33", "1667613", "103.48.135.218:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:34", "100", "https://search.censys.io/hosts/103.48.135.218", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:30", "1667612", "198.12.121.168:7878", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:16", "100", "https://search.censys.io/hosts/198.12.121.168", "AS-COLOCROSSING,AS36352,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:29", "1667611", "23.235.174.18:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:30", "100", "https://search.censys.io/hosts/23.235.174.18", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:28", "1667610", "23.235.188.189:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:29", "100", "https://search.censys.io/hosts/23.235.188.189", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:27", "1667609", "156.234.152.168:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:33", "100", "https://search.censys.io/hosts/156.234.152.168", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:25", "1667607", "23.235.163.196:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:24", "100", "https://search.censys.io/hosts/23.235.163.196", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:25", "1667608", "23.235.163.212:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:22", "100", "https://search.censys.io/hosts/23.235.163.212", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:24", "1667606", "156.234.209.112:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:28", "100", "https://search.censys.io/hosts/156.234.209.112", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:22", "1667605", "103.184.47.49:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:32", "100", "https://search.censys.io/hosts/103.184.47.49", "AS146817,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:20", "1667604", "23.235.163.215:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:26", "100", "https://search.censys.io/hosts/23.235.163.215", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:14", "1667603", "103.48.135.197:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:20", "100", "https://search.censys.io/hosts/103.48.135.197", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 11:00:12", "1667602", "103.41.6.40:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:18", "100", "https://search.censys.io/hosts/103.41.6.40", "AS138415,C2,censys", "0", "dyingbreeds_" "2025-12-04 10:58:03", "1667601", "zp3.ma5kd7unk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:47:50", "1667600", "vfzkj.f1owreci7at.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:38:03", "1667599", "cloud.f1owreci7at.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:27:45", "1667598", "q4g.f1owreci7at.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:17:56", "1667597", "dp.f1owreci7at.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:07:34", "1667596", "work.c0mpen5ducky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 10:02:50", "1667595", "https://www21.googlecrash.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-8246-71c3-b572-831f8ae0ba67", "urlscan", "0", "juroots" "2025-12-04 10:02:49", "1667594", "https://www22.googlecrash.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-7e44-705b-90ba-bb0e9f2bc84f", "urlscan", "0", "juroots" "2025-12-04 10:02:48", "1667593", "https://18plus.tiktok.market.google.tetherwallet.online/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-7961-723d-b1d8-68fc6e66ca5f", "urlscan", "0", "juroots" "2025-12-04 10:02:47", "1667592", "https://pro.market.tocdep.site/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-7428-71ca-8c09-516ec86a634a", "urlscan", "0", "juroots" "2025-12-04 10:02:45", "1667591", "https://18plus.tiktok.market.google.mobilboss.website/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-6ea8-72b3-bf27-a76282a34c74", "urlscan", "0", "juroots" "2025-12-04 10:02:44", "1667590", "https://www.evn-epointt.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-6a07-765c-aa75-5ee99deb19b4", "urlscan", "0", "juroots" "2025-12-04 10:02:43", "1667589", "https://pro.market.pennaluminum.site/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-65e3-717d-8ba7-87f2d607c464", "urlscan", "0", "juroots" "2025-12-04 10:02:42", "1667588", "https://18plus.tiktok.market.google.midcap.top/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlscan.io/result/019ae8d0-6005-75cf-ae77-201ef03f83d4", "urlscan", "0", "juroots" "2025-12-04 09:57:11", "1667587", "5g.c0mpen5ducky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:48:27", "1667586", "9bg.c0mpen5ducky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:37:11", "1667585", "qc6.c0mpen5ducky.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:27:55", "1667584", "gold.cr2ckka7bas.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:18:39", "1667583", "sgxv.cr2ckka7bas.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:16:32", "1667577", "http://103.150.186.125", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 09:16:32", "1667578", "http://103.150.186.125/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 09:07:47", "1667582", "qu.cr2ckka7bas.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 09:04:10", "1667581", "59.13.206.72:9100", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:47:14", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-04 09:03:14", "1667580", "49.232.6.238:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-12-05 02:46:59", "75", "None", "Bianlian,drb-ra", "0", "abuse_ch" "2025-12-04 08:57:58", "1667579", "cb.cr2ckka7bas.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:56:13", "1667549", "https://www.test.my-video-live.cloud", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 19:41:21", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:13", "1667556", "test.my-video-live.cloud", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:13", "1667557", "http://www.test.my-video-live.cloud/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:26:01", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:12", "1667564", "http://mail.geo-home.rw/1", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:12", "1667566", "https://mail.geo-home.rw", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 23:30:31", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:11", "1667565", "mail.geo-home.rw", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:11", "1667569", "https://update.giooga.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:10", "1667567", "https://meet.giooga.com", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:10", "1667568", "meet.giooga.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:56:09", "1667570", "update.giooga.com", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix", "0", "HuntYethHounds" "2025-12-04 08:54:26", "1667576", "192.177.26.121:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:45:31", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-12-04 08:52:38", "1667575", "173.254.215.95:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:44:55", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-12-04 08:51:21", "1667574", "185.208.156.239:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "https://urlhaus.abuse.ch/url/3724913/", "APK", "0", "abuse_ch" "2025-12-04 08:47:38", "1667573", "sh.get5tu6ents.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:46:28", "1667572", "128.199.245.52:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:43:49", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-12-04 08:37:18", "1667571", "l2l64.get5tu6ents.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:22:03", "1667562", "78.47.232.226:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:22:03", "1667563", "185.207.139.114:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:22:02", "1667560", "69.5.189.154:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:22:02", "1667561", "23.88.62.111:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:43", "1667558", "xrt.automanpk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:43", "1667559", "xrt.abalawi.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667550", "https://xrt.automanpk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667551", "https://xrt.abalawi.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667552", "https://69.5.189.154/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667553", "https://23.88.62.111/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667554", "https://78.47.232.226/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:21:00", "1667555", "https://185.207.139.114/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-04 08:20:21", "1667548", "cwkx.get5tu6ents.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:14:46", "1667545", "https://teamsinvitemeeting.vip/teamsfinal/teams/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:46", "1667546", "https://teamsupdatesfornnicrosoft.sbs/teamsfinal/teamss/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:46", "1667547", "https://bcly.info/zoomplugin_update_V16.8.bat", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:45", "1667541", "https://teaminvitemeeting.vip/teamsfinal/teams/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:45", "1667542", "http://contactnowsupport.org/teams/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:45", "1667543", "https://contactnowsupport.org/teams/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:45", "1667544", "https://bvas.site/Zooom/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "", "None", "0", "juroots" "2025-12-04 08:14:30", "1667540", "159.75.236.93:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-12-04 08:14:24", "1667539", "158.160.193.205:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-12-04 08:14:18", "1667538", "https://tacko.pages.dev/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:46", "50", "https://urlscan.io/result/019ae86d-24aa-7438-9665-774fdf272410", "urlscan", "0", "juroots" "2025-12-04 08:14:17", "1667537", "https://www.zoom.donittech.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:46", "50", "https://urlscan.io/result/019ae86d-1e8c-702d-a863-d2503c9e8d04", "urlscan", "0", "juroots" "2025-12-04 08:14:15", "1667536", "https://myzoomlive.netlify.app/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:46", "50", "https://urlscan.io/result/019ae86d-17b2-71e8-9f38-036d9f0865e8", "urlscan", "0", "juroots" "2025-12-04 08:14:00", "1667535", "https://id3basketball.com/zoom/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:46", "50", "https://urlscan.io/result/019ae86c-da50-76eb-8c46-4c2d939cc8f0", "urlscan", "0", "juroots" "2025-12-04 08:13:54", "1667534", "https://99d04a7a-345a-48sc-8ea3-a9a626aa773e-00-3qpe7ieitscyb.live/vzob/Windows/invite.php", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 08:14:45", "50", "https://urlscan.io/result/019ae86c-c23b-70ee-9d3f-09d7891d3514", "urlscan", "0", "juroots" "2025-12-04 08:12:27", "1667533", "116.230.254.66:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 12:01:42", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-12-04 08:12:18", "1667532", "47.239.145.155:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-12-04 08:11:48", "1667531", "43.251.225.85:800", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-12-04 08:08:07", "1667530", "z5g4.get5tu6ents.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 08:07:41", "1667529", "37.221.93.5:666", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "75", "https://bazaar.abuse.ch/sample/46c4b7833b6b70391c2d8dd1b9dddb9a650569c7af6ff926cf692600c5f0566f/", "Gafgyt", "0", "abuse_ch" "2025-12-04 08:03:24", "1667528", "196.75.236.254:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/196.75.236.254", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci" "2025-12-04 08:03:23", "1667527", "199.101.109.155:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/199.101.109.155", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 08:03:22", "1667526", "103.177.47.142:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.142", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 08:03:21", "1667525", "3.95.233.161:32830", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/3.95.233.161", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 08:03:20", "1667524", "103.177.47.101:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.101", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 08:03:19", "1667523", "103.177.46.122:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.122", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 08:03:18", "1667522", "119.28.152.138:6000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/119.28.152.138", "AS132203,C2,censys,hacktool,MetaSploit,Meterpreter,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-12-04 08:03:17", "1667521", "103.177.47.106:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.106", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 08:03:16", "1667520", "103.177.47.134:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.134", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 08:03:15", "1667519", "103.177.47.102:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.102", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 08:03:05", "1667518", "80.94.92.103:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/80.94.92.103", "AS47890,C2,censys,Gafgyt,open-dir,UNMANAGED-DEDICATED-SERVERS", "0", "DonPasci" "2025-12-04 08:02:42", "1667517", "170.0.219.68:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-12-04 11:00:55", "100", "https://search.censys.io/hosts/170.0.219.68", "AS265141,C2,censys,Hookbot,RBT", "0", "DonPasci" "2025-12-04 08:02:20", "1667516", "89.117.21.2:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 02:47:44", "100", "https://search.censys.io/hosts/89.117.21.2", "AS40021,C2,censys,CONTABO-40021,RAT,Remcos", "0", "DonPasci" "2025-12-04 08:02:14", "1667515", "118.128.151.41:8080", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-12-04 11:00:38", "100", "https://search.censys.io/hosts/118.128.151.41", "AS138195,C2,censys,Gh0st,MOACKCOLTD-AS-AP,RAT", "0", "DonPasci" "2025-12-04 08:01:32", "1667514", "156.238.229.180:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 11:00:27", "100", "https://search.censys.io/hosts/156.238.229.180", "AS8796,C2,censys,CobaltStrike,cs-watermark-6,FD-298-8796", "0", "DonPasci" "2025-12-04 08:01:29", "1667513", "101.43.226.227:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:24", "100", "https://search.censys.io/hosts/101.43.226.227", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-12-04 08:01:26", "1667512", "23.235.188.182:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 11:00:32", "100", "https://search.censys.io/hosts/23.235.188.182", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci" "2025-12-04 08:01:24", "1667511", "23.235.174.24:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 11:00:31", "100", "https://search.censys.io/hosts/23.235.174.24", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci" "2025-12-04 08:01:23", "1667510", "23.226.59.228:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 11:00:16", "100", "https://search.censys.io/hosts/23.226.59.228", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci" "2025-12-04 08:01:21", "1667509", "103.48.135.207:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 11:00:21", "100", "https://search.censys.io/hosts/103.48.135.207", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci" "2025-12-04 08:01:20", "1667508", "23.235.163.208:6003", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 11:00:23", "100", "https://search.censys.io/hosts/23.235.163.208", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci" "2025-12-04 08:01:18", "1667507", "111.228.26.26:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 11:00:21", "100", "https://search.censys.io/hosts/111.228.26.26", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-04 08:01:16", "1667506", "39.105.7.149:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:27", "100", "https://search.censys.io/hosts/39.105.7.149", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-04 07:58:56", "1667505", "ihatemylife.racist.black", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://bazaar.abuse.ch/sample/426d84fd6dea5e277999691fd2c0e0b3f65747ffe309d2437ed8983bc3c2da92/", "Hailbot", "0", "abuse_ch" "2025-12-04 07:57:46", "1667504", "jtg7.lano5cho0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:56:36", "1667503", "ilovephysics.48101.online", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://bazaar.abuse.ch/sample/97cd8fe6659fd021a9649cca3bad2c7512fdd3b0b0907c93f097222980771361/", "Hailbot,Mirai", "0", "abuse_ch" "2025-12-04 07:48:52", "1667502", "143.20.37.113:1302", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/4ce8e52bc027e61ed898a967a35ccc826c52d9d5021cabaf8c6001d6558a0bb1/", "Mirai", "0", "abuse_ch" "2025-12-04 07:47:56", "1667501", "8ny.lano5cho0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 07:57:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:40:22", "1667500", "unitedpowerrangers2025.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/adb9b24067cca8b16838ec25ccc1eb81b289820243e3cd5edde4788633c18746/", "xworm", "0", "abuse_ch" "2025-12-04 07:39:37", "1667499", "169.40.135.30:550", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/0c2fc7a67744d1f8f7c1e65c74d33eca19ee18aba95ca6f60d66d967ffd2c738/", "Mirai", "0", "abuse_ch" "2025-12-04 07:37:38", "1667498", "97.lano5cho0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:33:52", "1667497", "151.244.72.224:606", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "75", "https://bazaar.abuse.ch/sample/485600a97866207f946d6552fc71bdd876d7466ebe3f7c832c52399f538bcd2a/", "Gafgyt", "0", "abuse_ch" "2025-12-04 07:27:50", "1667496", "3ut0.lano5cho0l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:17:35", "1667495", "flmw6.d7um0wl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 07:08:18", "1667494", "bold.d7um0wl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:57:27", "1667493", "l6e.d7um0wl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:55:09", "1667492", "172.245.93.109:9990", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-12-04 06:50:09", "1667491", "20250703.cmgsx.top", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-04 06:47:12", "1667490", "zd0m.d7um0wl.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:45:50", "1667489", "0bot.qzz.io", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-04 06:50:24", "100", "https://bazaar.abuse.ch/sample/9f64ea43d9ba0bed705b94251dfbcdc596fc594df8c0d94c512e4573c55b30e5/", "Mirai", "0", "abuse_ch" "2025-12-04 06:45:46", "1667488", "140.233.190.96:69", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/9f64ea43d9ba0bed705b94251dfbcdc596fc594df8c0d94c512e4573c55b30e5/", "Mirai", "0", "abuse_ch" "2025-12-04 06:37:15", "1667487", "195.24.237.46:4000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "https://bazaar.abuse.ch/sample/21ac5563cde511f024577ec38b888745db32793e8b7f54228d2c3cce67d0502c/", "CoinMiner", "0", "abuse_ch" "2025-12-04 06:36:48", "1667486", "ok.intr0dki5h.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:36:44", "1667485", "cryptoenjoyers.anondns.net", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/21ac5563cde511f024577ec38b888745db32793e8b7f54228d2c3cce67d0502c/", "CoinMiner", "0", "abuse_ch" "2025-12-04 06:34:05", "1667484", "b3ry.bounceme.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "https://bazaar.abuse.ch/sample/14fb9997a02cd65be6dd6422c5109b6bafa0fb306135c2b799500360fd936d54/", "Mirai", "0", "abuse_ch" "2025-12-04 06:29:50", "1667483", "87.121.84.155:9772", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/dce4f4bd10ff192033fb20e9b2443a3965bdcd456ff0c1048e371151ad9ba4d1/", "Mirai", "0", "abuse_ch" "2025-12-04 06:28:27", "1667482", "tyq.intr0dki5h.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:17:43", "1667481", "m3i.intr0dki5h.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:12:35", "1667480", "198.46.221.26:3232", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "https://bazaar.abuse.ch/sample/8f20209a07c8fadfbdda7d28786abdf0fedb7bb83b104e2ea458ffda0840c1ac/", "Supershell", "0", "abuse_ch" "2025-12-04 06:10:03", "1667160", "144.172.107.116:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-05 02:44:07", "100", "https://search.censys.io/hosts/144.172.107.116", "AS14956,C2,censys,ROUTERHOSTING", "0", "dyingbreeds_" "2025-12-04 06:10:03", "1667161", "187.116.67.182:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-05 02:45:25", "100", "https://search.censys.io/hosts/187.116.67.182", "AS27699,C2,censys", "0", "dyingbreeds_" "2025-12-04 06:10:03", "1667162", "8.140.250.105:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/8.140.250.105", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 06:10:02", "1667163", "57.128.225.231:7777", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/57.128.225.231", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-12-04 06:10:01", "1667164", "3.79.30.144:8001", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.79.30.144", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 06:10:01", "1667165", "188.245.186.17:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/188.245.186.17", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-12-04 06:10:00", "1667166", "206.189.148.30:4444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/206.189.148.30", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 06:10:00", "1667167", "74.162.44.116:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/74.162.44.116", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-12-04 06:09:59", "1667168", "3.224.46.25:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.224.46.25", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-04 06:09:59", "1667169", "85.193.88.41:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/85.193.88.41", "AS9123,censys,GoPhish,Phishing,TIMEWEB-AS", "0", "dyingbreeds_" "2025-12-04 06:09:58", "1667159", "45.74.9.54:81", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-05 02:46:50", "100", "https://search.censys.io/hosts/45.74.9.54", "AS212238,C2,CDNEXT,censys,RAT", "0", "dyingbreeds_" "2025-12-04 06:09:57", "1667157", "https://qexmz.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/qexmz.com", "ClickFix", "0", "CarsonWilliams" "2025-12-04 06:09:56", "1667156", "114.132.90.105:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:37", "100", "https://search.censys.io/hosts/114.132.90.105", "AS45090,C2,censys", "0", "dyingbreeds_" "2025-12-04 06:09:56", "1667158", "https://etpur.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/etpur.com", "ClickFix", "0", "CarsonWilliams" "2025-12-04 06:09:54", "1667143", "95.217.39.238:80", "ip:port", "payload_delivery", "win.stealc", "None", "Stealc", "", "90", "https://analytics.dugganusa.com/api/v1/stix-feed", "dropper,dugganusa,pattern-38,stealc", "0", "duggusa" "2025-12-04 06:09:54", "1667144", "196.251.107.94:80", "ip:port", "payload_delivery", "win.stealc", "None", "Stealc", "", "85", "https://analytics.dugganusa.com/api/v1/stix-feed", "build-server,dugganusa,pattern-38,stealc", "0", "duggusa" "2025-12-04 06:09:53", "1667142", "158.220.93.201:80", "ip:port", "payload_delivery", "win.stealc", "None", "Stealc", "", "90", "https://analytics.dugganusa.com/api/v1/stix-feed", "dropper,dugganusa,pattern-38,stealc", "0", "duggusa" "2025-12-04 06:09:51", "1667145", "107.167.83.34:80", "ip:port", "payload_delivery", "win.stealc", "None", "Stealc", "", "85", "https://analytics.dugganusa.com/api/v1/stix-feed", "bulletproof,dugganusa,pattern-38,stealc", "0", "duggusa" "2025-12-04 06:09:51", "1667148", "4ac33e95d7d1bf205c8bd021886a8edc5d405d65389edb3b0c65d62c12ace47d", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "85", "https://analytics.dugganusa.com/api/v1/stix-feed", "dugganusa,github,password-protected,pattern-43,russian,upx-packed", "0", "duggusa" "2025-12-04 06:09:50", "1667147", "23c909ea83cd7428a37189f228f4782693c1726381c886712135defca5924a68", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "https://analytics.dugganusa.com/api/v1/stix-feed", "dugganusa,github,pattern-38,stealc,supply-chain", "0", "duggusa" "2025-12-04 06:09:49", "1667150", "a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a", "sha256_hash", "payload", "js.shai_hulud", "None", "Shai-Hulud", "", "95", "https://analytics.dugganusa.com/api/v1/stix-feed", "credential-theft,dugganusa,npm,shai-hulud-v2,supply-chain,worm", "0", "duggusa" "2025-12-04 06:09:48", "1667151", "62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0", "sha256_hash", "payload", "js.shai_hulud", "None", "Shai-Hulud", "", "95", "https://analytics.dugganusa.com/api/v1/stix-feed", "dugganusa,github-actions,npm,shai-hulud-v2,worm", "0", "duggusa" "2025-12-04 06:09:48", "1667152", "9d59fd0bcc14b671079824c704575f201b74276238dc07a9c12a93a84195648a", "sha256_hash", "payload", "js.shai_hulud", "None", "Shai-Hulud", "", "95", "https://analytics.dugganusa.com/api/v1/stix-feed", "credential-theft,dugganusa,npm,shai-hulud-v2,worm", "0", "duggusa" "2025-12-04 06:09:47", "1667153", "safepal.in.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 22:58:18", "75", "https://www.filescan.io/uploads/693099d7856673a0547e11bc/reports/e45857cf-8057-48f1-b4f4-1f9cddcab5df/overview", "c2,Quasar,quasarrat,RAT", "1", "drizenc" "2025-12-04 06:09:45", "1667183", "email.whyyoushouldwalk.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/115658381128024161", "SocGholish", "0", "monitorsg" "2025-12-04 06:09:44", "1667426", "http://217.156.64.221/1.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-04 06:10:46", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-12-04 06:09:43", "1667427", "tuc.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://www.virustotal.com/gui/file/1a21e2a177f3a22bf947624c6f7c7f51a674a7e8acfa355b996ba3ae81a0e0a8", "asyncrat,c2", "0", "Amethyste" "2025-12-04 06:09:42", "1667434", "https://alsaqrdelivery.online/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/alsaqrdelivery.online", "ClickFix", "0", "CarsonWilliams" "2025-12-04 06:09:41", "1667463", "194.116.236.109:1024", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle" "2025-12-04 06:09:41", "1667479", "103.77.241.151:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle" "2025-12-04 06:08:50", "1667478", "212.192.28.2:25567", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "https://bazaar.abuse.ch/sample/3d31d4c410ac9a896ec58d1dece1e980f126272723c9249f48c8fed7f3abca90/", "Mirai", "0", "abuse_ch" "2025-12-04 06:07:58", "1667477", "night.intr0dki5h.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 06:03:54", "1667476", "https://hobmjoi.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/251204-flte7azmfs", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-12-04 06:01:54", "1667475", "susanamadre.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251204-aw74faas9e", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-04 06:01:26", "1667474", "ssxzxz.ddns.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251204-dyzrmacn7y", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-04 06:00:55", "1667473", "86.54.42.82:5467", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-12-04 05:57:38", "1667472", "rkrse.be5isg2uze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-04 06:02:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:47:18", "1667471", "nq5.be5isg2uze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:37:32", "1667470", "trace.be5isg2uze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:28:15", "1667469", "xl978.be5isg2uze.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:24:21", "1667468", "167.99.204.247:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-05 03:21:40", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-04 05:24:20", "1667467", "68.183.172.217:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-05 03:21:40", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-04 05:24:19", "1667466", "104.248.92.224:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-05 03:21:39", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-04 05:24:18", "1667465", "167.99.48.121:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-05 03:21:39", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-04 05:18:21", "1667464", "quick.inf0rmmou7n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 05:07:59", "1667462", "2oh5.inf0rmmou7n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:57:57", "1667461", "vhm7.inf0rmmou7n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:47:39", "1667460", "osn.inf0rmmou7n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:37:47", "1667459", "yo3.n2zemt0ler.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:27:32", "1667458", "xr.n2zemt0ler.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:17:43", "1667457", "mint.n2zemt0ler.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:07:50", "1667456", "6c5k.n2zemt0ler.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 04:04:30", "1667455", "168.245.201.111:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/168.245.201.111", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 04:04:29", "1667454", "168.245.200.204:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/168.245.200.204", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 04:04:28", "1667452", "103.177.47.11:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.11", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 04:04:28", "1667453", "168.245.201.109:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/168.245.201.109", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-04 04:02:59", "1667451", "72.61.210.186:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-05 02:47:25", "100", "https://search.censys.io/hosts/72.61.210.186", "AS-HOSTINGER,AS47583,C2,censys,Havoc", "0", "DonPasci" "2025-12-04 04:02:58", "1667450", "aighk.it.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-04 11:01:29", "100", "https://search.censys.io/hosts/172.67.183.143+aighk.it.com", "AS13335,C2,censys,CLOUDFLARENET,Havoc", "0", "DonPasci" "2025-12-04 04:02:50", "1667449", "51.68.213.83:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-05 02:47:06", "100", "https://search.censys.io/hosts/51.68.213.83", "AS16276,AsyncRAT,C2,censys,OVH,RAT", "0", "DonPasci" "2025-12-04 04:01:36", "1667448", "172.111.139.160:2405", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 02:44:46", "100", "https://search.censys.io/hosts/172.111.139.160", "AS212238,C2,CDNEXT,censys,RAT,Remcos", "0", "DonPasci" "2025-12-04 04:01:33", "1667447", "78.187.29.22:90", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "2025-12-04 11:00:40", "100", "https://search.censys.io/hosts/78.187.29.22", "AS9121,C2,censys,DarkComet,RAT,TTNET", "0", "DonPasci" "2025-12-04 04:01:18", "1667446", "114.132.90.105:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 11:00:26", "100", "https://search.censys.io/hosts/114.132.90.105", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci" "2025-12-04 04:01:17", "1667445", "43.163.0.162:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 11:00:19", "100", "https://search.censys.io/hosts/43.163.0.162", "AS132203,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-12-04 04:01:14", "1667444", "123.56.226.71:55552", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:49", "100", "https://search.censys.io/hosts/123.56.226.71", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-04 03:58:12", "1667443", "nk.d0nit7then.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:56:58", "1667441", "s1.auv.one", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:17", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 03:56:58", "1667442", "s1.biodog.dpdns.org", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:17", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-04 03:47:16", "1667440", "ecve.d0nit7then.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:45:07", "1667439", "192.227.217.229:17229", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-05 00:02:28", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2025-12-04 03:37:59", "1667438", "rwp.d0nit7then.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:27:38", "1667437", "spark.d0nit7then.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:18:29", "1667436", "hzqp.ar2kchd1ans.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 03:07:35", "1667435", "2vo6.ar2kchd1ans.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:57:19", "1667433", "h83d8.ar2kchd1ans.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:47:39", "1667432", "da.ar2kchd1ans.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:38:15", "1667431", "d6.gend2rlu1l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:27:35", "1667430", "7dm.gend2rlu1l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:18:13", "1667429", "ut2.gend2rlu1l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 02:07:59", "1667428", "sky.gend2rlu1l.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:58:26", "1667425", "31.getp0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:48:16", "1667424", "owl.getp0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:38:05", "1667423", "wind.getp0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:27:34", "1667422", "ex.getp0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:18:23", "1667421", "5o.8oodt1me.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 01:07:57", "1667420", "l8iwt.8oodt1me.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:59:40", "1667417", "4f59c713b73746a50cb4651fc85ac951949a705b", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:40", "1667418", "37a351ea8df374c0be3ae20bd04f515cd6b0121db8c463c87dbe730d6abb08f4", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:40", "1667419", "959391ea11b3285ac2b67f6169ed189c", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:39", "1667414", "ee85a34f8ab31a0749e6819cc42436ae460cb936", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:39", "1667415", "e13eab84b5d51db02ab19e24a6c7732642ee815ab9df3f0708bbbede257d8ca8", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:39", "1667416", "4ba9689d8ad0415fc69153ac434022b4", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:38", "1667411", "b483129f399465df452f471838503cc30ea238b0", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:38", "1667412", "fc8a64a067ec1cd0f8190da143758db31fd5021c402023304e1f76993d2b15b1", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:38", "1667413", "4673ccfd7723002365ae1abab123ef83", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:37", "1667408", "0b7e7ea49bee4073d5598b7ae6cdffa2f170d1ef", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:37", "1667409", "8bc07575854bba3474e1eb3451d050d4f1386097fcbd6343d0f4c53bf1efc780", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:37", "1667410", "91ff4ae4afc15bb658d88dbd7a1051ae", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:36", "1667405", "858d8b4a31fa746a85c9c8336d59bd5a550a8086", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:36", "1667406", "1ebcfddad6ca2b49edfeacdfb3e9f074333729b965d637aa44ecb8df3626efe9", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:36", "1667407", "ab943920f96a90e50a368e128a8717ce", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:35", "1667402", "f7597f56a1bd11c9cd2329c78282f5c7a30658c4", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:35", "1667403", "d4afec965d05ba32766a802f6611faa86405cb36b857b65de8d4c83b1f152806", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:35", "1667404", "ee6ac60d4101d872f046ba59e7cc65b3", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:34", "1667399", "c60274df1b360a18204b3d7192d6a3c7429bae68", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:34", "1667400", "065fafc5e3a52b618e7763df8a9269cc8e7ac397fe220a13dbe93ba0c18805a2", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:34", "1667401", "59155db478d8f41767563d5bf073df7b", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:33", "1667396", "3cf8ff06e7a4aa0aa24d90631bd8949b83971113", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:33", "1667397", "76ab981b7b93f61673b2b4a7c12f7ed2ceeeafde66e3c4fce88ce54b4d0c17e3", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:33", "1667398", "8ccb9a3bf5dbc2e80fd6baf7f0a2f321", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:32", "1667393", "e4a997488734ae28bd9a70e4789f6142534ad1fa", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:32", "1667394", "a40c0293d30ce6afdb9d825ca751e2d53592c55a86c2859c8e60849cb52c4d72", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:32", "1667395", "a71b32fc32e2b732888af1ab36480bbb", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:31", "1667390", "b26ccc829a60c965c401481a94d3c554a2bf81cb", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:31", "1667391", "a858133c5c1865d12abd0b22b1bb77bed26b01da769737af1392add9f244b1e2", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:31", "1667392", "61a637f731b2d38450c99cf350414aff", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:30", "1667389", "7dccd36d018141480997bd88fa7d8e26", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:29", "1667386", "0a24f71cbd3f52d0bc6c3f91b43754ae", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:29", "1667387", "017b67d96bd20e334a5038b91cee9535e55abc6e", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:29", "1667388", "af3296ecfaa277da4c620ed311ef9ea485aa9ef2c0c55ef2c9789e8aacdcd0db", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:28", "1667383", "0cee71a26235fbb2bd141a1e93e1de92", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:28", "1667384", "23f2af19325db4c50325225901f9bf7252a281c0", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:28", "1667385", "964f1a49f5204ea173a64cc729ba0d026555eef213d8a71eb3dd18c942512e7a", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:27", "1667381", "f2affd7566aa1fc856acb1545770c083f1ad3ec0", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:27", "1667382", "cc7d970b366fac85dffbfef76441a241827cad22ca0797f8c19d5b1bad4b8b89", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:26", "1667378", "e6f8ac6f42a618037d49e01ca9785d7f545ab29f", "sha1_hash", "payload", "win.nimgrabber", "None", "NimGrabber", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:26", "1667379", "23ae50d51a908d1ccdad1cb7750b6b63596cba85731883eb40c5cb9273ad61e4", "sha256_hash", "payload", "win.nimgrabber", "None", "NimGrabber", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:26", "1667380", "ef323b67ed1257c71e18e4c7c10d0575", "md5_hash", "payload", "win.nimgrabber", "None", "NimGrabber", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:25", "1667376", "6a60df67162c247c7b02056c1c72acc6556d3c01ee01681157a57fc291d0068b", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:25", "1667377", "a129cf94f07d44fc546ee1917e740e3b", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:24", "1667373", "5e719da07984247b6964dddba2926767e599d4dd45c1e4805b18937afcceeda3", "sha256_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:24", "1667374", "b0ea29c1cf661822df1f052da920e61d", "md5_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:24", "1667375", "016f90ce8cd101eed8b5b6d743b0be7bddad0852", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:23", "1667370", "91d7adf38c8940d72640098efb13cfee74bf5195737a093a4a3330af0fb63ed5", "sha256_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:23", "1667371", "e3f83ceebfca211deed67d7f5ef5e185", "md5_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:23", "1667372", "bededd35a30470d41ad19e53f2b913178cff4bef", "sha1_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:22", "1667368", "8eef2230ccba200f77aadcc193ecd180", "md5_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:22", "1667369", "c1647b2c5035d221413f37609968a1b8f813bf03", "sha1_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:21", "1667365", "2849c3e42e63db15cc641efde1f101bc", "md5_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:21", "1667366", "06f3013703c3a7ea9be742612e46205fc32e1e42", "sha1_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:21", "1667367", "fb898bba58b74c8a8bdd06c176ab7a3acb525c8f2d6a1220a2e82c6f0c991ed7", "sha256_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:20", "1667363", "dd867318e5218d12dc584ae4b8c20edfded4b351", "sha1_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:20", "1667364", "a36fa05f630b3223180b84b908cd5a6f4a7453b860147bc5c42ecc4936d7ca13", "sha256_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:19", "1667361", "f004a2047517380a7bad3e3817b98706eef99ead122d698f247bf5f6304fe475", "sha256_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:19", "1667362", "8b1fb04f89430b7c75e74bb92db9f5df", "md5_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:18", "1667358", "999c04854a14a50e67c4efb840139402b256ae8c84582b36f1f4ab3878fd2af1", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:18", "1667359", "16559a9eb01cf0873641816e2bd22a6d", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:18", "1667360", "5997f95b9adf2cdd1c51e5db5f5462bd651ec52f", "sha1_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:17", "1667355", "1d2b96df0f0f1c65ddbc1bbc1fcb8f498d28caa97d2847e3163424c3a68c9f27", "sha256_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:17", "1667356", "22b201742d08b572ec54d756d48e9086", "md5_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:17", "1667357", "4a90cc251c03e24bb9a4725897e84b20141361d6", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:16", "1667352", "5f6e7232d0fd57d8b46e8fbd1f7c917b4bddb4c426b9ea7d73e1276a197ca84d", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:16", "1667353", "0e5050bc6814e2a2b2fe1c5e784cea5a", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:16", "1667354", "c862f68c64f9c32f280cb2643e0dc6e0197cd9fe", "sha1_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:15", "1667349", "b62460b3255ec6bd66ff816318df1dfda5a51390427a8484b3dcd45a19484cd4", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:15", "1667350", "beeb8cfd3e1a89295c449bf7665da652", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:15", "1667351", "841ba2d927a97a102334da548551ce7350336561", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:14", "1667347", "bc5b0a131afbbdb1f56e38e9376af959", "md5_hash", "payload", "win.isr_stealer", "None", "ISR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:14", "1667348", "99e2e374315445db52b9e10430f7cf01a5c14fe2", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:13", "1667344", "ce398e9f13536f8da1e1f1634b0a9427", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:13", "1667345", "62625707863e1e5d418b5a6603bb10e26d059225", "sha1_hash", "payload", "win.isr_stealer", "None", "ISR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:13", "1667346", "1715bffc46bace588a5015bcc089fcad4d9905d6c7ed8a51c4d2ff970f3fe692", "sha256_hash", "payload", "win.isr_stealer", "None", "ISR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:12", "1667341", "bfdfa68016b705afd4c4f60301f5f559", "md5_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:12", "1667342", "b770e256ec17d8e7f2522d103eacbbce04ec5519", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:12", "1667343", "b9e747c4fe5dd06c116cf1e2d7d924b52807b12bd396238cee1e84187ea1b793", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:11", "1667338", "3a86f0eec0a8e2be0dd62f1a7b755d8d", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:11", "1667339", "9f01618c6805c3e3e92c82120ae6dd904bf7aafa", "sha1_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:11", "1667340", "0d38177cbe3469d1e658d8b8bdf7785c2ef0c0021c7e08aa5ebbe1904d34d1c4", "sha256_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:10", "1667335", "1a88149b7336622ebb280d2d5ac67314", "md5_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:10", "1667336", "018b2ec69b4db026a1121cdfda6d4f3f157c822c", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:10", "1667337", "13fa7d9111462ae97d2d41e6879b0d3ee2ed5f8ec939dec4e56bd209e1e85b1a", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:09", "1667333", "c2c11022def1fb097b7d482e3e719d65ad4658dd", "sha1_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:09", "1667334", "fae48fe6a0c7b167093f0f6481ff9f67bab9b023fb43a4c6265403d4e57b2bec", "sha256_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:08", "1667330", "25d57ca339010e8a917595a252007cdb0b9f81d2", "sha1_hash", "payload", "win.havoc", "Havokiz", "Havoc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:08", "1667331", "86d1ba178ae4f79243051c3b4e7a9beea2395e9ef0c8e2af930e32a51ec83b3f", "sha256_hash", "payload", "win.havoc", "Havokiz", "Havoc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:08", "1667332", "23510ac78a9f18f81796b5b4e655742d", "md5_hash", "payload", "win.havoc", "Havokiz", "Havoc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:07", "1667328", "c0edb33c4fb4b0e28d56f890e9428efd96b3d31b1bdb94e43136f44db7f6eb19", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:07", "1667329", "ae47f697ea4e4ee3e7cfab1549239dcd", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:06", "1667325", "9dd1001e76c345b016c5727650d26cecbaed304ed0960eff4fcaaa60a8d3bc86", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:06", "1667326", "f1fe16e5378226845c5c2e230666de75", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:06", "1667327", "264ab72472aec9025aba6f2fc1930b3d3fb6b35c", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:05", "1667323", "b3ed12f0658946868c1007db56ebe4a4", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:05", "1667324", "fbbac0a892e8d46f4c91290700f9c53ea933d1de", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:04", "1667321", "af021c16fba5b1867613a5326ed18a80818f29a9", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:04", "1667322", "5764ca651cf197bab1b99109705d19d43644574b3a7946fc4e7464978a4701fd", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:03", "1667318", "5726eb7960be22c972d7f1f1f5e785ad4101f433", "sha1_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:03", "1667319", "64e714b6db5a170d195cf7f5ce40a50e0ecf4b59d591fbc4cf282ca37496c952", "sha256_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:03", "1667320", "e46b2d3f6715596ceb957defac4f82fb", "md5_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:02", "1667317", "ac0bf28ffe0578b31a0dc302e79e5656", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:01", "1667315", "f73e6abdb6748ce4f9089933441aae600663d631", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:01", "1667316", "be3164cb1a4925491c0265f3c9a717c89218b7f47c2fb603c8f7f69309a39b66", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:00", "1667312", "e925130b4a31f86730eb50d22f8b74a4e9fce2cd", "sha1_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:00", "1667313", "8e94849692519ab0f0b33cda20cadee491dc50c07ed1aec60fd31e3119f30abb", "sha256_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:59:00", "1667314", "2e095bb3494d80f20c6f12c4798ef3b6", "md5_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:59", "1667310", "c5b2b190d18f40051c5697746b21252cf14894ba10ae6e3e007e6f5ed4b31dfe", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:59", "1667311", "720804a1e38299c4ffa1e67a966c8e74", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:58", "1667307", "50419b6ae38000b3d639e462f69bb35ff167650ca8eff6eb35dcfbd38b08c393", "sha256_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:58", "1667308", "f63d7e0ddf3467973ec738325e2b1367", "md5_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:58", "1667309", "cea752f898cf77bd63d7ed21815746e7abf615b6", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:57", "1667305", "b649c684279994e3cf9dfc764f2f9143", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:57", "1667306", "9077793edca2cb6da2c38c4f40005d8dd1c894bd", "sha1_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:56", "1667303", "bdfc26cb4e43ffe0009ad37259c7a40ce85277ee", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:56", "1667304", "6cfb17162c83c92f0d81d1299c0abd2ac62c8983c022f03fd36e86a37a6704a1", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:55", "1667300", "8a4818ca3085a280c7840550d4e56383f1806881", "sha1_hash", "payload", "win.crimsonias", "None", "CrimsonIAS", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:55", "1667301", "bfd3cee0ef2eb54478550e422a2072d8d2125b0588f27930fa13e6f9de998aca", "sha256_hash", "payload", "win.crimsonias", "None", "CrimsonIAS", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:55", "1667302", "2390299115599866cfe0f40b4596ea89", "md5_hash", "payload", "win.crimsonias", "None", "CrimsonIAS", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:54", "1667297", "bf9f963a9da11674b8762708547392cd3da106bf", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:54", "1667298", "2b671627a98c335af15443e21271262131f7b431d4a43448dbe099d0e685fda1", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:54", "1667299", "e9be94914a3baad07f0dfc5116756570", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:53", "1667295", "4dbdb20f155314cc024c0dae1fa82e421516e5cb9075e7bdb12f6dfca2eaa2e5", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:53", "1667296", "f157efac383bac30af4319294015cfd9", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:52", "1667294", "e33c14aee03ddf391447f481a18db547cac4ba01", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:51", "1667293", "3cdf61953f81c5cf1a36505edf435f74", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:50", "1667292", "e1b28c54dcd0bb61b29c986b2f893977060af99d1bb732fb1bd636ac90d3839f", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:49", "1667290", "50702876ca0152ef5bf89c632661f1f3", "md5_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:49", "1667291", "d81ce0f57e888349e28b0b99e1af9bf9fbef0946", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:48", "1667288", "98cf00fbf71451e29bbf86683a180a63dd397471", "sha1_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:48", "1667289", "20291af59067a9886fa2c749d711adc8c2ecf687a48611cbdfefe6b5ca0f583f", "sha256_hash", "payload", "win.quantloader", "None", "QuantLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:47", "1667287", "870a16d761816b9b61648ded7534fb86", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:46", "1667285", "937e026456577da70229c2a5bee00fc3e284e497", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:46", "1667286", "f88f894670594bf686d51dcb52d0fbc01590c0e4cf534c03a178c3e3f6c98c25", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:45", "1667283", "97e4072ab5d871c2c47a6d4ab482945243d05c069e79cfc41b8dce7bbbb810c9", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:45", "1667284", "93f5b1064127c877c3cc2043f2ad8b69", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:44", "1667282", "4d81e4ed0fb47cf353ca44ad7da7ff0a1e7a1191", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:43", "1667279", "0bce21953d40e19a9772cdeab9ba41fba199e8a3", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:43", "1667280", "4b034df185a00e490091a9c0c1bf4944c0e9177017cbcb1b0d61d937a87f8cad", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:43", "1667281", "7e35c2827815745a175fb618f9d56880", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:42", "1667277", "83863006b4dda98ef3dfdf417d11b099fec994d1886ce7e91c4e708e23bb2ba6", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:42", "1667278", "f0a638cbbb4b527f74e59f28e372cc40", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:41", "1667275", "cf636c14b01eec9fb05abe7a23a0aafd", "md5_hash", "payload", "win.ismagent", "None", "ISMAgent", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:41", "1667276", "7c8b34ad475fe123b939183e56d7803e6f533d72", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:40", "1667273", "5fec0ffccfcb87358685d11d17f98a461d60e12f", "sha1_hash", "payload", "win.ismagent", "None", "ISMAgent", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:40", "1667274", "bc203e057ab874aac7f8e033d3bca4325296757df055fd4ef81a6d5d72d2733d", "sha256_hash", "payload", "win.ismagent", "None", "ISMAgent", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:39", "1667270", "508af35c54f5b3291e35b9b0824fcf0a3c6d0ced", "sha1_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:39", "1667271", "00e86c3eb762787af1d986f28e2b154ff5ba3c0828bd7a5bf0df1a69db739026", "sha256_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:39", "1667272", "d83a237e3bbc8eab7d3441f77b8ab207", "md5_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:38", "1667267", "e78d39f2904b8f588c30a5fd946c9956acb57f52", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:38", "1667268", "96befa0fb8532afd7aeb21fc1b9cc5fd3c35dfeed09b783f5d70044cce30db97", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:38", "1667269", "34cc8fc563a5313f6be10aefd301f8a6", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:37", "1667265", "acee1954a28c44d1353b5d05026d0de8bfc32e8b76c0a0ed1a057e9f6490e779", "sha256_hash", "payload", "win.vanillarat", "None", "vanillarat", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:37", "1667266", "f83b90e59368c101beddcd519d540d66", "md5_hash", "payload", "win.vanillarat", "None", "vanillarat", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:36", "1667263", "7ff3ee45a9e02718801d15fc3b3af09f", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:36", "1667264", "448a7ed5758957656a9330303f33d25a38c47ae1", "sha1_hash", "payload", "win.vanillarat", "None", "vanillarat", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:35", "1667261", "85785f774a28a041f40f80ebaad82b6b7864eb23", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:35", "1667262", "94465293b5c291da3fb2cf0eb3c6d995a4735921d876736cf9abae624dc1f4be", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:34", "1667259", "f3875443e6c73a5f6d67ff49d2c03c67effcc9bc30baca62c3b46908d4dfaaa9", "sha256_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:34", "1667260", "dc75e637d2e639314252bd8c2d72c5cc", "md5_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:33", "1667256", "17f1708d36917a3095a76e3c6dc49d345fb0d95309894ca3ac54097f2e22d104", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:33", "1667257", "7b7e236c2bc0bea4fccc47b9df46308c", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:33", "1667258", "97423eccc05a0b407fe6a1015c34d1d5413c53e2", "sha1_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:32", "1667254", "c59deae4284eadcd9edc67b0db96abc4", "md5_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:32", "1667255", "2a1f9c2d1cbdd9a123ecfce2a205655f1624f19f", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:31", "1667252", "738b36445cbf0960bc7a3b0b32e1b6e5233f7400", "sha1_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:31", "1667253", "05f68525352971f08ec5b69ce138b63f0bbba0ea72e35cd34d8437e9d1669af6", "sha256_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:30", "1667250", "13f221b634e9dd9c174c975dca5680fd4d856d93977152235e3f6a9fe0e059bb", "sha256_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:30", "1667251", "5342143429937867c76f0ba370ec0d11", "md5_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:29", "1667247", "15c319e00eb4a3007195d255861e25498e501ecc5e0c6638d2f48bc9c3ae2e73", "sha256_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:29", "1667248", "e0f510758219d19850dbeb6e0075d27f", "md5_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:29", "1667249", "937a986a31aea9bf1f375da98edde6d50c2b6921", "sha1_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:28", "1667245", "df6d2463377062d7a687f382ffef2088", "md5_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:28", "1667246", "69c27b7d7c74f8901e20d7e8c03fee544cedeeef", "sha1_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:27", "1667243", "3db8810da14f8e6bf2e2b4a8b301c2c1822a92a3", "sha1_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:27", "1667244", "2cbdf96c80d1e9167282ecb6f5f1033d4b747c5417ef5849d91b7a6104f99870", "sha256_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:26", "1667240", "3f6d819732fb094d2d1ce6f752692c8287b76d58", "sha1_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:26", "1667241", "9bb808a0df59a1f9c5b73795505051ef32cc8abfb74dbef0fca21afc6b5ce4f8", "sha256_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:26", "1667242", "575a35e4a8dda21a712c57a2ea30b68f", "md5_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:25", "1667237", "7cbbbc658c684d646cecd0ea3440af1b9f35d849", "sha1_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:25", "1667238", "5d8920257c318caee990816b951125fc8d641e3b7ec762b95fec4431e37a9386", "sha256_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:25", "1667239", "f3b08940d53495843b9ff6db3c11367a", "md5_hash", "payload", "win.erbium_stealer", "None", "Erbium Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:24", "1667234", "fbcd4fd42503819500fcde7092657b04864e3a0d", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:24", "1667235", "34126d2af7207d31cee9fab5b0426508adc683b3077bc83356dfc89c6f832d65", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:24", "1667236", "e5e7d9ddca1a529db1d76ceec96af674", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:23", "1667232", "0dd2f8d23e6dbf7bb458a675e0fc8fd7d9f8ef76c8ee1be07540392dba52d261", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:23", "1667233", "a2c18e72c92876b17bd9427081bd03c3", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:22", "1667228", "5bca0d1868bd543d139162003fd5b8f14b57e1e5", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:22", "1667229", "70428c1fd7f8879239050155e0a37ed65c6997855e8a8420e2d2f09598ba5cd6", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:22", "1667230", "949ce8d74fb987d0d11827a510cc730d", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:22", "1667231", "ea3ccd08ee9bc86adf91eafe594638db5ce9c469", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:21", "1667226", "fb46b4afecf906742432eca80cb926f2d31a20c4e0f1628d9c909e28bfaa02d3", "sha256_hash", "payload", "win.neshta", "None", "neshta", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:21", "1667227", "55f9e504b16e515f588f7ac875f66723", "md5_hash", "payload", "win.neshta", "None", "neshta", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:20", "1667224", "5b72b65a02cb09f3b6bee414edb1607d", "md5_hash", "payload", "win.neshta", "None", "neshta", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:20", "1667225", "0679d6e06010b7a065e5279edf2ddfc9cf37bcdc", "sha1_hash", "payload", "win.neshta", "None", "neshta", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:19", "1667221", "bac8f02dca8b63623a9b28eaad747813", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:19", "1667222", "d62d903066104a57cb7e8d5bc32e7981b8148b7b", "sha1_hash", "payload", "win.neshta", "None", "neshta", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:19", "1667223", "e4c6311e88083ab971d7d8d3c622221eadb86564654b8f20cc0e8159d61054d0", "sha256_hash", "payload", "win.neshta", "None", "neshta", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:18", "1667218", "1d5d8b62ff57a19b7a2ffaa3c703d9d9", "md5_hash", "payload", "win.moker", "None", "Moker", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:18", "1667219", "b54956705156ad0cd4c9a86b886e7d69ff362523", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:18", "1667220", "a61dddb469f669b6cc0520593ac23c9f54761070cf700dbe5c694cf34215538a", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:17", "1667216", "3715ca1aba9732fbe9803039f293c3407e9148d5", "sha1_hash", "payload", "win.moker", "None", "Moker", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:17", "1667217", "d240f9c3f1abac605ada8cb3b811af7d92dc7017b503a5ef0202fdbf9425d100", "sha256_hash", "payload", "win.moker", "None", "Moker", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:16", "1667213", "245a73dde823d24b76642d0009c017b636b46ecb", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:16", "1667214", "ba8926f7954f7075ee7d4e8b27a94c5e4ad7ed1676e5b096bdbbc1f26ba79257", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:16", "1667215", "4536be40ae709b3448a95964b6ef1fed", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:15", "1667210", "536d13a5cefedbddc01015d02b2decbe4e4c96c2", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:15", "1667211", "fe251bb1c14b74a0832b049be399bf72f9a3a638846d9e89c614942440e221e7", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:15", "1667212", "960ad9da0c6d048617b1a610ff382adf", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:14", "1667207", "cda2ac846a5be0cf26c01df10a20dcfef0f5a0d0", "sha1_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:14", "1667208", "1a4279bf33cd9302c4aae6e05ff9d9ef2de1ddc83da1518a8a2f84d241873f9a", "sha256_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:14", "1667209", "116caa672371172886c0ee13f7772341", "md5_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:13", "1667205", "c657d5a1069f9aacf50a01f859e4301761337d5e45601278597ec5f3cd1c8e3a", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:13", "1667206", "f0f219d88230f5963806ce04d7e1acf3", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:12", "1667203", "322fea934264c60a7518380801ce2476", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:12", "1667204", "a96a54c71ac1d2031fc9ef5cc696ef09f4c81c7f", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:11", "1667200", "32dda9f2e60718811e8e8308a620ea85", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:11", "1667201", "bb1aef7bc7e828e5f0adaee282f7f5aede10dbed", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:11", "1667202", "0293ec398b301d984f4e280e528ba7d6c530564edf9fce662dc44e45e8bb5c6d", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:10", "1667197", "281a9997ac902cecf6748496d8b5e687e6ebfe70", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:10", "1667198", "soft.8oodt1me.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:58:10", "1667199", "aad0a60cb86e3a56bcd356c6559b92c4dc4a1a960f409fb499cf76c9b5409fdb", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:09", "1667196", "1ef957a43aa9c803c5f96f3f8261b365", "md5_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:08", "1667193", "97a13dbf605b7a363473ac6648567888", "md5_hash", "payload", "win.owlproxy", "None", "Owlproxy", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:08", "1667194", "85e9d299582c3645b10d4791e2f2099f0ec7780c", "sha1_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:08", "1667195", "bae5d9c81d7142b9cf994402b2648d70cf90271a31435d92fdcb87c422b00a17", "sha256_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:07", "1667191", "fb285840950e2be85e0f6fd12f8b7019b4bd3bab", "sha1_hash", "payload", "win.owlproxy", "None", "Owlproxy", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:58:07", "1667192", "a0833c96c647a67c9ea6cb2545e3c157f2ef6a062d2e9e8e05871845dbd40c1a", "sha256_hash", "payload", "win.owlproxy", "None", "Owlproxy", "", "95", "None", "None", "0", "Grim" "2025-12-04 00:55:26", "1667190", "104.250.161.176:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/72303dc0e874c30864de3a18978aeb36fd175c6d9f071abcb309ea5774cd58f9/", "xworm", "0", "abuse_ch" "2025-12-04 00:48:17", "1667189", "cloudy.8oodt1me.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:38:05", "1667188", "rrc.nevp0yob5tet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:27:44", "1667187", "qr4z.nevp0yob5tet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:17:27", "1667186", "wild.nevp0yob5tet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:15:18", "1667185", "http://towerbingobongoboom.com:8080/updater?for=76262F4263B30A25BB81956EA98986ED", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch" "2025-12-04 00:07:37", "1667184", "gate.nevp0yob5tet.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-04 00:03:19", "1667182", "216.238.89.173:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/216.238.89.173", "AdaptixC2,AS-VULTR,AS20473,C2,censys", "0", "DonPasci" "2025-12-04 00:03:12", "1667181", "156.226.175.32:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/156.226.175.32", "AS58212,C2,censys,DATAFOREST,Gafgyt,open-dir", "0", "DonPasci" "2025-12-04 00:02:56", "1667180", "213.209.157.78:1911", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "https://search.censys.io/hosts/213.209.157.78", "AS214940,C2,censys,KPRONET,redline,stealer", "0", "DonPasci" "2025-12-04 00:02:48", "1667179", "65.2.170.10:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-05 02:47:20", "100", "https://search.censys.io/hosts/65.2.170.10", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-12-04 00:02:10", "1667178", "185.177.239.226:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:45:16", "100", "https://search.censys.io/hosts/185.177.239.226", "AS215826,C2,censys,Mythic,PARTNER-HOSTING-LTD", "0", "DonPasci" "2025-12-04 00:02:04", "1667177", "45.74.9.54:102", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-05 02:46:50", "100", "https://search.censys.io/hosts/45.74.9.54", "AS212238,AsyncRAT,C2,CDNEXT,censys,RAT", "0", "DonPasci" "2025-12-04 00:01:59", "1667176", "125.44.157.208:5873", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-04 11:00:46", "100", "https://search.censys.io/hosts/125.44.157.208", "AS4837,C2,censys,CHINA169-BACKBONE,Supershell", "0", "DonPasci" "2025-12-03 23:57:19", "1667175", "fox.rub1er5ane.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:47:31", "1667174", "stone.rub1er5ane.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:38:20", "1667173", "group.rub1er5ane.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:28:03", "1667172", "hip.rub1er5ane.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:18:10", "1667171", "dw.ant1er5noos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 23:07:53", "1667170", "deep.ant1er5noos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:57:35", "1667155", "22754.ant1er5noos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:47:46", "1667154", "5k.ant1er5noos.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:39:30", "1667149", "hollow.c0uperu8nia.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:27:39", "1667146", "ridge.c0uperu8nia.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:18:23", "1667141", "b3fas.c0uperu8nia.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 22:08:15", "1667140", "3vc.c0uperu8nia.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 22:13:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:56:53", "1667139", "valley.r2dire5our.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 22:07:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:48:47", "1667138", "light.r2dire5our.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:37:52", "1667137", "coast.r2dire5our.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:28:05", "1667136", "clear.r2dire5our.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:17:42", "1667135", "gamma.rainb0rne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 21:07:19", "1667134", "h4v.rainb0rne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:57:36", "1667133", "bdmqf.rainb0rne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:47:43", "1667132", "owl.rainb0rne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:37:59", "1667131", "o5.mystleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:28:12", "1667130", "sck.mystleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:17:57", "1667129", "gate.mystleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:08:08", "1667128", "85y.mystleaf.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 20:03:02", "1667127", "54.160.180.123:11557", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/54.160.180.123", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-03 20:03:01", "1667126", "196.75.86.165:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/196.75.86.165", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci" "2025-12-03 20:02:43", "1667125", "45.156.87.36:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-12-03 23:01:04", "100", "https://search.censys.io/hosts/45.156.87.36", "AS51396,C2,censys,moobot,PFCLOUD", "0", "DonPasci" "2025-12-03 20:02:37", "1667124", "185.39.19.188:51144", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/185.39.19.188", "AS216341,c2,censys,JokerRAT,OPTIMA-AS,panel", "0", "DonPasci" "2025-12-03 20:02:27", "1667123", "82.112.253.169:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-05 02:47:37", "100", "https://search.censys.io/hosts/82.112.253.169", "AS-HOSTINGER,AS47583,C2,censys,Havoc", "0", "DonPasci" "2025-12-03 20:02:26", "1667122", "149.28.138.70:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-05 02:44:13", "100", "https://search.censys.io/hosts/149.28.138.70", "AS-VULTR,AS20473,C2,censys,Havoc", "0", "DonPasci" "2025-12-03 20:02:25", "1667121", "51.161.0.22:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-05 02:47:05", "100", "https://search.censys.io/hosts/51.161.0.22", "AS16276,C2,censys,Havoc,OVH", "0", "DonPasci" "2025-12-03 20:02:24", "1667120", "packgerrr.testingweblink.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-03 23:00:46", "100", "https://search.censys.io/hosts/188.166.156.56+packgerrr.testingweblink.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-12-03 20:02:23", "1667119", "ngylp.testingweblink.com", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-03 23:00:46", "100", "https://search.censys.io/hosts/188.166.156.56+ngylp.testingweblink.com", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-12-03 20:02:21", "1667118", "85.192.60.211:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 23:00:43", "100", "https://search.censys.io/hosts/85.192.60.211", "AEZA-AS,AS210644,C2,censys,Quasar,RAT", "0", "DonPasci" "2025-12-03 20:02:18", "1667117", "45.76.33.33:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:46:50", "100", "https://search.censys.io/hosts/45.76.33.33", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2025-12-03 20:02:12", "1667115", "209.222.97.74:103", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-05 02:46:02", "100", "https://search.censys.io/hosts/209.222.97.74", "AS23470,AsyncRAT,C2,censys,RAT,RELIABLESITE", "0", "DonPasci" "2025-12-03 20:02:12", "1667116", "193.26.115.51:8080", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-05 02:45:39", "100", "https://search.censys.io/hosts/193.26.115.51", "AS210558,AsyncRAT,C2,censys,RAT,SERVICES-1337-GMBH", "0", "DonPasci" "2025-12-03 20:02:00", "1667114", "38.242.153.111:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:46:31", "100", "https://search.censys.io/hosts/38.242.153.111", "AS51167,C2,censys,CONTABO,Sliver", "0", "DonPasci" "2025-12-03 20:01:58", "1667113", "128.199.245.52:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:43:49", "100", "https://search.censys.io/hosts/128.199.245.52", "AS14061,C2,censys,DIGITALOCEAN-ASN,Sliver", "0", "DonPasci" "2025-12-03 20:01:48", "1667112", "202.189.9.234:20022", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2025-12-03 23:00:20", "100", "https://search.censys.io/hosts/202.189.9.234", "AS139180,C2,censys,Gh0st,RAT,SDYXT", "0", "DonPasci" "2025-12-03 20:01:31", "1667111", "91.92.242.28:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-12-03 20:02:07", "100", "https://search.censys.io/hosts/91.92.242.28", "AS214943,C2,censys,Latrodectus,RAILNET", "0", "DonPasci" "2025-12-03 20:01:30", "1667110", "158.94.208.144:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-12-03 20:02:07", "100", "https://search.censys.io/hosts/158.94.208.144", "AS214943,C2,censys,Latrodectus,RAILNET", "0", "DonPasci" "2025-12-03 20:01:27", "1667109", "167.179.73.103:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-03 23:00:11", "100", "https://search.censys.io/hosts/167.179.73.103", "AS-VULTR,AS20473,C2,censys,CobaltStrike", "0", "DonPasci" "2025-12-03 20:01:21", "1667108", "43.163.0.162:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:32", "100", "https://search.censys.io/hosts/43.163.0.162", "AS132203,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-12-03 20:01:19", "1667107", "47.97.113.42:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:44", "100", "https://search.censys.io/hosts/47.97.113.42", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-12-03 20:01:18", "1667106", "47.97.113.42:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:44", "100", "https://search.censys.io/hosts/47.97.113.42", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-12-03 20:01:15", "1667105", "115.190.161.178:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:38", "100", "https://search.censys.io/hosts/115.190.161.178", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2025-12-03 20:01:13", "1667104", "192.228.96.59:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:14", "100", "https://search.censys.io/hosts/192.228.96.59", "AS53340,C2,censys,CobaltStrike,cs-watermark-987654321,FIBERHUB", "0", "DonPasci" "2025-12-03 19:57:45", "1667103", "1w.br1ghtlake.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:47:29", "1667102", "gold.br1ghtlake.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:45:30", "1667101", "45.83.28.172:8041", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "75", "https://bazaar.abuse.ch/sample/0bf813a35b9343fa17cce21cf8a7ef723779769c253146ae504791cf6b980c23/", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-12-03 19:40:16", "1667098", "https://www.appirockyinn.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/www.appirockyinn.com", "ClickFix", "0", "CarsonWilliams" "2025-12-03 19:39:26", "1667100", "196.251.107.99:8443", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "75", "https://bazaar.abuse.ch/sample/2cbdf96c80d1e9167282ecb6f5f1033d4b747c5417ef5849d91b7a6104f99870/", "XoriumStealer", "0", "abuse_ch" "2025-12-03 19:37:43", "1667099", "uun3l.br1ghtlake.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 19:44:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:29:46", "1667088", "196.251.107.23:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-04 11:53:05", "100", "None", "loader,StealC,stealer", "0", "Bitsight" "2025-12-03 19:29:46", "1667089", "151.240.151.15:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-04 11:53:02", "100", "None", "loader,StealC,stealer", "0", "Bitsight" "2025-12-03 19:29:45", "1667091", "77.83.207.252:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-04 11:54:08", "100", "None", "loader,StealC,stealer", "0", "Bitsight" "2025-12-03 19:28:27", "1667097", "bold.br1ghtlake.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:27:03", "1667094", "45.153.34.13:58007", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "75", "https://bazaar.abuse.ch/sample/243b1a20ab7ccf16dcead3eb45ddb5c5a6389ab89c9ba0354c841b879c966de7/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2025-12-03 19:27:03", "1667095", "45.153.34.13:58008", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "75", "https://bazaar.abuse.ch/sample/243b1a20ab7ccf16dcead3eb45ddb5c5a6389ab89c9ba0354c841b879c966de7/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2025-12-03 19:27:03", "1667096", "45.153.34.13:58009", "ip:port", "botnet_cc", "win.pure_rat", "PureHVNC,ResolverRAT", "PureRAT", "", "75", "https://bazaar.abuse.ch/sample/243b1a20ab7ccf16dcead3eb45ddb5c5a6389ab89c9ba0354c841b879c966de7/", "PureHVNC,PureRAT,RAT", "0", "abuse_ch" "2025-12-03 19:19:26", "1667093", "territorycaption.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "https://bazaar.abuse.ch/sample/1a4279bf33cd9302c4aae6e05ff9d9ef2de1ddc83da1518a8a2f84d241873f9a/", "OffLoader", "0", "abuse_ch" "2025-12-03 19:17:05", "1667092", "hvug.deepvalley.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:15:17", "1667090", "156.255.0.28:1688", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-12-03 19:07:18", "1667087", "nova.deepvalley.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 19:05:34", "1667086", "https://handpaw.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/a61dddb469f669b6cc0520593ac23c9f54761070cf700dbe5c694cf34215538a/", "lumma", "0", "abuse_ch" "2025-12-03 18:57:54", "1667085", "cloud.deepvalley.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:56:55", "1667084", "89.208.106.13:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:47:45", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-12-03 18:54:50", "1667083", "5.101.86.96:59364", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 02:47:01", "75", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2025-12-03 18:53:59", "1667082", "45.12.146.14:53015", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:46:42", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-03 18:52:05", "1667081", "209.222.97.74:101", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-05 02:46:02", "75", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2025-12-03 18:48:43", "1667080", "171.105.25.171:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-12-05 02:44:45", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-12-03 18:47:45", "1667079", "hq82.deepvalley.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:46:12", "1667078", "13.49.46.176:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-05 02:43:51", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-12-03 18:37:56", "1667077", "rain.silentcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:27:36", "1667076", "8tx1k.silentcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:17:54", "1667075", "6zq.silentcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:07:32", "1667074", "silent.silentcrest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 18:01:39", "1667073", "xxblessingswealthyblessedman.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-03 18:01:40", "100", "https://tria.ge/251203-rmj4padj6t", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 18:01:38", "1667072", "147.124.214.248:5126", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 00:01:43", "100", "https://tria.ge/251203-vryz7a1pgs", "AS396073,C2,rat,remcos,triage", "0", "DonPasci" "2025-12-03 18:01:25", "1667071", "leading-mass.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251203-vga6da1nex", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-03 17:57:11", "1667070", "daty.cloudr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:48:26", "1667069", "f6o.cloudr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:45:16", "1667068", "38.181.24.114:448", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-12-03 17:45:11", "1667067", "38.181.24.114:449", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-12-03 17:44:11", "1667066", "night.cloudr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:37:57", "1667065", "bo4m7.cloudr1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:35:20", "1667064", "hollow.sunr1dge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:31:08", "1667063", "cliff.sunr1dge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:32:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:27:57", "1667062", "xgp.sunr1dge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:28:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:17:40", "1667061", "myst.sunr1dge.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:24:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:08:59", "1667060", "f96.f1recliff.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:11:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 17:05:47", "1667059", "crest.f1recliff.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:08:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:57:21", "1667058", "2y5a.f1recliff.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 17:04:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:45:50", "1667055", "kfhdx.f1recliff.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:49:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:44:50", "1667051", "https://kalongo.ru", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-12-03 16:44:50", "1667053", "http://194.87.55.247/danko.odd", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-12-03 16:44:49", "1667052", "kalongo.ru", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-12-03 16:44:49", "1667054", "https://kalongo.ru/lend.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "ClickFix,Fake OS Update,xHamster", "0", "HuntYethHounds" "2025-12-03 16:39:07", "1667050", "field.l1ghtforest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:41:39", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:31:27", "1667041", "185.208.158.230:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://app.any.run/tasks/707ace3e-1fe2-4f6a-af5d-46957960f2fb", "c2,vidar", "0", "burger" "2025-12-03 16:31:27", "1667043", "tiny-queen-ada8.mowal67825.workers.dev", "domain", "botnet_cc", "win.smokedham", "None", "SMOKEDHAM", "", "100", "None", "c2,SMOKEDHAM", "0", "pancak3lullz" "2025-12-03 16:31:26", "1667049", "http://178.17.59.148/4a1b933c03e9461a.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-03 18:03:05", "100", "https://tria.ge/251203-tv7wts1lcs", "c2,stealc", "0", "burger" "2025-12-03 16:25:30", "1667048", "valley.l1ghtforest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:35:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:10:15", "1667047", "m22u9.l1ghtforest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:14:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:07:59", "1667046", "https://fanspicy.com/insights/where-is-fansly-based/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/4394d8c1-e487-4ca9-a326-d846a91bbf49", "fakecaptcha,urlquery", "0", "juroots" "2025-12-03 16:07:58", "1667045", "https://www.serv-in.fr/shopdetail/discount/115264129", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/4cc65427-40b4-4ee0-a246-7827653c3bc5", "fakecaptcha,urlquery", "0", "juroots" "2025-12-03 16:07:57", "1667044", "https://tennis-bandol.fr", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-03 17:00:23", "50", "https://urlquery.net/report/ac241448-5604-4848-8ac3-bc77fb1b482c", "fakecaptcha,urlquery", "0", "juroots" "2025-12-03 16:06:09", "1667042", "flame.l1ghtforest.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 16:10:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 16:02:58", "1667040", "47.84.87.182:5858", "ip:port", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "https://search.censys.io/hosts/47.84.87.182", "ALIBABA-CN-NET,AS45102,C2,censys,Donut", "0", "DonPasci" "2025-12-03 16:02:43", "1667039", "114.66.38.106:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/114.66.38.106", "AS136188,c2,c2-redirector,censys,CHINATELECOM-ZHEJIANG-NINGBO-IDC,RedGuard", "0", "DonPasci" "2025-12-03 16:02:41", "1667038", "85.121.5.5:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/85.121.5.5", "Albiriox,ALEXHOST,Android,AS200019,censys", "0", "DonPasci" "2025-12-03 16:02:37", "1667037", "14.225.20.10:55555", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2025-12-03 23:01:05", "100", "https://search.censys.io/hosts/14.225.20.10", "AS135905,C2,censys,moobot,VNPT-AS-VN", "0", "DonPasci" "2025-12-03 16:01:51", "1667036", "104.234.46.159:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:43:28", "100", "https://search.censys.io/hosts/104.234.46.159", "AS43350,C2,censys,Mythic,NFORCE", "0", "DonPasci" "2025-12-03 16:01:48", "1667035", "62.60.135.114:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/62.60.135.114", "AS208137,C2,censys,FPS12,RAT,Sectop", "0", "DonPasci" "2025-12-03 16:01:36", "1667034", "64.31.63.239:52125", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:47:20", "100", "https://search.censys.io/hosts/64.31.63.239", "AS136258,C2,censys,ONEPROVIDER-AS,Sliver", "0", "DonPasci" "2025-12-03 16:01:11", "1667032", "193.135.174.51:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-03 23:00:10", "100", "https://search.censys.io/hosts/193.135.174.51", "AS44901,BELCLOUD,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-03 16:01:11", "1667033", "120.55.169.216:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-03 23:00:09", "100", "https://search.censys.io/hosts/120.55.169.216", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-03 16:00:17", "1667030", "reasonachiever.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-12-03 16:00:17", "1667031", "workradihleba.live", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-12-03 15:57:55", "1667029", "dhi.windc0ve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 15:48:15", "1667028", "anr8p.windc0ve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:52:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 15:45:37", "1667006", "cpanel.succeedwithaffiliatemarketing.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/115656273471277964", "SocGholish", "0", "monitorsg" "2025-12-03 15:45:37", "1667009", "mossyden2011.sbs", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:36", "1667010", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/6v0tazc5mboxujs", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2025-12-03 15:33:57", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:35", "1667011", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/ejk52zwt2js16ro", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2025-12-03 15:33:57", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:35", "1667012", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/q38dyv0te345uf4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2025-12-03 15:33:58", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:35", "1667013", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/q7cherolivolejk", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "2025-12-03 15:33:58", "100", "https://app.any.run/tasks/d41701aa-8f4d-4b1e-9522-4c1c3d0d6892", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:34", "1667015", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/2vk56j8h27whyzg", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:32", "1667016", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/6v4de3o1yz0du7k", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:32", "1667018", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/ej492vsdeb4h27g", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:31", "1667017", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/a7k56jotufo5ab4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:30", "1667019", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/iro9a3cp6zsd230", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:30", "1667020", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/m3o1azkhufs1enk", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:29", "1667021", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/qj0tqbk5qno9qz8", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:29", "1667022", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/ufcx6bc1ef45e7g", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:27", "1667023", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/ujgti3g12f45y74", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:27", "1667024", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/y74habwtyvsxarw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:27", "1667025", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/yfw9qbsdezwxmzs", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:45:26", "1667026", "http://mossyden2011.sbs/22d95c9d6e0727d47a15a2044603cdab/yzc5yj81yv0h2fw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/e0efd174-28fa-464d-a6ae-3ad4469ecf60", "MaskGramStealer", "0", "burger" "2025-12-03 15:34:53", "1667027", "td2qd.windc0ve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:36:35", "100", "None", "clearfake", "1", "ttakvam" "2025-12-03 15:23:23", "1667008", "sz0.windc0ve.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:26:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 15:12:48", "1667007", "4f.softshadow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:18:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 15:05:57", "1666989", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ejk52zwt2js16ro", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:56", "1666990", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/q7cherolivolejk", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:56", "1666991", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/qvcxirkxen0hiv0", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:56", "1666992", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/q38dyv0te345uf4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:55", "1666993", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/iro9a3cp6zsd230", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:55", "1666994", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/y74habwtyvsxarw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:54", "1666995", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ej492vsdeb4h27g", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:54", "1666996", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/6v4de3o1yz0du7k", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:53", "1666997", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/yzc5yj81yv0h2fw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:53", "1666998", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/a7k56jotufo5ab4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:52", "1667000", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/m3o1azkhufs1enk", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:51", "1666999", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ijclyfwd2nsl6fw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:51", "1667001", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/yj41avk5qvkdmvo", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:50", "1667002", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ufcx6bc1ef45e7g", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:50", "1667005", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/2vk56j8h27whyzg", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:49", "1667003", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/ybs5y70xab4dez4", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:05:48", "1667004", "http://easternwhiskerholdings.sbs/22d95c9d6e0727d47a15a2044603cdab/yfw9qbsdezwxmzs", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://app.any.run/tasks/5ad7ea2d-7a3f-4a11-b975-d8a17af9245c", "c2,MaskGramStealer", "0", "burger" "2025-12-03 15:04:13", "1666984", "https://steamcommunity.com/profiles/76561198775809889/", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/64e714b6db5a170d195cf7f5ce40a50e0ecf4b59d591fbc4cf282ca37496c952/", "MaskGramStealer", "0", "burger" "2025-12-03 15:04:13", "1666985", "https://www.chess.com/member/bvzxw", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/64e714b6db5a170d195cf7f5ce40a50e0ecf4b59d591fbc4cf282ca37496c952/", "MaskGramStealer", "0", "burger" "2025-12-03 15:04:12", "1666986", "https://t.me/xtelegram_xstar_bot", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/64e714b6db5a170d195cf7f5ce40a50e0ecf4b59d591fbc4cf282ca37496c952/", "MaskGramStealer", "0", "burger" "2025-12-03 15:04:12", "1666987", "58.22.95.171:6868", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "https://threatquery.com/engines/ip.html?value=58.22.95.171&type=ip", "AS4837,c2,LokiBot,threatquery", "0", "threatquery" "2025-12-03 15:02:21", "1666988", "k0h.softshadow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 15:10:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:56:31", "1666983", "46.224.34.145:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 14:56:17", "1666981", "wew.automanpk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 14:56:17", "1666982", "wew.abalawi.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 14:56:02", "1666980", "https://wew.abalawi.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 14:56:01", "1666979", "https://wew.automanpk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 14:55:08", "1666978", "sunrise.softshadow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:58:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:51:59", "1666971", "http://95.181.173.156/ce369e7324834845.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "2025-12-03 18:03:03", "100", "https://app.any.run/tasks/7ee3876e-2029-47ee-930c-bf0fc177312a", "c2,stealc", "0", "burger" "2025-12-03 14:51:58", "1666974", "5.135.69.40:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://app.any.run/tasks/69d8da6c-1f58-47aa-9490-8844c1db61ce", "c2,vidar", "0", "burger" "2025-12-03 14:51:57", "1666976", "https://5.135.69.40/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://app.any.run/tasks/3f751527-848e-49b2-a161-6522f72932ca", "c2,vidar", "0", "burger" "2025-12-03 14:51:27", "1666977", "clear.softshadow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:48:05", "1666975", "4rx0l.skyhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:48:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:46:43", "1666973", "deathshop.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "OffLoader", "0", "abuse_ch" "2025-12-03 14:45:03", "1666972", "pe2.skyhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:38:16", "1666970", "fox.skyhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:40:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:30:04", "1666969", "forest.skyhollow.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:33:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:24:48", "1666968", "k8yq6.ch2pernev0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:26:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:20:08", "1666967", "trace.ch2pernev0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:22:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:18:52", "1666966", "screwbirth.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "", "Offstealer", "0", "abuse_ch" "2025-12-03 14:15:14", "1666957", "http://65.38.120.109/m", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "https://infosec.exchange/@monitorsg/115656015480888657", "KongTuke", "0", "monitorsg" "2025-12-03 14:15:14", "1666960", "https://vqjhg08j-5500.euw.devtunnels.ms/temp.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/host/vqjhg08j-5500.euw.devtunnels.ms/", "AgentTesla", "0", "burger" "2025-12-03 14:15:14", "1666961", "https://vqjhg08j-5500.euw.devtunnels.ms/clean.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/host/vqjhg08j-5500.euw.devtunnels.ms/", "AgentTesla", "0", "burger" "2025-12-03 14:15:13", "1666962", "https://vqjhg08j-5500.euw.devtunnels.ms/cheat.exe", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://urlhaus.abuse.ch/host/vqjhg08j-5500.euw.devtunnels.ms/", "AgentTesla", "0", "burger" "2025-12-03 14:12:51", "1666965", "gate.ch2pernev0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 14:18:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:10:48", "1666964", "91.92.243.134:9672", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 00:01:42", "75", "https://bazaar.abuse.ch/sample/999c04854a14a50e67c4efb840139402b256ae8c84582b36f1f4ab3878fd2af1/", "remcos", "0", "abuse_ch" "2025-12-03 14:10:40", "1666963", "83.147.243.110:1002", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/5f6e7232d0fd57d8b46e8fbd1f7c917b4bddb4c426b9ea7d73e1276a197ca84d/", "xworm", "0", "abuse_ch" "2025-12-03 14:07:04", "1666959", "iao3.ch2pernev0d.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 14:06:37", "1666958", "qqplive.top", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-12-03 14:05:26", "1666956", "185.241.208.212:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/cc7d970b366fac85dffbfef76441a241827cad22ca0797f8c19d5b1bad4b8b89/", "remcos", "0", "abuse_ch" "2025-12-03 14:02:29", "1666955", "t4r7.chimef2ce1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:58:22", "1666954", "r6tb5.chimef2ce1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:59:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:43:40", "1666953", "1yoye.chimef2ce1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:43:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:39:35", "1666952", "ts.chimef2ce1e.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:37:50", "1666951", "77.110.126.46:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2025-12-03 13:31:20", "1666950", "28xt8.id1otre5ist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:36:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:27:07", "1666949", "mint.id1otre5ist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:29:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:11:14", "1666948", "aehz.id1otre5ist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:16:18", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:03:55", "1666947", "p9.id1otre5ist.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 13:01:45", "1666946", "j0.f1y5agacious.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 13:02:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:58:05", "1666945", "vdf.f1y5agacious.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:54:09", "1666942", "xeno-roblox.lol", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "stealer", "0", "burger" "2025-12-03 12:54:09", "1666944", "vqjhg08j-5500.euw.devtunnels.ms", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/dc8fb465d9b20ffd3e35e6b505ccd3ba82eb752f7ee2840a13ff4975dfaacaca/", "AgentTesla", "0", "burger" "2025-12-03 12:47:48", "1666943", "e9.f1y5agacious.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:51:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:33:30", "1666941", "soft.f1y5agacious.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:40:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:31:15", "1666902", "122.114.10.199:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:43:46", "90", "https://search.censys.io/hosts/122.114.10.199", "AS4837,C2,censys", "0", "dyingbreeds_" "2025-12-03 12:31:15", "1666903", "140.99.164.101:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:44:01", "100", "https://search.censys.io/hosts/140.99.164.101", "AS396356,C2,censys,Covenant,LATITUDE-SH", "0", "dyingbreeds_" "2025-12-03 12:31:15", "1666904", "167.172.123.193:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/167.172.123.193", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 12:31:14", "1666905", "193.160.119.76:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/193.160.119.76", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 12:31:14", "1666906", "98.130.133.65:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/98.130.133.65", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 12:31:13", "1666907", "172.235.37.102:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.235.37.102", "AS63949,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 12:31:12", "1666908", "213.199.55.221:33348", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/213.199.55.221", "AS51167,censys,CONTABO,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 12:31:12", "1666909", "107.128.196.243:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/107.128.196.243", "AS7018,ATT-INTERNET4,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 12:31:12", "1666910", "3.67.72.215:4567", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/3.67.72.215", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 12:31:10", "1666911", "2.32.103.166:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/2.32.103.166", "AS30722,censys,GoPhish,Phishing,VODAFONE-IT-ASN", "0", "dyingbreeds_" "2025-12-03 12:31:10", "1666914", "207.154.235.243:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/207.154.235.243", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 12:31:09", "1666913", "139.59.76.147:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/139.59.76.147", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 12:31:08", "1666939", "https://185.196.10.238/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "https://app.any.run/tasks/83acd598-b05c-46f1-8098-262725d6246d", "stealer,vidar", "0", "burger" "2025-12-03 12:30:28", "1666940", "185.81.113.73:7003", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/defa2e29e45168471ce451196e1617b9659b3553b125e5464b1db032d7eac90a/", "xworm", "0", "abuse_ch" "2025-12-03 12:24:39", "1666938", "bgh8.1ndu5trinsh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:29:41", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:20:33", "1666937", "gma.1ndu5trinsh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:22:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:16:20", "1666936", "ijry.1ndu5trinsh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:11:30", "1666935", "6nb.1ndu5trinsh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:15:25", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:08:31", "1666934", "n9.0prichpe7ch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:11:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 12:02:53", "1666933", "https://mattykp.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/251203-kk6rcahj9z", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-12-03 12:02:24", "1666932", "104.233.169.83:12201", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251203-m289xawlby", "AS398993,C2,quasar,rat,triage", "0", "DonPasci" "2025-12-03 12:01:41", "1666930", "vuloinsioscollid.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-jhysaawrcn", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:41", "1666931", "tallymostfavor.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-jhysaawrcn", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:40", "1666927", "playercollectionpros.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-j2xz4axkcq", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:40", "1666928", "valueforcollections.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-j2xz4axkcq", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:40", "1666929", "manymandyills.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-jhysaawrcn", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:39", "1666926", "practicalplayercontact.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-j2xz4axkcq", "C2,domain,rat,remcos,triage", "0", "DonPasci" "2025-12-03 12:01:33", "1666925", "64.176.16.221:50115", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 02:47:18", "100", "https://search.censys.io/hosts/64.176.16.221", "AS-VULTR,AS20473,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-12-03 12:01:24", "1666924", "you-friends.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251203-m7c4nawlfw", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-03 12:01:12", "1666923", "60.205.166.136:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-03 23:00:17", "100", "https://search.censys.io/hosts/60.205.166.136", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-12-03 12:01:11", "1666922", "qqes.0prichpe7ch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 12:03:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:54:27", "1666921", "24.0prichpe7ch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:56:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:46:11", "1666920", "e1.0prichpe7ch.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:52:07", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:37:56", "1666919", "delta.lo0kferti1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:40:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:28:06", "1666918", "4dh11.lo0kferti1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:35:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:17:48", "1666917", "0yna.lo0kferti1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:20:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:09:52", "1666916", "86.lo0kferti1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:11:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 11:05:32", "1666915", "tw926.lu8eti5chkom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 11:05:48", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:57:36", "1666901", "sa.lu8eti5chkom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:59:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:47:20", "1666900", "kbrx.lu8eti5chkom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:51:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:44:15", "1666899", "wf.lu8eti5chkom.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:46:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:41:03", "1666897", "ndcwsww.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:41:03", "1666898", "xiongdaylf.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:41:02", "1666895", "xionger.cc", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:41:02", "1666896", "ssllndac.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:41:00", "1666893", "118.107.45.42:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:41:00", "1666894", "38.45.122.162:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "c2,SetcodeRat", "0", "juroots" "2025-12-03 10:40:57", "1666891", "773aae5bd834b3de00f97f2f47204eb6", "md5_hash", "payload", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "SetcodeRat", "0", "juroots" "2025-12-03 10:40:57", "1666892", "2273578c084a5730c80e37be276ece90", "md5_hash", "payload", "unknown_rat", "None", "Unknown RAT", "", "50", "https://ti.qianxin.com/blog/articles/setcoderat-customized-for-chinese-speaking-regions-en/", "SetcodeRat", "0", "juroots" "2025-12-03 10:36:21", "1666890", "oj.c1ubmel0dic.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:31:37", "1666872", "http://77.90.14.84/kla.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-03 10:30:30", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-12-03 10:31:37", "1666886", "dsourceva.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-12-03 10:31:36", "1666887", "https://dsourceva.com/7h7h.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-12-03 10:31:35", "1666888", "https://dsourceva.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "", "Kongtuke,LandUpdate808", "0", "HuntYethHounds" "2025-12-03 10:27:00", "1666889", "aq.c1ubmel0dic.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:31:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:17:23", "1666885", "4p2h.c1ubmel0dic.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:18:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:07:55", "1666884", "47.c1ubmel0dic.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:14:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 10:04:28", "1666883", "631cf.ant1d5ulphur.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 10:07:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:55:34", "1666882", "llosj.ant1d5ulphur.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:59:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:51:57", "1666881", "1y6v.ant1d5ulphur.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:53:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:47:43", "1666880", "vzfk0.ant1d5ulphur.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:51:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:38:29", "1666879", "ur.b1eedu4yuk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:42:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:34:42", "1666878", "p2.b1eedu4yuk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:37:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:29:56", "1666877", "i4qt.b1eedu4yuk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:34:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:26:17", "1666876", "i2t0.b1eedu4yuk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:29:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:22:32", "1666875", "66nx.bep0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:23:31", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:17:27", "1666874", "m3edx.bep0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:21:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:13:10", "1666873", "7yya2.bep0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 09:07:28", "1666871", "xi.bep0ver7y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:10:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:58:11", "1666870", "ao2.bul1upd2ted.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 09:00:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:52:25", "1666869", "47.92.90.193:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:43", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-03 08:51:53", "1666868", "38.165.33.58:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:22", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-12-03 08:50:04", "1666867", "45.136.68.30:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "None", "NetSupport", "0", "abuse_ch" "2025-12-03 08:49:42", "1666866", "95.164.55.127:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:47:56", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-12-03 08:49:03", "1666865", "66.42.51.183:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:47:21", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-12-03 08:48:09", "1666864", "45.135.180.207:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:46:43", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-12-03 08:47:52", "1666863", "596y.bul1upd2ted.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:49:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:47:44", "1666862", "35.192.204.197:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2025-12-05 02:46:26", "75", "None", "DanBot,drb-ra", "0", "abuse_ch" "2025-12-03 08:46:42", "1666861", "194.26.141.203:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:45:40", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-12-03 08:45:22", "1666860", "flowbilding.ydns.eu", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/e9a2e9ce85efba103622a6abf25c4e0d280eb5ca8012e43db46b5394b8a1db10/", "quasar", "0", "abuse_ch" "2025-12-03 08:44:33", "1666859", "142.171.7.147:8888", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-12-05 02:44:03", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-12-03 08:43:03", "1666858", "1.161.69.200:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-12-05 02:43:03", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-12-03 08:42:30", "1666857", "qppe.bul1upd2ted.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:43:34", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:38:12", "1666856", "ewp3.bul1upd2ted.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:42:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:37:35", "1666855", "54.169.204.105:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 08:11:49", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-12-03 08:37:09", "1666854", "154.94.237.231:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-12-03 08:37:04", "1666853", "114.66.38.114:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-12-03 08:36:51", "1666852", "3.79.56.148:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-12-03 08:34:08", "1666848", "195.201.255.161:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:34:08", "1666849", "116.202.187.51:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:34:08", "1666850", "116.203.71.61:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:34:08", "1666851", "49.13.38.230:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:34:07", "1666847", "49.13.35.182:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:33:49", "1666844", "skt.automanpk.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:33:49", "1666845", "skt.abalawi.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:33:49", "1666846", "sk.ti.milkos.gr", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666838", "https://skt.abalawi.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "2025-12-03 12:29:44", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666839", "https://49.13.35.182/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666840", "https://195.201.255.161/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666841", "https://116.202.187.51/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666842", "https://116.203.71.61/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:54", "1666843", "https://49.13.38.230/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:53", "1666834", "https://steamcommunity.com/profiles/76561198763098204", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:53", "1666835", "https://telegram.me/mjn11a", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:53", "1666836", "https://skt.automanpk.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:32:53", "1666837", "https://sk.ti.milkos.gr/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-12-03 08:28:09", "1666833", "clear.kira5l2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:30:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:21:53", "1666832", "bold.kira5l2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:27:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:18:04", "1666831", "mnt.kira5l2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:20:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:07:22", "1666830", "h2t.kira5l2nd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 08:16:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 08:03:00", "1666829", "15.235.198.126:1336", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/15.235.198.126", "AS16276,C2,censys,OVH,PowershellEmpire", "0", "DonPasci" "2025-12-03 08:02:57", "1666828", "103.177.47.58:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.58", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-03 08:02:56", "1666825", "103.177.47.39:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.39", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-03 08:02:56", "1666826", "103.177.47.20:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.20", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-03 08:02:56", "1666827", "3.95.63.150:41760", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/3.95.63.150", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-03 08:02:55", "1666824", "103.177.47.92:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.47.92", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-03 08:02:54", "1666823", "103.177.46.54:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/103.177.46.54", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2025-12-03 08:02:29", "1666822", "41.250.128.10:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-12-05 02:46:37", "100", "https://search.censys.io/hosts/41.250.128.10", "AS36903,C2,censys,MT-MPLS,Netsupport,RAT", "0", "DonPasci" "2025-12-03 08:02:28", "1666821", "79.241.97.243:81", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-12-05 02:47:31", "100", "https://search.censys.io/hosts/79.241.97.243", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci" "2025-12-03 08:02:21", "1666819", "108.61.198.77:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:43:37", "100", "https://search.censys.io/hosts/108.61.198.77", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2025-12-03 08:02:21", "1666820", "34.222.248.75:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-03 11:00:27", "100", "https://search.censys.io/hosts/34.222.248.75", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2025-12-03 08:01:46", "1666818", "172.111.156.249:81", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-05 02:44:47", "100", "https://search.censys.io/hosts/172.111.156.249", "AS9009,AsyncRAT,C2,censys,M247,RAT", "0", "DonPasci" "2025-12-03 08:01:32", "1666816", "81.92.219.143:8080", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 02:47:37", "100", "https://search.censys.io/hosts/81.92.219.143", "AS27176,C2,censys,DATAWAGON,RAT,Remcos", "0", "DonPasci" "2025-12-03 08:01:32", "1666817", "216.126.237.122:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-05 02:46:07", "100", "https://search.censys.io/hosts/216.126.237.122", "AS14956,C2,censys,RAT,Remcos,ROUTERHOSTING", "0", "DonPasci" "2025-12-03 08:01:18", "1666815", "81.70.186.19:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-03 11:00:13", "100", "https://search.censys.io/hosts/81.70.186.19", "AS45090,C2,censys,CobaltStrike,TENCENT-NET-AP", "0", "DonPasci" "2025-12-03 08:01:14", "1666814", "64.176.48.137:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-03 11:00:08", "100", "https://search.censys.io/hosts/64.176.48.137", "AS-VULTR,AS20473,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-12-03 08:01:11", "1666813", "43.251.225.85:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-04 08:13:30", "100", "https://search.censys.io/hosts/43.251.225.85", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-987654321", "0", "DonPasci" "2025-12-03 08:01:10", "1666812", "3.37.87.106:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:20", "100", "https://search.censys.io/hosts/3.37.87.106", "AMAZON-02,AS16509,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-03 08:01:09", "1666811", "47.100.183.39:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:35", "100", "https://search.censys.io/hosts/47.100.183.39", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-12-03 07:58:56", "1666804", "https://unncap.com/energenia/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "Fake Adobe Update,ScreenConnect", "0", "HuntYethHounds" "2025-12-03 07:58:55", "1666805", "https://unncap.com/gbainc/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "Fake Adobe Update,ScreenConnect", "0", "HuntYethHounds" "2025-12-03 07:58:55", "1666807", "https://adobereader.pdfautoview.com/reader/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "", "Fake Adobe Update,ScreenConnect", "0", "HuntYethHounds" "2025-12-03 07:56:45", "1666810", "black.racist.black", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-04 07:58:56", "100", "https://bazaar.abuse.ch/sample/c48e7e301c663a0edc7a4372d7e1fcf837c0a5c4a56bfc1f8c2c7e2e2b7ccf8a/", "Hailbot,Mirai", "0", "abuse_ch" "2025-12-03 07:56:44", "1666809", "156.226.175.32:25596", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-12-04 07:57:25", "75", "https://bazaar.abuse.ch/sample/c48e7e301c663a0edc7a4372d7e1fcf837c0a5c4a56bfc1f8c2c7e2e2b7ccf8a/", "Hailbot,Mirai", "0", "abuse_ch" "2025-12-03 07:56:32", "1666808", "xe.ap2rthyub2n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:58:35", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:48:17", "1666806", "3gaz.ap2rthyub2n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:51:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:42:33", "1666803", "6cyd.ap2rthyub2n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:46:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:37:19", "1666802", "guard.ap2rthyub2n.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:40:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:30:22", "1666801", "transamadocollections.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/68b20156f91380f18d34a84d51f7be308c494edebf353462331b3eb2212cd953/", "xworm", "0", "abuse_ch" "2025-12-03 07:30:21", "1666800", "forsizillenazzlle.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/68b20156f91380f18d34a84d51f7be308c494edebf353462331b3eb2212cd953/", "xworm", "0", "abuse_ch" "2025-12-03 07:25:59", "1666799", "4bv1v.sl0bozh5treak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:25:07", "1666798", "196.251.100.233:11200", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-12-03 07:20:15", "1666797", "4j.sl0bozh5treak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:25:01", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:15:29", "1666796", "xword3.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/85a1f1233894080f2ad174004d240fec588ec2c941824f71ca10b4e65602b50b/", "xworm", "0", "abuse_ch" "2025-12-03 07:15:27", "1666795", "xword1.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "https://bazaar.abuse.ch/sample/bd1c03ebbcedd44270163b446545ccb9eae0cbc918f640e1c5ae339410ea7a1e/", "xworm", "0", "abuse_ch" "2025-12-03 07:14:49", "1666322", "midiavideostv.click", "domain", "botnet_cc", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:48", "1666323", "cargafactura.life", "domain", "botnet_cc", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:48", "1666325", "url27.shop", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:48", "1666326", "adbd.tech", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:47", "1666327", "archivosdwn.cloud", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:47", "1666328", "cfdimex.cloud", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:47", "1666330", "facturas.co.in", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:46", "1666329", "facturacioncontable.com", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:45", "1666331", "facturasm.cloud", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:45", "1666332", "facturasmex.cloud", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:44", "1666333", "satventasfac.tech", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:44", "1666334", "starlinkspacex.com.br", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "2025-12-02 19:49:35", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:43", "1666335", "ventasmex123.com.mx", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:42", "1666336", "salvec.tech", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:40", "1666337", "archivesautomacion.ddns.net", "domain", "payload_delivery", "win.metamorfo", "Casbaneiro", "Metamorfo", "", "100", "", "None", "0", "Gi7w0rm" "2025-12-03 07:14:39", "1666402", "154.94.19.243:1604", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "2025-12-03 00:01:28", "100", "https://search.censys.io/hosts/154.94.19.243", "AS133180,C2,censys", "0", "dyingbreeds_" "2025-12-03 07:14:38", "1666399", "bgfi-groupe.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/195.24.237.60+bgfi-groupe.com", "AS60223,C2,censys", "0", "dyingbreeds_" "2025-12-03 07:14:37", "1666400", "38.190.198.35:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-03 00:01:06", "100", "https://search.censys.io/hosts/38.190.198.35", "AS133199,C2,censys", "0", "dyingbreeds_" "2025-12-03 07:14:37", "1666401", "120.48.43.140:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-03 00:01:10", "100", "https://search.censys.io/hosts/120.48.43.140", "AS38365,C2,censys", "0", "dyingbreeds_" "2025-12-03 07:14:36", "1666403", "162.243.106.164:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:44:33", "100", "https://search.censys.io/hosts/162.243.106.164", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "dyingbreeds_" "2025-12-03 07:14:35", "1666404", "147.185.221.224:33213", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-12-03 00:01:58", "100", "https://search.censys.io/hosts/147.185.221.224", "AS400519,C2,censys,PLAYIT-GG,RAT", "0", "dyingbreeds_" "2025-12-03 07:14:35", "1666405", "139.159.183.246:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/139.159.183.246", "AS55990,censys,Viper", "0", "dyingbreeds_" "2025-12-03 07:14:34", "1666406", "122.51.124.118:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/122.51.124.118", "AS45090,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:34", "1666407", "39.100.86.6:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/39.100.86.6", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:34", "1666408", "72.12.121.210:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/72.12.121.210", "AS23481,censys,GoPhish,HCTC-LINK1,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:33", "1666410", "172.171.233.183:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/172.171.233.183", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:32", "1666409", "54.38.52.163:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.38.52.163", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:31", "1666411", "45.133.73.143:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.133.73.143", "AS211507,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:31", "1666412", "54.90.250.174:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.90.250.174", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:31", "1666414", "117.250.244.55:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/117.250.244.55", "AS9829,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:30", "1666413", "20.193.255.164:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/20.193.255.164", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:29", "1666415", "92.205.228.9:3344", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/92.205.228.9", "AS21499,censys,GODADDY-SXB,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:29", "1666416", "74.249.119.149:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/74.249.119.149", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:28", "1666417", "13.49.181.249:4444", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.49.181.249", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-12-03 07:14:28", "1666451", "http://156.226.175.32/bins.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-12-03 07:14:27", "1666455", "http://156.226.175.32/ssh.sh", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-03 03:50:34", "75", "https://greedybear.honeynet.org", "honeypot", "0", "greedybear" "2025-12-03 07:14:27", "1666741", "dcragonz.sa.com", "domain", "botnet_cc", "win.vanillarat", "None", "vanillarat", "", "75", "https://www.virustotal.com/gui/domain/dcragonz.sa.com", "c2,vanillrat", "0", "Amethyste" "2025-12-03 07:14:26", "1666468", "https://delix.misecretaria.com.ar/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "https://clickfix.carsonww.com/domains/delix.misecretaria.com.ar", "ClickFix", "0", "CarsonWilliams" "2025-12-03 07:14:24", "1666184", "81.94.156.24:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "None", "mirai", "0", "seckle" "2025-12-03 07:14:23", "1666206", "178.16.55.188:2024", "ip:port", "botnet_cc", "win.socks5_systemz", "None", "Socks5 Systemz", "", "99", "https://tria.ge/251201-zl42gasjcz/behavioral1", "None", "0", "netresec" "2025-12-03 07:14:22", "1666221", "https://spark-news.xyz/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "2025-12-02 22:55:34", "90", "https://clickfix.carsonww.com/domains/spark-news.xyz", "ClickFix", "0", "CarsonWilliams" "2025-12-03 07:07:50", "1666794", "ctfi.sl0bozh5treak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:09:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:04:40", "1666793", "3js3.sl0bozh5treak.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:03:26", "1666792", "salespe.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "", "c2,lumma", "0", "juroots" "2025-12-03 07:02:54", "1666791", "216.9.224.26:22000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-12-04 20:02:15", "50", "", "c2,remcos", "0", "juroots" "2025-12-03 07:02:39", "1666790", "mpannukwugaegbummadu.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-12-03 07:02:06", "1666789", "crystal.adv0cal1egat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 07:02:03", "1666786", "srv1200.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-03 07:02:03", "1666787", "srv1300.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-03 07:02:03", "1666788", "srv1400.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-03 07:02:02", "1666785", "srv1000.ru", "domain", "botnet_cc", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "50", "", "c2,phorpiex", "0", "juroots" "2025-12-03 07:01:20", "1666771", "phising.vn168.im", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-03 07:01:20", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666772", "sex.55clubz.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666773", "sex.aml-bot.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666774", "sex.diamondtechnologies.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666775", "sex.jobdekho.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666776", "sex.jujutsukaisenmanga.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666777", "sex.updos.uk.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666778", "sex.vn168.casa", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666779", "sex.vn168.im", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666780", "socolivezs.ca", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666781", "v2.socolivezs.ca", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666782", "v2.visioncomputer.inleeakali", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-03 07:01:20", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666783", "v3.socolivezs.ca", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:20", "1666784", "v3.visioncomputer.inleeakali", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666755", "55clubz.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666756", "akska22323.dynuddns.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666757", "aml-bot.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666758", "cc.vn168.im", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666759", "diamondtechnologies.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666760", "dunntstars.duckdns.org", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666761", "jobdekho.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666762", "malware.55clubz.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666763", "malware.aml-bot.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666764", "malware.diamondtechnologies.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666765", "malware.jobdekho.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666766", "malware.jujutsukaisenmanga.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666767", "malware.updos.uk.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-03 07:01:20", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666768", "malware.vn168.casa", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-12-03 07:01:20", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666769", "malware.vn168.im", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:01:19", "1666770", "phising.diamondtechnologies.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-12-03 07:00:56", "1666753", "www.xlz.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:56", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:56", "1666754", "www.xoilac.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:56", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666746", "91p.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:55", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666747", "ck.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:55", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666748", "dooeys.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666749", "gatex.dooeys.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666750", "soco.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:55", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666751", "www.xl365.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:56", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:55", "1666752", "www.xlvi.livecdnem.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-12-03 07:00:56", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:33", "1666745", "https://pastebin.com/raw/1VZ2u0jx", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-12-03 07:00:11", "1666744", "https://fcm1sx3iteasdfyn2ewds.zip", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://urlquery.net/report/366d3542-97ca-4282-b50d-fa1fd1e7e463", "c2,unam,urlquery", "0", "juroots" "2025-12-03 06:55:46", "1666743", "flame.adv0cal1egat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 07:01:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:47:32", "1666742", "shadow.adv0cal1egat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:48:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:37:57", "1666740", "qkp.adv0cal1egat.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:39:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:34:44", "1666739", "qyjs.c2rndiv1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:36:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:27:22", "1666738", "6far5.c2rndiv1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:28:06", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:20:03", "1666737", "river.c2rndiv1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:17:41", "1666736", "coast.c2rndiv1ne.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:19:32", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:14:16", "1666735", "gd5do.b2rvshap0v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:15:22", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:08:42", "1666734", "146.190.225.123:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-04 05:08:22", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-03 06:08:35", "1666733", "64.227.41.225:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-04 05:08:14", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-03 06:08:28", "1666731", "atd.b2rvshap0v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:08:28", "1666732", "167.172.120.248:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-04 05:08:26", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-03 06:03:49", "1666730", "fexgmail.zapto.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2025-12-03 07:01:43", "100", "https://tria.ge/251203-btqxta1jcs", "C2,domain,nanocore,rat,triage", "0", "DonPasci" "2025-12-03 06:02:49", "1666729", "https://profyfk.click/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/251203-antk3szlbv", "C2,lumma,stealer,triage", "0", "DonPasci" "2025-12-03 06:02:07", "1666728", "4ycip.b2rvshap0v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:02:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 06:02:00", "1666725", "copyright-closed-communication-monster.trycloudflare.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251203-ee6w9stqap", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-12-03 06:02:00", "1666726", "types-pleasant.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 07:02:23", "100", "https://tria.ge/251203-ed3s8aem4w", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-12-03 06:02:00", "1666727", "my-client.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/251203-cqvx2a1mcx", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-12-03 06:01:40", "1666724", "proxaa23w.kozow.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/251203-dxyg6shw5e", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-12-03 06:01:19", "1666723", "185.157.162.18:57441", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/251203-gh48yssmg1", "AS42675,C2,rat,remcos,triage", "0", "DonPasci" "2025-12-03 06:01:12", "1666721", "82.153.71.161:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251203-fw72bsvlhn", "AS13649,C2,triage,xworm", "0", "DonPasci" "2025-12-03 06:01:12", "1666722", "smayham.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/251203-e5bh2svjep", "C2,domain,triage,xworm", "0", "DonPasci" "2025-12-03 05:57:00", "1666720", "secure.b2rvshap0v.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 06:01:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:48:13", "1666719", "pql.pu5herw0man.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:50:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:37:53", "1666718", "gp.pu5herw0man.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:47:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:37:38", "1666717", "165.232.108.168:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-04 04:36:26", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-03 05:37:37", "1666716", "46.101.25.65:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-04 04:36:26", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-03 05:37:36", "1666715", "143.198.170.34:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-04 04:36:25", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-03 05:37:35", "1666714", "206.189.97.139:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-04 04:36:25", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-03 05:31:35", "1666713", "b2b.pu5herw0man.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:27:32", "1666712", "omega.pu5herw0man.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:22:12", "1666711", "77.83.240.188:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2025-12-04 04:36:24", "75", "None", "AISURU", "0", "abuse_ch" "2025-12-03 05:17:38", "1666710", "uno.dicti0nvica1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:23:23", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:07:17", "1666709", "2i.dicti0nvica1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:09:53", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 05:04:40", "1666708", "i6.dicti0nvica1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:57:26", "1666707", "fuxb.dicti0nvica1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 05:03:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:51:10", "1666706", "7anki.p7ecunder8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:57:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:48:28", "1666705", "bright.p7ecunder8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:49:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:38:07", "1666704", "pixel.p7ecunder8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:40:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:28:52", "1666702", "39c294390009834552aae2fbcae03fe3cf9f4fe5eda668c224448a0f4679c0c0", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:52", "1666703", "796a4ba3254887981f8661c3e8c7832e", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:51", "1666699", "859ffef0278c9c9835db23202f3aa67b69ad1e00a3f326350f613ab701a45ee3", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:51", "1666700", "6ad6b8e8dad4f6555786a44725800fc0", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:51", "1666701", "2ca4c29daf94d5fc9f92479b9cb3f8ca0881fc7b", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:50", "1666695", "78554277391c28163255b456dd9bf40b39f9b31d", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:50", "1666696", "92478c525daf58642a221dfda3782d6414d2040976fea242effffbdc854e813c", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:50", "1666697", "1a0c632f7e9409efbca74245f8e99283", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:50", "1666698", "9825f7f799d765eac6a9892f278aacead54b23cd", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:49", "1666692", "71dd07a03e17fca91d97f0be2809bab1a90b8327", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:49", "1666693", "124928ecf66ab052a457eaa66af8a81530013177692bc056c19886e8a48a1cf5", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:49", "1666694", "11755c66c6e5413b454fd6c7148bb0a6", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:48", "1666688", "e21f9bc09d3e29f1a7a080001c6e2f21", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:48", "1666689", "206b251c6fac940a925cd19d4b50a760c10f8b33", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:48", "1666690", "caf7254ae621cba9189e65295b25a272fe122e1ab2f3d05ec65dd0709b23d52e", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:48", "1666691", "6bab2763603ee712bf9edbc5b6872c82", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:47", "1666685", "ec5fa806746ba27493da43d660b60c36", "md5_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:47", "1666686", "169abc9f149d676998894b71da0d5013065fc150", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:47", "1666687", "4f39b41a46a710e710b78d05f59833710755422df613fa4570d2636b222b2168", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:46", "1666681", "6e57966b5fd6c676b5be0e7ff8d713053722fbc27723768ab7b5e96f1157ae91", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:46", "1666682", "6dd6d93f4fc6acf6eeea7a98e12bc405", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:46", "1666683", "25d2b556a007b95f35c852c1b84f7eb0f9e57479", "sha1_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:46", "1666684", "4a7f71479e004b53c391b7899d720c9a8c6c18a9c0bfbcb40f521ad2a6345c3f", "sha256_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:45", "1666678", "1fbeb5c772b2e1c7ee65ac50c323f23ee912abd323f5883a148a5f1d28f282b5", "sha256_hash", "payload", "win.privateloader", "None", "PrivateLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:45", "1666679", "e4ff0d98a865d6bc1a4fa3c574448d41", "md5_hash", "payload", "win.privateloader", "None", "PrivateLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:45", "1666680", "b9008ca949b78a24679e16818ce81dc40c72b230", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:44", "1666674", "ad08487fa9b61a55aee48f8fd04dbaeaccf433e9", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:44", "1666675", "cfb9c7cf496ca45f0ea7f80ea3d06e19614227d346a05feb7abe00701e23a4b6", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:44", "1666676", "9d2fd1145e4c2054b805f0149fc0a7e9", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:44", "1666677", "85cd17904f1112b6bde09a99f0db02be5715c80c", "sha1_hash", "payload", "win.privateloader", "None", "PrivateLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:43", "1666671", "1cc64736fd7dd8e31262dcba4aed761abc2b2d48", "sha1_hash", "payload", "win.privateloader", "None", "PrivateLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:43", "1666672", "323514126c9e88ab371457383812723a5bd25aae47c113c990c9561afa0cf3c5", "sha256_hash", "payload", "win.privateloader", "None", "PrivateLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:43", "1666673", "a868ecc09907a7f1868cbc8c165a4fe8", "md5_hash", "payload", "win.privateloader", "None", "PrivateLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:42", "1666667", "c95602d4cc0eafc4d7743138118b612e", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:42", "1666668", "c26bed76b02a1c356dc88b62193dabd1f71e17da", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:42", "1666669", "9b7ebcd4b27ace0f237f2ccab58503340be62a43112f9c537d16f42d40abb715", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:42", "1666670", "086294773f43035c3302893954deec2c", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:41", "1666664", "cfbb74dda04f7830ce4c4044482eb246", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:41", "1666665", "c6e216a64a83767111b2fd8154c0f48809cd5344", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:41", "1666666", "79b120acdb37fd5b5fa927a6ffb370d5a7cbc8039f2e9b31831029d0f16bc38b", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:40", "1666661", "e4f49201a6685f0811baf697dbe0ac80", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:40", "1666662", "8588e7948fda127e80f3993cd800d99d8dd6c72b", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:40", "1666663", "a515fd4ef2d7b5c1d60af04da2e2138036f493ce5d02d1491354560b718f80ce", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:39", "1666657", "3b504d803733fab4f75705dff7b109b2732e68d53fd4e510a9b863329452f4a8", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:39", "1666658", "fddc330d87a43a8d0a8de9f108360ca2", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:39", "1666659", "ce9cbd237cf338f35392db9dc8808572f1c1c0a7", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:39", "1666660", "949a1a94161e7ef47d64f71f7ed3ee0cf7db1622ecfad7b81f7ffa6f9f42e264", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:38", "1666653", "76c08a4d139b273081d0cf7db508133d93a18fd9", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:38", "1666654", "102efcd647e8331f4c9a8d980f3322640c1fd24d6dfc4173153094ca640ba0b3", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:38", "1666655", "a1c76cbbe0841df5f479e4191cb3e239", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:38", "1666656", "d521c035ee403a4248b0d0d455281a6a998b92d6", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:37", "1666650", "f67bb4e49871d45cc5458c85f81751c9a04a68b0", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:37", "1666651", "2de4671af96bac2cbb7added8ee3a54239aac63a56d4bcc5ca22bfa88b30eb48", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:37", "1666652", "bc79f67aa2c484893be13528eb641105", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:36", "1666647", "c34ece30a2bb888ef8b14988997ec057030c13a5", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:36", "1666648", "b4e1932f23a54390bc8743dfa8a7eea4c3e446eae0c97625d780988688274bf3", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:36", "1666649", "2736e27f8add019ea79d192b1beb4c6f", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:35", "1666644", "8b77821a1d231fb63b0a955b2fa742d79050167e", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:35", "1666645", "e9d589ffd09733b63151369d4e55a9516288ead2b11036016f7f8b02c5c8a6c4", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:35", "1666646", "eca24379a76dbdfa5af378ef2ff055eb", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:34", "1666640", "60d88feb54040cac9adb74e3af322c3a", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:34", "1666641", "0ad870f535ccf22804a1136690671f570dbc615f", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:34", "1666642", "a2e39401f7e09438f35e9a4ca0ce24dafbfef8c0b6250170f67fb9a4dfc0b63e", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:34", "1666643", "8628f2ba198911d9f9a58f02c3142d34", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:33", "1666636", "1f9e7ccdbb6aecb1c353461b5bc162a24c3df9acb5493d76aa0e8f1c6ec1190d", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:33", "1666637", "081c34be3592ff132276def9bd6968dc", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:33", "1666638", "13a2dec9f98e525172c90bdeff038b9a17205637", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:33", "1666639", "2c1c1e5c6028ca269261ec084975bb58a0a4f6b3e72bd377f6cce0b961b2e5f2", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:32", "1666633", "7152fc2a8c08211d57c454dac030af4acf0222e8564463cb60b036d0cbd424c2", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:32", "1666634", "dba2d029dd1f2e9969036411c5e136c8", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:32", "1666635", "4bb66185163714302c3a01c08d1d3cee6332abd1", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:31", "1666629", "e97771cd5427565357b864e1131e646165381616", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:31", "1666630", "8ab637e2cb18c2cd0e1a8e8458916f356f42a0579aa9f1fc522a52056402f6c4", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:31", "1666631", "3e53cfb7d979edb8b26fb2827c4428d6", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:31", "1666632", "469ea7a573f7fc6b72f91340353856924fff064d", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:30", "1666626", "a3e1b9f8c2d36f3f543814545365242b8093d7ff", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:30", "1666627", "3b54db03bae9ce2753459bb8e6951f9aff5c87a0a505c08b288f30e8cc9bf97e", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:30", "1666628", "752a4e3410a695967be0a71fe920def6", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:29", "1666623", "74b0658c5b7b85bcae31d4090a6b64893b98dada", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:29", "1666624", "60203c6af96861965a089eb2c9aa70ffca1a5dfee35a369e77ad3f17896a8ce3", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:29", "1666625", "e1911695e0efb5c0d2fef3bbbe79be44", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:28", "1666619", "abb587c7cab32c2a9e23903c25ec8312", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:28", "1666620", "be4d67974e02309f3a4f10b882b90306a719cc43", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:28", "1666621", "f8aa02fae887ea80156c2e8be3940405bfc612434d7efae60320a802a9d15a93", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:28", "1666622", "2f722c069bc2612c7cf0548c625b34f8", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:27", "1666615", "fbe7554867d49dbfa125b8d9355f345319536cbc4016948d4fff8ff0c4fa0b9f", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:27", "1666616", "c33e33d2373ea77fff877873f3036713", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:27", "1666617", "c0e8483dc4eba9ffd82ec89b5d838e2545bbee67", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:27", "1666618", "ff30d24b652e2bd46709c8b3c0fb8c293172235a02540d7496cf1f4984fe62ab", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:26", "1666612", "9cc00b1af48acb7af7f3c53d0a1adbe928d4bda26273dd955120ca138bdf2eca", "sha256_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:26", "1666613", "49a8fefe9eb5eaa59e2da51833ea1d0a", "md5_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:26", "1666614", "d5ccbb5c2130a0fd88bc109ad11db9897017343f", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:25", "1666608", "5dc3539b6fed4f9905e5a6e29bf13909a7c6e1e6", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:25", "1666609", "e07e7df88008f8d1ba3b459a3e8907c78c7a22cadfcb2ab439ffda155d3e2fc0", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:25", "1666610", "9a8a88ad4308cad8814369cb40e93bc5", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:25", "1666611", "c8d5b3a9f6a2afadbfda3dc2ce539d6ae171f957", "sha1_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:24", "1666605", "116d831b2a5289ead99261532222f8bc5ac62892", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:24", "1666606", "30fc332152721b4e56182d35541f656ea8f9b2b281dce56bbd867c05d9ac5a70", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:24", "1666607", "9bbcd3c3039db46f775970e80d8c97ee", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:23", "1666602", "de52db7251f2d7cb945be9984a95a48aa5357d49", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:23", "1666603", "91adba40b3c7691251047fb81b35d0efad25c3d1e2947db6f7d151eba1f34a21", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:23", "1666604", "10bf43a181b5258c242b5adfd10bec7c", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:22", "1666598", "35ecf5e29556e566664ec7aec3a13e2b", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:22", "1666599", "35b8c513f6dc2aed43a69e3032d1bffcddda0ece", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:22", "1666600", "112699f3eed96b2dfb176b880f3be86ea083431600aeb889cd3ef46607caf4f2", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:22", "1666601", "b7faf6deed94ed572cd0b893ebd043d5", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:21", "1666595", "fc9f82c3268eb2034f059d9b8824c2b6", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:21", "1666596", "499c60519ebb622e7736e5035bcdca7bf404905b", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:21", "1666597", "6ac566e9a69e4bd338cfa6665c04a954c891fc5c09698ae85a40d9565796f481", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:20", "1666591", "95f214d4e4b557548f2077ed9ab2f260471326b442a45824db16ec7c58fe0900", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:20", "1666592", "be9e942d68a2d7c5bc4ad3dbd1150f22", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:20", "1666593", "be9950919e46680cfb4b23326f536113b0745594", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:20", "1666594", "d148029876d188723e36c78c56da70af1dff11ebd406fa742c33a33d7a4b77bf", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:19", "1666588", "58a50b3ed5f133f29b1004ab5495a6f651d5186310d80572e89d9e58940a1381", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:19", "1666589", "e84cf90887e5403dbe365f7a4b47d3fe", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:19", "1666590", "4d6cdcca416dd5f6097c785426f61232228d6464", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:18", "1666584", "b99e83109534dee89de55856b5b6548ef3afe889", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:18", "1666585", "2fc8ebc45314f2d1c8d20b5fc37ae564d04f066fc09cc46c7cf8a41ce87c781d", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:18", "1666586", "60e0d4abb8a3e0e30a8dabf8e022f4ee", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:18", "1666587", "53ef1088f5e7c07e6f4734c8c9dd1448c27b64a6", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:17", "1666581", "08e9db6a87d677e0bf4c1c31c42cca00a685728e", "sha1_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:17", "1666582", "2867ea503ae13d8e9613904864da2ffdd3a9f11676c38ece8e0dcffded08e500", "sha256_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:17", "1666583", "afab6b8ba19c70ddec165262dab71234", "md5_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:16", "1666577", "a3707686bc1b7ed52f9a86f68cc1de70", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:16", "1666578", "8ac5ce9b3fb90c2d6119855b87088ca8444da01f", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:16", "1666579", "9b408419a6d88f9bf77d0a32d260ced5789afaf3a0ee5374528c142d7c368f90", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:16", "1666580", "01eff61a41eba2a117721c8a81cae1b9", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:15", "1666574", "2af55e53f0619d0464df703b261f9f33", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:15", "1666575", "660af3cec90e1a4dbfff36cd93dce8be927b44f4", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:15", "1666576", "0fa64636b0b9f82665759aedc9a553e0a9b1c377823a350775fc8fb1a82df995", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:14", "1666570", "ecd80dc690eee6d7f89ad7f036aed2000c548440fabd8df91ab539307eb317aa", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:14", "1666571", "d183775b45bf0e8496d957554e702990", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:14", "1666572", "d19ee507f24c8ce649c0946cdc0b663b2742c9ae", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:14", "1666573", "1aabe00bc635571ebc9b9c41dcba119a9d49f80c70b9f9e8d26f9fb9743a6304", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:13", "1666567", "57613c05c430ca628506d91721abd51b0af0cee49e2d94c0fafda3b5c0d9e4c4", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:13", "1666568", "b4b67dda46c13d8a031fb67a7219b9aa", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:13", "1666569", "52ebe1d296fbcc2a98bc3c0426013fb8dab1036e", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:12", "1666565", "5b77eef5c260e68b1e376b10876f27ef", "md5_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:12", "1666566", "a47c334f21c4aa266fbd7fa435e9c9ba7ff0bca0", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:11", "1666562", "c70911de2bad51a9c008bae4d0255b4d", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:11", "1666563", "011d98207f40961f6fa3e358cd9824d1fdb3b37b", "sha1_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:11", "1666564", "c3db0f035cf37feecce89bbad6c84be4e6c8385b7799b464651681dbd2a0db85", "sha256_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:10", "1666558", "5b55a5d95f541d3d1c214926893f3187f0a90d4984e673c81c28edb23576c286", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:10", "1666559", "8d4a77e1fc1ba4ed1bd544af53500551", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:10", "1666560", "ab9a7891c34b76d393538bc7879f2b8969d3d6f4", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:10", "1666561", "5a451b70abb22a517b0c09f61de89b31c92366aa93fe1fd43ca51ff9a3324768", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:09", "1666555", "762e9798ed3bf81bc36974e801755d4a493f0d61afa9604b380e4d0646ffcbd2", "sha256_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:09", "1666556", "f5bfb672d4bfef9596c2392e8a3959cd", "md5_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:09", "1666557", "1ed585628d516661001127ed698b0eb5e8000349", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:08", "1666551", "ee74eef85afd2c8b3f2d725a12436b899a50eaba", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:08", "1666552", "2184ef764cc36e8cc8eeb6b9eba1556853817c83fafe32f9ced5d20458d1110d", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:08", "1666553", "e2032cda9a5da097ddb4c84161e160e7", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:08", "1666554", "21ff7f559b0b4eb5697bd3dbc9bef9f30af607f4", "sha1_hash", "payload", "win.acr_stealer", "None", "ACR Stealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:07", "1666549", "943574eb8ea3dc8a2ef56db331a6b828d529e858465a0cc79f9426bb016cc517", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:07", "1666550", "e0414ae66b8ed242a8a3c26e7af14527", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:06", "1666545", "7191b7318a45a4355d3896701a3f8707ba1a38ae", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:06", "1666546", "e48fb8537dae0ddc883d3b19f13211bdcc4f506ce002b99a02241d9febc8f5d0", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:06", "1666547", "dd8cdce774704b7e64f0fc426d2d2a2f", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:06", "1666548", "d197f5b352ac50cb0f1f77523b717efc8400dba6", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:05", "1666542", "70de74c0aa9d2a6cab76a5ce722ffb580f6dbf25", "sha1_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:05", "1666543", "b525c5c44f0a256af3630e14643dc53dfc14086e38c1f903d29c435776e9c2a3", "sha256_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:05", "1666544", "56cdcf3585bc8646cede7b7c33726b71", "md5_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:04", "1666538", "f72c1c6f9f8a2f05cbf16ae8366de3c7", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:04", "1666539", "3223708d3af42297834e430517d0565f6ddcf71e", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:04", "1666540", "d335a352595cd376587cc3e071b6fdaa58b1e8f5e193f090d679e36cda054b66", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:04", "1666541", "119c34666a1e091619ebd1c5e2e78aa8", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:03", "1666535", "2a72f4990717038e7c9ff8d55298c98e", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:03", "1666536", "ce90614c84e16827d23301f843d61b103992e966", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:03", "1666537", "fd3d092f9536c467253cc98fb68ce5447862c44c940041aa9734485ffd8088e4", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:02", "1666533", "130b67cc2d22c7c6549112ed78f91e8e64c6847e", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:02", "1666534", "01ae9da99db03e2e97c0a99c4147fa01d0838064d056b68accba84d16d36fea5", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:01", "1666530", "df5132b1f211a60c0d85f5fcc9759742de3aa1bf", "sha1_hash", "payload", "win.cybergate", "Rebhip", "CyberGate", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:01", "1666531", "bb217671489213dfb4eefff0d0af47621615d9a0c85415c0e31f2cb08786d359", "sha256_hash", "payload", "win.cybergate", "Rebhip", "CyberGate", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:01", "1666532", "5c583e6e1d38d654a378e68e0d843533", "md5_hash", "payload", "win.cybergate", "Rebhip", "CyberGate", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:00", "1666527", "1612208620a5b594184e8e54437d7367dbd2aeb4", "sha1_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:00", "1666528", "0b1191308b4959156fd6bb25fb0ed91b22d9591b14f8307b85b1c11b2ed4bdf9", "sha256_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:28:00", "1666529", "461a6c5fcd18251f3a2a72fa6934a77f", "md5_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:59", "1666523", "fe5569462d9ca145f78bc520e1e9a53e", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:59", "1666524", "36be4acf4ebc50e69e40fc7fac498e5fb5c64149", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:59", "1666525", "c430256840a5795787ab14b715a12c2ae98276425d418040c178d85c988de1f3", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:59", "1666526", "e5e14f102cb4dd3286abec8355d14dfe", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:58", "1666520", "5e98e4dfb80ddbeb480fb37c233d6f44", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:58", "1666521", "20a1b6463a9f57b58a89995c193c391dcb1faef9", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:58", "1666522", "f58c14370ca887ef557112732534fa842b8e443719285a962f1a4d66400a7123", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:57", "1666517", "09b0a41cce5a5ce2d0566c467c16e04b", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:57", "1666518", "e33668d1ad563be9c946b91a9a609c3d56ccd8e8", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:57", "1666519", "67dcb03549ffff37f461654efb7ade244bcd032d9f68a598771d3d0cacf1de2c", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:56", "1666515", "39f79a0feb07f6f02635700fa7f8abc9af6f04b2", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:56", "1666516", "a7148acaabcee8323ea08dc1c3547c79cd0cab58a7b30a6bff16e721c194c9cf", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2025-12-03 04:27:47", "1666514", "3x7.p7ecunder8.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:29:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:25:09", "1666513", "212.11.64.201:5018", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-12-03 04:18:22", "1666512", "a64.f1auntre6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:20:13", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:07:46", "1666511", "cpy.f1auntre6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:13:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:03:05", "1666510", "23.132.164.33:4433", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "https://search.censys.io/hosts/23.132.164.33", "AS60223,C2,censys,hacktool,MetaSploit,Meterpreter,NETIFACE-AS", "0", "DonPasci" "2025-12-03 04:03:00", "1666509", "66.63.162.235:54321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "https://search.censys.io/hosts/66.63.162.235", "AdaptixC2,AS-COLOCROSSING,AS36352,C2,censys", "0", "DonPasci" "2025-12-03 04:02:37", "1666508", "125.24.160.33:7443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-12-05 02:43:49", "100", "https://search.censys.io/hosts/125.24.160.33", "AS23969,C2,censys,Netsupport,RAT,TOT-NET", "0", "DonPasci" "2025-12-03 04:02:36", "1666507", "9dv8.f1auntre6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 04:04:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 04:02:33", "1666506", "95.182.115.191:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-12-05 02:47:57", "100", "https://search.censys.io/hosts/95.182.115.191", "AS56971,C2,censys,Havoc", "0", "DonPasci" "2025-12-03 04:02:29", "1666502", "102.205.170.10:9301", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:32", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:29", "1666503", "102.205.170.10:28149", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:41", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:29", "1666504", "102.205.170.10:8082", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:35", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:29", "1666505", "102.205.170.10:15499", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:33", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:28", "1666497", "102.205.170.10:2079", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:39", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:28", "1666498", "102.205.170.10:8433", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:32", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:28", "1666499", "102.205.170.10:17778", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:30", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:28", "1666500", "102.205.170.10:37215", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:33", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:28", "1666501", "102.205.170.10:38444", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:39", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:27", "1666494", "102.205.170.10:38677", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:36", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:27", "1666495", "102.205.170.10:50001", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:30", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:27", "1666496", "102.205.170.10:49600", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:36", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:26", "1666491", "102.205.170.10:587", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:32", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:26", "1666492", "102.205.170.10:15717", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:36", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:26", "1666493", "102.205.170.10:24467", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:37", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:25", "1666487", "102.205.170.10:1200", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:34", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:25", "1666488", "102.205.170.10:2281", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:38", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:25", "1666489", "102.205.170.10:18082", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:38", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:25", "1666490", "102.205.170.10:62842", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:40", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:24", "1666483", "102.205.170.10:49501", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:34", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:24", "1666484", "102.205.170.10:143", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:31", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:24", "1666485", "102.205.170.10:554", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:34", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:24", "1666486", "102.205.170.10:631", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:41", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:23", "1666480", "102.205.170.10:27730", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:40", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:23", "1666481", "102.205.170.10:30495", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:30", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:23", "1666482", "102.205.170.10:36031", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:38", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:22", "1666478", "102.205.170.10:54224", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:37", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:22", "1666479", "102.205.170.10:62290", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:35", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:21", "1666474", "102.205.170.10:110", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:39", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:21", "1666475", "102.205.170.10:315", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:34", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:21", "1666476", "102.205.170.10:1961", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:39", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:21", "1666477", "102.205.170.10:24531", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-12-03 11:00:37", "100", "https://search.censys.io/hosts/102.205.170.10", "AS329556,C2,censys,Newworks-Limited,Quasar,RAT", "0", "DonPasci" "2025-12-03 04:02:19", "1666473", "24.144.80.194:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-05 02:46:15", "100", "https://search.censys.io/hosts/24.144.80.194", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-12-03 04:02:18", "1666472", "62.60.232.124:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-12-03 11:00:25", "100", "https://search.censys.io/hosts/62.60.232.124", "AS215540,C2,censys,GCS-AS,Mythic", "0", "DonPasci" "2025-12-03 04:02:15", "1666471", "138.226.238.96:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/138.226.238.96", "AS214196,C2,censys,RAT,Sectop,VLADYLSAV-NAUMETS", "0", "DonPasci" "2025-12-03 04:01:11", "1666470", "125.40.44.177:54002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:48:53", "100", "https://search.censys.io/hosts/125.40.44.177", "AS4837,C2,censys,CHINA169-BACKBONE,CobaltStrike,cs-watermark-1234567890", "0", "DonPasci" "2025-12-03 04:01:08", "1666469", "156.225.19.17:4396", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-12-05 02:49:01", "100", "https://search.censys.io/hosts/156.225.19.17", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-987654321", "0", "DonPasci" "2025-12-03 03:59:50", "1666467", "magic.f1auntre6.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 03:55:36", "1666466", "9ujw.de5criptun1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 03:51:22", "1666465", "pw0kt.de5criptun1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 03:54:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 03:50:05", "1666464", "147.185.221.16:16069", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2025-12-03 03:47:48", "1666463", "7jb.de5criptun1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 03:49:30", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-12-03 03:37:22", "1666462", "amber.de5criptun1ver.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-12-03 03:40:40", "100", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 1416