################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2026-01-07 06:10:05 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter" "2026-01-07 06:10:05", "1692556", "160.187.246.23:12121", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/204fcb477d7b02455c03c83900c2ace4aa10a6422fb5eb15022a1818ca5fc5ff/", "Mirai", "0", "abuse_ch" "2026-01-07 06:04:54", "1692554", "stoyo-59509.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260107-cqmxesyjhz", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-01-07 06:04:54", "1692555", "149.62.205.87:7777", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260107-cqmxesyjhz", "AS29244,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-07 06:03:23", "1692553", "79.134.225.90:3690", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260107-gexppsxndj", "AS6775,C2,rat,remcos,triage", "0", "DonPasci" "2026-01-07 05:56:12", "1692237", "201cf5a7bebcaafb56d99cbda6f3d124", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:11", "1692238", "b67f12caf85101a89b7a8e6ba7a04c69", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:10", "1692239", "7aec91415fc7be9c53683695421b0663", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:10", "1692240", "3d1d128ad09c4e1619ef9777cffed905", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:09", "1692241", "a5775938fb23a1c405585b0248558323", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:09", "1692242", "acac6acd95609352277af8c92a470f81", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:08", "1692243", "dd0c0a97b2a17f1313051aa9cd52457d", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:08", "1692244", "507b183ad9ef4b09e954bc7ed76f7560", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:07", "1692245", "196e28b26eb0b8cf0ebd5e19a65780dc", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:06", "1692246", "db103b8f2eb1e1884492626dda6a3561", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:06", "1692247", "915fde891a9af4c32c76c619b4301471", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:01", "1692248", "4eca4baaedc5d505cb65b37fbc38a3bf", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:01", "1692249", "6ffb460b769ad532efccc7ec37ca8995", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:00", "1692250", "1a708e93e2f83462e5b689d8cfb0425a", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:00", "1692251", "25ba8e51972420eade6f3950a78850e5", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:56:00", "1692252", "d2299a14e0e463e11a927402556ddf8f", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:59", "1692253", "3dd1b91961e2a849b1d39f3f3d783058", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:59", "1692254", "c1f528dc2d05a9a3340ed362efbcb70a", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:58", "1692255", "0a7e6f0805c01092e976df63d439201d", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:58", "1692256", "1ff67dccdeb92606d79d777aaecb9c47", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:58", "1692257", "b15396c4a045cb12f8ed75924f45822d", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:58", "1692258", "fef0728b6266d5e778e64c5a75ea0852", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:57", "1692259", "f6631ba02588c80f1a33a34eec8ea12a", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:57", "1692260", "ebd52cd0702b0f0705ab0cd300db1574", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:56", "1692261", "ea8f7f13b9509d1d2699b8e25a14c114", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:56", "1692262", "9aa852e7a34c4327b0fac4d8178ae94e", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:53", "1692264", "6b563f4e77537444a8cd913d70a1df0a", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:52", "1692263", "052d8806e24bfac3f48dafdde1c8680e", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:51", "1692265", "221a3c5cea10bd7e9489dafeb77dd2cb", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:50", "1692266", "64f4fccc6fa14ada85a4b070a35e6556", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:49", "1692267", "93e92dff263bbc1d53eaeed408652837", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:49", "1692268", "33b781ba34052b6509ce3cc600e3b6da", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:48", "1692269", "9d0f7e527b414156215f6b58ab391c6b", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:48", "1692270", "fe20673a3a9d6b869fd7562afc80b5d7", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:47", "1692271", "ae454079c93a7a1ce276756b9d62d196", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:47", "1692273", "a85fbc16b7e3bf4679e8b1cb21b6e49c", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:46", "1692272", "6847ac2dcc5c8eec19afb60f0532e5cc", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:45", "1692274", "4151dcdbd81731b026c91a96f57eefaf", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:44", "1692275", "71fd1839b927ff4ed094023c944af197", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:44", "1692276", "a26557658ddd4d181eb0d01e78dbe9b3", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:43", "1692278", "d5b8c1cdf094faf3cd74bbaa8f25bc0d", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:42", "1692277", "37bff212fbaa74d5bfc4034ee39275cf", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:40", "1692279", "3827274b568162409be1dac4d607a662", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:39", "1692281", "532c04c73f0d1f07888a61c8cd6eeb0a", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:38", "1692280", "5e9caca257ed66ebab0094fc497c2d19", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:37", "1692282", "6fec53ab6b5a356cc6a53cce75754474", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:37", "1692283", "a374a3c2bd5e2793afd4a668f50e1123", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:36", "1692284", "1b09e216fda688b200634cb61db3694e", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:34", "1692285", "838e852d6730eb31b2a052ef27c6d4f7", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:34", "1692286", "97ed9f3ce2f797d92e7104f835bed9c4", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:33", "1692287", "a3bd85eaaa58cec1636d437310c416e8", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:32", "1692288", "b9be884ae7fb251c8f0ef3023c9087b5", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:32", "1692289", "5e09a1c03092756136a541c264218a9e", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:30", "1692290", "ce4d2958607b09a5872a46e820e670e4", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:29", "1692291", "2cecb0b5147c8b4de31eea52f3ea7e59", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:28", "1692292", "7e303a6c2f8e3bd367e1d1474e2b328e", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:27", "1692294", "06e3cf29f80477208fc042fcecba48f0", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:26", "1692293", "8f728e28ad5e0945522246add238b422", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:26", "1692295", "5770af6608cf206ef8a8149fcc506476", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:25", "1692296", "a60587d1e39bdf2d591e3189fe3382da", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:25", "1692298", "386eff5e04dfa1f0e78e9604cae709d4", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:24", "1692297", "307c3eae012b8deab0091a6e27d44376", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:24", "1692299", "083740c55d0a459674457b8551ed9c6a", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:23", "1692300", "c0a5f20bf77fda622bc93df6caccc626", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:23", "1692301", "50fee1710bafba430433991f7965e35f", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:22", "1692302", "86453f01deb226e67a4f0f24449ca301", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:22", "1692303", "e148dee0132f5d20c01fbb4a3fc87b47", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:21", "1692304", "e6580cfd266ee1f3a4835add61eed47e", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:55:21", "1692305", "1c34c1860041aa479c14a9c5b332712c", "md5_hash", "payload", "win.akira", "REDBIKE", "Akira", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Akira%20Ransomware", "akira,ransomware", "0", "TheRavenFile" "2026-01-07 05:54:47", "1692234", "143.20.185.78:1999", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle" "2026-01-07 05:54:45", "1692236", "https://bosonalfa-ai.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/bosonalfa-ai.com", "ClickFix", "0", "CarsonWilliams" "2026-01-07 05:54:24", "1692232", "45.13.212.250:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "None", "1", "tanner" "2026-01-07 05:54:23", "1692233", "https://prologuevision.com/", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "True", "", "None", "1", "tanner" "2026-01-07 05:54:21", "1692229", "msservice.network", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "None", "1", "tanner" "2026-01-07 05:54:21", "1692230", "avserivce.network", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "None", "1", "tanner" "2026-01-07 05:54:21", "1692231", "msmanager.network", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "None", "1", "tanner" "2026-01-07 05:54:20", "1692227", "plugins-manager.network", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "None", "1", "tanner" "2026-01-07 05:54:20", "1692228", "avumanager.network", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "None", "1", "tanner" "2026-01-07 05:54:19", "1692226", "connectmanager.network", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "None", "1", "tanner" "2026-01-07 05:54:16", "1692204", "http://106.55.5.111:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS45090,Shenzhen Tencent Computer Systems Company Limited,supershell", "0", "antiphishorg" "2026-01-07 05:54:12", "1692091", "https://exodus-io.io/exodus.exe", "url", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "rat", "0", "ninjacatcher" "2026-01-07 05:54:12", "1692121", "https://3.132.202.210/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/3.132.202.210", "ClickFix", "0", "CarsonWilliams" "2026-01-07 05:54:11", "1692122", "https://3.132.51.96/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/3.132.51.96", "ClickFix", "0", "CarsonWilliams" "2026-01-07 05:54:08", "1692177", "https://dinozozo.com/menu.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-06 20:28:59", "100", "True", "https://infosec.exchange/@monitorsg/115849908865936872", "SmartApeSG", "0", "monitorsg" "2026-01-07 05:54:07", "1692178", "dinozozo.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-06 20:29:00", "100", "True", "https://infosec.exchange/@monitorsg/115849908865936872", "SmartApeSG", "0", "monitorsg" "2026-01-07 05:54:06", "1692179", "https://pippyheydguide.com/redirect/profile-script.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-06 20:29:01", "100", "True", "https://infosec.exchange/@monitorsg/115849908865936872", "SmartApeSG", "0", "monitorsg" "2026-01-07 05:54:05", "1692180", "pippyheydguide.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-06 20:29:09", "100", "True", "https://infosec.exchange/@monitorsg/115849908865936872", "SmartApeSG", "0", "monitorsg" "2026-01-07 05:54:04", "1692181", "https://pippyheydguide.com/redirect/middleware-service.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-06 20:29:05", "100", "True", "https://infosec.exchange/@monitorsg/115849908865936872", "SmartApeSG", "0", "monitorsg" "2026-01-07 05:54:04", "1692182", "https://pippyheydguide.com/redirect/middleware-effect.js", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-06 20:29:07", "100", "True", "https://infosec.exchange/@monitorsg/115849908865936872", "SmartApeSG", "0", "monitorsg" "2026-01-07 05:54:03", "1692183", "http://193.111.208.238/auth", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-06 20:29:11", "100", "True", "https://infosec.exchange/@monitorsg/115849908865936872", "SmartApeSG", "0", "monitorsg" "2026-01-07 05:54:02", "1692184", "https://lpiaretes.com/auth", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-06 20:29:13", "100", "True", "https://infosec.exchange/@monitorsg/115849908865936872", "SmartApeSG", "0", "monitorsg" "2026-01-07 05:54:01", "1692185", "http://161.248.113.155:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS139076,EnjoyVC Japan Corporation,supershell", "0", "antiphishorg" "2026-01-07 05:54:00", "1692203", "https://193.111.208.238/byte", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "True", "https://infosec.exchange/@monitorsg/115850040529485016", "SmartApeSG", "0", "monitorsg" "2026-01-07 05:51:10", "1692552", "134.209.14.10:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:45:15", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:51:08", "1692550", "178.128.243.132:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:45:14", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:51:08", "1692551", "159.65.60.164:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:45:14", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:51:07", "1692549", "137.184.75.83:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:45:13", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:51:05", "1692548", "178.128.253.185:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:45:13", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:40:03", "1692547", "178.16.53.33:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "None", "RAT,RemcosRAT", "0", "abuse_ch" "2026-01-07 05:32:28", "1692546", "206.189.115.148:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:09:10", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:24", "1692545", "165.227.73.32:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:45:03", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:23", "1692544", "167.172.239.155:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:26:45", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:21", "1692543", "167.71.21.4:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:26:44", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:20", "1692542", "142.93.81.239:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:26:42", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:18", "1692541", "167.99.153.37:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:44:37", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:16", "1692540", "164.90.206.64:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:44:37", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:15", "1692539", "159.223.157.0:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:26:28", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:14", "1692538", "64.225.123.37:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:08:34", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:12", "1692537", "167.71.255.85:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 06:26:27", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-07 05:32:00", "1692536", "https://cdn.jsdelivr.net/gh/gstatic-kh5q7ekh/cdn-114-cloud/ach", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-07 04:26:10", "1692535", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-c10ud/clo", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-07 04:04:46", "1692534", "3.95.175.157:4891", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.95.175.157", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-07 04:04:35", "1692533", "158.94.210.187:23", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "False", "https://search.censys.io/hosts/158.94.210.187", "AS214943,C2,censys,Gafgyt,RAILNET", "0", "DonPasci" "2026-01-07 04:04:30", "1692532", "185.132.53.18:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/185.132.53.18", "AS211507,C2,censys,LAIN,panel,Unam", "0", "DonPasci" "2026-01-07 04:04:22", "1692531", "72.62.60.228:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/72.62.60.228", "AS-HOSTINGER,AS47583,C2,censys,Covenant", "0", "DonPasci" "2026-01-07 04:04:19", "1692529", "41.250.78.25:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "https://search.censys.io/hosts/41.250.78.25", "AS36903,C2,censys,MT-MPLS,Netsupport,RAT", "0", "DonPasci" "2026-01-07 04:04:19", "1692530", "167.86.144.60:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "https://search.censys.io/hosts/167.86.144.60", "AS25019,C2,censys,Netsupport,RAT,SAUDINETSTC-AS", "0", "DonPasci" "2026-01-07 04:04:16", "1692527", "18.230.175.87:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "False", "https://search.censys.io/hosts/18.230.175.87", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2026-01-07 04:04:16", "1692528", "194.110.247.9:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "False", "https://search.censys.io/hosts/194.110.247.9", "ALEXHOST,AS200019,C2,censys,Havoc", "0", "DonPasci" "2026-01-07 04:04:12", "1692526", "157.180.105.46:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2026-01-07 05:00:04", "100", "False", "https://search.censys.io/hosts/157.180.105.46", "AS24940,C2,censys,HETZNER-AS,Hookbot", "0", "DonPasci" "2026-01-07 04:04:11", "1692525", "185.112.147.172:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/185.112.147.172", "AS44925,C2,censys,Mythic,THE-1984-AS", "0", "DonPasci" "2026-01-07 04:04:10", "1692524", "35.88.68.85:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/35.88.68.85", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2026-01-07 04:04:05", "1692522", "178.16.55.108:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://search.censys.io/hosts/178.16.55.108", "AS214943,AsyncRAT,C2,censys,RAILNET,RAT", "0", "DonPasci" "2026-01-07 04:04:05", "1692523", "144.126.149.104:3001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://search.censys.io/hosts/144.126.149.104", "AS40021,AsyncRAT,C2,censys,CONTABO-40021,RAT", "0", "DonPasci" "2026-01-07 04:03:50", "1692521", "192.159.99.232:2024", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/192.159.99.232", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2026-01-07 04:03:18", "1692520", "185.80.53.22:443", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "False", "https://search.censys.io/hosts/185.80.53.22", "AS59711,C2,censys,DarkComet,HZ-EU-AS,RAT", "0", "DonPasci" "2026-01-07 04:02:31", "1692519", "47.109.134.119:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/47.109.134.119", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-01-07 03:59:19", "1692517", "793f8b08735a6c828bb689cc4af846eba66f5ae99263159c93d782cd53d85223", "sha256_hash", "payload", "win.rockloader", "None", "Rockloader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:19", "1692518", "c2aad31f818efa75e4afedc4ac65ba03", "md5_hash", "payload", "win.rockloader", "None", "Rockloader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:18", "1692516", "4c8255847b112d56385add806653e2630d8f8937", "sha1_hash", "payload", "win.rockloader", "None", "Rockloader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:17", "1692513", "46d039d94b5b26d4d30a4bc603fe75010d3f538c", "sha1_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:17", "1692514", "c6def8e8fb6eaa582f7c5dc88a85723d4a868b04c4ea8f8584bb828417a4ab86", "sha256_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:17", "1692515", "85d2cb8c740065498f4b28be129d6dbb", "md5_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:14", "1692512", "ff32331e1483c36171e5bd0f607a5e63", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:13", "1692509", "da3b19649ee5d4572e5f19dbf4c9d4b1", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:13", "1692510", "e2f97cfd3ba99d817108273c64cde5102d0b6828", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:13", "1692511", "a5733c1eda2aee6798095b113e5b01686113d7e692c1c0c2a911ca22f15b5719", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:12", "1692507", "e4ac5a977c8bec09cd0e1aca5cbcb8ec12080575", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:12", "1692508", "eb6f7fd95744399028c5c7a546d78ef3fa1e8c0afa7005d88dbc619b4e1730bf", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:11", "1692504", "507ad9415f6d2bcaeca346ed501a4aae5be627da", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:11", "1692505", "dac4a89041fb6ea5255f0ec86147c75faf2967ea2b45449e99737de5e41410f8", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:11", "1692506", "5033cdbae312f7c5cadbb94b68ae968e", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:10", "1692501", "8b6fac1b8e6c351d8045454a692765d17c7944c5", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:10", "1692502", "e3e5963c668bb692207ac73e72fa053cf7c9dc0b7e031bbfd1923d4f9ced5617", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:10", "1692503", "17d633efa44195ae0dcc71ee00b082d8", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:09", "1692498", "6955e2f1e88f028ee14d422d2c968dffcf61e229", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:09", "1692499", "6f1b3efe7e7ba8f895fc9f25f269313ff0b83b4965bbf5d128fead17dd5f844f", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:09", "1692500", "0eef573a4cb83c5045013f43299f2538", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:08", "1692495", "e03c41e337e430dba0a0027389845d56e8d05994", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:08", "1692496", "6f39be5d98a3e9b0d1c3ef7874d9ca7a26c0ab25026ad220e8246bf0e515dde6", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:08", "1692497", "2261d16cc059c6495872cae7799826cc", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:07", "1692492", "7c5e2aa6cd5d162268a78dd1797f3bddcb24627d", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:07", "1692493", "3f2c463e14339a12ca2b46331758af5f7baeeb7d0e02e2008052387f4c620aab", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:07", "1692494", "b3e66b8877af22ca72aa202c78042bba", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:06", "1692489", "43e0750338740c532fdea2c04422b8ebb4882583", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:06", "1692490", "003edd29ea6bb38151c2904388e2497670f560bdc9f1c9aa132210815e07972a", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:06", "1692491", "684320b339d57a44c4e7a1c1d30d6cb7", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:05", "1692486", "5df727567c721433396c8fdd56cfd4d9388d30a5", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:05", "1692487", "d363f5cf402f0d93805a1ce7533ed38729fef31538b8a699a7dbe7ee39b58b43", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:05", "1692488", "a45b36ebb3b2ecca41b3252a94f06c59", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:04", "1692483", "9069c4f2327e48a24cb04af50ed88bc496c8332c", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:04", "1692484", "9fe5a6bcc4c0aa78ba696cfae414d60b9a022384f2cd663978276ef8763cae90", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:04", "1692485", "8cb2393ce8207493aa2de29510652e09", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:03", "1692480", "5bfe805a92e9c193b6aafc77fb03c61822431313", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:03", "1692481", "a0d4e99d0549a70f1b5e385bbc3226c0faa4cacf82808c69ec5f65f862c7064e", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:03", "1692482", "d1b976e6f7d07c2f3f4e9bd0d52e73c6", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:02", "1692477", "b8d4aaf4ca26ab5feae6d3119a6a97172458b44c", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:02", "1692478", "781b6211fe7e291d52cf690e3bbb508714f4608aa879cedc2a61199312dff91a", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:02", "1692479", "230ef2f814ec1801036975f4c5859bf0", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:01", "1692475", "b61f479b41cbe22f801be4689f1d00123208cf9f1b2e8afd50b7f784fdba6898", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:01", "1692476", "55508d207e4fc0cd70ac16f11b267375", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:00", "1692472", "68c44a84ed86a73471c5f238d8cf5896a1cf6ff10811e3670e4a8916eba534e3", "sha256_hash", "payload", "win.purecrypter", "None", "PureCrypter", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:00", "1692473", "38a8e9fd90a1c263799e977af292673c", "md5_hash", "payload", "win.purecrypter", "None", "PureCrypter", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:59:00", "1692474", "02c395de6ee3f74635117235b1ce8ffa07e5ac7d", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:59", "1692469", "8fd1a9111659c8bd79550744804e2887f4059ebe093365f1d8ca8d5a852069be", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:59", "1692470", "a22f876f4f5e654000aee78de1cfd23f", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:59", "1692471", "130e061919585bf5958d4f9342a6269992df1eed", "sha1_hash", "payload", "win.purecrypter", "None", "PureCrypter", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:58", "1692466", "0d63429062d086b729682e06a4a0ab1913cb45a79ccd2776691ad21cfe22d241", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:58", "1692467", "b81858b5054e2e7ff351be1123ec1913", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:58", "1692468", "38570dc67eedf0a10c35188b35233d2e8e69e263", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:57", "1692464", "1c5b3e12956288361f375d11ec684fae", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:57", "1692465", "faaf1850303decb117352fc50adecfbdd4a1e054", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:56", "1692460", "9250a3b078fb8a5aad785ac00fbe9bb617d82a843a517185e41233b772b9f387", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:56", "1692461", "9e2ef7279a09021e81c36236e4ed6ac7", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:56", "1692462", "5738745e15d1ae3902d1e4d50d2a88e00c2e027b", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:56", "1692463", "b9276f217842d170f4c9f4c82afcb837f4a819a6349831808ee08c1eb6c8afa9", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:55", "1692457", "41d28144eed4029547adcd484aed803beee6313dba18e1b6154c46bd08d4d13e", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:55", "1692458", "3de1e6b8f92bda6da1dd6c521710fd13", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:55", "1692459", "ea58adce4a22f8da0b1efafbbce0b50a4c1a709b", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:54", "1692454", "a0e8440b32b727eea98fb4937acc077191ff046dba07d24883c0b1a0847eb3c8", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:54", "1692455", "05b6f7b5ffae4b2dc8ad2248f6a30f24", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:54", "1692456", "8bbbf46760e739cacbaa453547e6cf28c3f04886", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:53", "1692450", "599f80a79efdc584c70f4f763c663b06d432393c", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:53", "1692451", "51fdd83b3737add7f3832bd0ad0b56863c0a8f7cf9bcc16fd787d1ae4b403ce6", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:53", "1692452", "833368e3029a38a4f87207acd537070e", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:53", "1692453", "7425cf0e09ab9cdf022311d8ec6b847e86efc451", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:52", "1692447", "c44ee6b8000e886a197ce4737724dcfc1c03cdb4", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:52", "1692448", "99ed96d48e99828077d807f342cf13244af232c190088f12f548199a8ece8d97", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:52", "1692449", "324f0a679e2dd7d4174fc77e882336bf", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:51", "1692444", "0c28bf65b377564b33a3e0e33118b7392872bc74", "sha1_hash", "payload", "win.sigloader", "None", "SigLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:51", "1692445", "9c3a440c5b4dd36f5ac69f1a5d1b122dd7423aac36af6e01fa4e202532361d9d", "sha256_hash", "payload", "win.sigloader", "None", "SigLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:51", "1692446", "b2aa96c55da7f7497a10e5bdc0387f58", "md5_hash", "payload", "win.sigloader", "None", "SigLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:50", "1692441", "70710b60a027f78f4f36bf6a839c71cef08c97a9", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:50", "1692442", "01139818cc4f023f50dfa34b471e6440f097d05a767d72e7f5cf129cc1b7f3b1", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:50", "1692443", "f51d0f8922881aa603d5503ca8b56ebb", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:49", "1692438", "6578306e989b25b19985c347c25541e37e2a840a", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:49", "1692439", "dd4a261e45a02d4a645ced0c80673a5eb91e08c5d345e248eb63d424528f494a", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:49", "1692440", "75b8e7a6ab5e1dd8b78bd6d4d91ad3e9", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:48", "1692435", "7c88192bc4ea3b31e633df40f1266bb30b1667d8", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:48", "1692436", "5e30bba83c9011b8078e7cadc05a9fc8892b1fe096b3895f92ee2ebfbf75008b", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:48", "1692437", "97161661da86395c54721fdfb5ac5e12", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:47", "1692431", "fa3a27b70958cf7cb052c37d0399c9b3", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:47", "1692432", "ddffe70af3cce3bfc3f6222e1dabe4a9c8b68511", "sha1_hash", "payload", "win.spark_rat", "None", "SparkRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:47", "1692433", "10fca076384a292f5e79bb6b92dbaefbf63ad025d5dae392007a993fb5391fca", "sha256_hash", "payload", "win.spark_rat", "None", "SparkRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:47", "1692434", "d2c59a00cbc22fd4f07043138814fbe2", "md5_hash", "payload", "win.spark_rat", "None", "SparkRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:46", "1692428", "cbf9cd24fe9c97b47fb3f2b6dc12f29c", "md5_hash", "payload", "win.feodo", "Cridex,Bugat", "Feodo", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:46", "1692429", "0611976e7afc08b469a8c66416c848f6e1f0a01e", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:46", "1692430", "2bbd691e69efca373365776e38c44d93c7ce075deca99d0abd79305b55c64444", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:45", "1692425", "b661de3ac8d53b2b99cd494e6dc263d3", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:45", "1692426", "c3ccbfb3079fd24d37e44addb447a0f108b9f138", "sha1_hash", "payload", "win.feodo", "Cridex,Bugat", "Feodo", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:45", "1692427", "9cb74811ef737d14f351ac8476e8b9a736dca3834b1bd6104264b9ee48c9b576", "sha256_hash", "payload", "win.feodo", "Cridex,Bugat", "Feodo", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:44", "1692422", "27b327551331817c02b00f01727c720d", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:44", "1692423", "c97f9a16188099f2c1b26f9eb533a1b7bb586d2e", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:44", "1692424", "c3d3bc3a7ae093e6d36f0a6606d4d87b0f9af085bd37cfc5408014b8bac98baf", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:43", "1692419", "8c37e4751c67440f5ea8931c3d8e1e62", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:43", "1692420", "0fa35cfc8be8175a4fe16239cb0421a8e607b06d", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:43", "1692421", "f78238db552a2bcab1a68fcf3df9fbae50bba3c44d3bda6b7dddcfc007eee046", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:42", "1692417", "65dc4d546231cbbcf575e58b98f8cea44f8cadbe", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:42", "1692418", "90e6104462a969029a7c5b023ce811ef0c3ff93eb6bc72b0a0bf9e1baa722795", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:41", "1692413", "779b2ac33de34bf493b03a09da653552", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:41", "1692414", "a2d123418c6465a5779050027ae578ce1f5f4f8e", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:41", "1692415", "d61d8fdf7806fbc3b096a415f277de09eaafc1c315da77fbb8f12e4669264fd5", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:41", "1692416", "1812ef5cad0ab63208760386472838cc", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:40", "1692410", "36302f2f1d8af21110ba981cc5eddec7", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:40", "1692411", "00e9b27eb40307ca8a0c10f5529349d2f2a9a228", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:40", "1692412", "8195866ec567435d173a518b069c861fb3ef0e2fb8e8c37d33f6e898d1c37c7c", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:39", "1692406", "7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:39", "1692407", "8c764fb55c98dedc1d19cc9ca8e7fab4", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:39", "1692408", "541557a3be6adcfab743eeebafaf47f44ab84dd7", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:39", "1692409", "e49c36c3b9de82ab0dfc8e3410d0389de54b21b535f972c81fe289998b52cde3", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:38", "1692403", "a030ac4b770f87ded6b1c7c051171f02708c2d63680a9ee01afab2f2fa8c2b3e", "sha256_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:38", "1692404", "5f18dede706ccc017a7dde3bf10777d5", "md5_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:38", "1692405", "be1c42a5172d2c9dc6ecb101f8e92a8a29df46ff", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:37", "1692400", "26b441b6ac06968d8029babb90fba7927e1d21c9cb84b0492c4890bca5dd2660", "sha256_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:37", "1692401", "8a3f92b535c77dae22b6a84cd2203575", "md5_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:37", "1692402", "bbd86c69c0d8f0fd4d57906659f223ea2a33f0fd", "sha1_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:36", "1692397", "b9b52cc15fa1c03663a49c10af56e8f7aaa786d7688a75176d6fbfb779e8faca", "sha256_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:36", "1692398", "7b0fde40c81321e54fe06c25c1b80443", "md5_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:36", "1692399", "5bca2bf7f5ffe4a3d5669853b30e18119ae5ee21", "sha1_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:35", "1692393", "e530d0be19de4c98c841ff49e4d6a22f66f81d91", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:35", "1692394", "1dc3c1b3a129ff39aa9603c3ddd01590e4813224a25f5e350f05b3dab8801631", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:35", "1692395", "27d4c6b21fd7b40370bf3313033e03a0", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:35", "1692396", "5918aa7a343aeabf81df787fbe1c45986724a12b", "sha1_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:34", "1692390", "be3cbbde6a14e603fad7e773bf0e7ad0b0a86048", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:34", "1692391", "be3f92f8376e736404aaf25660dd273d640a21169f18eb7d212b1e8b980ec55d", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:34", "1692392", "8469ddefa50d753897370922e81105e1", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:33", "1692387", "71abae997803a8a316f7f5c1a7d1d81a4e315989", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:33", "1692388", "3aa7183d6d223a343a79db110fa4735b74820c38ac123cbdf28e1481b1027d60", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:33", "1692389", "39f46e57b88f6804b040f0ddf57d0f61", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:32", "1692384", "661407bdeacc2e087e372de30aa2710a5591365b", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:32", "1692385", "5264ae16a10a482f4f9680d7bf96943c7e03d03f99497037dd70ee0ff27ef86b", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:32", "1692386", "b52e3c2679a8d70af276072f3b2790f5", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:31", "1692380", "8a14511fc26b6eb98c190dac64d87edd", "md5_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:31", "1692381", "2f95d21b5f46da40ab387a78faa2291f33eb7f41", "sha1_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:31", "1692382", "553972250e6766defd1125152eef38c0b8024e9ba2d65c5ca83ef1d04a1685eb", "sha256_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:31", "1692383", "659ae706a868b3f0aa9da9995fe5e24f", "md5_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:30", "1692377", "9ba61fb2a982729d7492e0dd9b1d4ffb", "md5_hash", "payload", "win.owlproxy", "None", "Owlproxy", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:30", "1692378", "dc41e0d4b7ec1eaa5fbf951b39438d59097259cb", "sha1_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:30", "1692379", "b5ccaa59ccb00639ce88665e2a3bd5025e284e106bef24fd7911f6e48661d1b3", "sha256_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:29", "1692374", "30bba08104d2aafc76919c2e5ef172cb", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:29", "1692375", "532cf0f7fb2046fb6955b11fdb731a991a575912", "sha1_hash", "payload", "win.owlproxy", "None", "Owlproxy", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:29", "1692376", "b3c7a1b37fc4d3df3f7e4aa2d827eb8604888f0440f5c5f4b6b75fb46edfe52b", "sha256_hash", "payload", "win.owlproxy", "None", "Owlproxy", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:28", "1692371", "c10f8301f217bbfdbdcc915f27f3cd76", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:28", "1692372", "125e9b34754febf183804434848457a757993341", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:28", "1692373", "326c02eabd6a78785cb5b2a906b75ffa2ae1980f7991ee812310c7d38ab90010", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:27", "1692368", "7c1184f84530315d38a07d285878634c", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:27", "1692369", "6a5038bdadd12ae1b5c8830a32fc75d881b45309", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:27", "1692370", "07633175862d8e362fc8b19dad17e955528c2ffb7afd164ebaa06496ef3d3bd2", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:26", "1692365", "906179b55a6365636286b77544c056c8", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:26", "1692366", "c2edd5434676d6e83e3a829f845eca6d06872fb7", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:26", "1692367", "333722c8cd0d94c34ed5c6964a09a1f7229e4ad0e620afc566607fccd140f1e6", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:25", "1692362", "242c4b7775e26699a4c85a156bac6e07", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:25", "1692363", "2e2a176fc8bfb176945f01ae49e9507138ae0260", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:25", "1692364", "5da9c9a1226470e8c0277dbe887edb326a3f02969d4c448e8c869099bcb350a6", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:24", "1692359", "f7398df9b4a2f27568ded2f1b750e65e", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:24", "1692360", "7e80d0e7169457a23597c3d09b4c18fa6a93385d", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:24", "1692361", "fba9f6b94479a924c563165dafb70f184d6b1e4a850863920ad2d274a4cd89c6", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:23", "1692355", "f9f14b4c12fc02ab7429fdcc5d050fb33120b776947c9d205fd637e8207384aa", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:23", "1692356", "042294460498250324189c0f3b246b41", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:23", "1692357", "b2d4805b29cd1f4fd7c2d7c0ceb21ab7c4e8340e", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:23", "1692358", "2ad6a919f8256c9100324af50c0894527bb71f344ecdfe1e1f00b4e708ff8481", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:22", "1692352", "77e22f4e1af7758d6f7284f32a92539ea36a527fa89c8c6765f10a3f98a8d13e", "sha256_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:22", "1692353", "11c4be3afdb16bfffb843567d74846cb", "md5_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:22", "1692354", "eb942efb914acd951859c361a390ae3f9f3df99f", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:21", "1692348", "71e7cad4a1dff1712876c9272389d4e8919159f4", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:21", "1692349", "8ff0f5aeb9ba1015ef62d07387311d770be1bb52c8d0f89f0d816ca9afe44b8c", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:21", "1692350", "55d1a583dc65d76808a507c14cf16d72", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:21", "1692351", "b478f2279777f5b399d733c01e6ac49526e736bf", "sha1_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:20", "1692346", "851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:20", "1692347", "bba1a19f6d2c846b3d09505e5d9838be", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:19", "1692342", "9e5ae7f43948121babbd1a90d19eaa3c50823051", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:19", "1692343", "2c6ea46ba11179ea4638b19a54f7b846ecf760b117a6f0702686f965090a2046", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:19", "1692344", "81f683d92c04482a7672f563b7b1c8af", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:19", "1692345", "27d76724dbb48bf181ee956d130ecdaa144ee33c", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:18", "1692339", "461906f99ab8649133489dc0c71f96f325634c64", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:18", "1692340", "8994c8fd4c22d82bcc82fd7cfc226b443970511966ea488fcb5823bcc63ed697", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:18", "1692341", "e2dfdc61e2bc542a7b04d16c540b58c8", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:17", "1692337", "9d620e2a5b4a61ec9d8705516e36c9d5dcff7a4c8d441afeeec86ca9a6d27fe4", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:17", "1692338", "d063a719b444ac9ad9ede125d1cce1e3", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:16", "1692334", "6dbd8948e140f172f5cafdd06ff22f6eba57fd9fcccc0916be69781de4bd314e", "sha256_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:16", "1692335", "706d8a43ddce04eb7557a148a049be4e", "md5_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:16", "1692336", "0210606540f3427e1119b68101357bce4673e428", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:15", "1692331", "d0734e9101ff40347e6a78bec1650fc74240e8d4143d428a3b96157edd6283c5", "sha256_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:15", "1692332", "cc4f2512d2f34a1d50c771869b88ab2b", "md5_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:15", "1692333", "2bb2a4696444ef997f3cf486aef36c7fade54a1b", "sha1_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:14", "1692327", "5b7444b829631367ce2e95921abd0764d73dc0c2", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:14", "1692328", "65170a027c2050be22fc06e635694d410f2a4afe0c38bf3787d283a564f9ef95", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:14", "1692329", "80d8096f22b764560687fe598837d826", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:14", "1692330", "4c004f638b66b5e9c1d72345cfa2635e9d330a51", "sha1_hash", "payload", "win.bolek", "KBOT", "Bolek", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:13", "1692325", "db0d4585d8113482e8f8ceb4cf7a14c16ab6bd29c86faaca02bb06b56d5e0d0f", "sha256_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:13", "1692326", "8e3e0dc82b7cc955e79cd24c7270034e", "md5_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:12", "1692323", "db7542ecd65ae6a53d51dfc8a985b054", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:12", "1692324", "fae68b05bc22e26610eb3368098184853bbfb303", "sha1_hash", "payload", "win.masad_stealer", "None", "Masad Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:11", "1692322", "7549a0328d8872c55332338ae17f93fdeefcef00de72ceb946105c53b53ca662", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:10", "1692319", "c557ebe4615066c1019d0c8976e10c932a82813853a159587ae68a5a6eb0225c", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:10", "1692320", "52ba88ec77a4740df699c10ca1248356", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:10", "1692321", "a9ee9f843f834e6b97bd512d2130dc2202e2d317", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:09", "1692316", "e91492e48f7a86783e88785156e3453daa85f5ce5b9fb4dcfe159996da72fd4a", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:09", "1692317", "19ddc33cafe3f94e1a2d221010d86460", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:09", "1692318", "7115e3da53ff7fdbee1fb46dc8078c467e136394", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:08", "1692313", "1d8cc65d36b53e94dff26e579d690b5a788393c96026a8689657de510ada2b81", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:08", "1692314", "38ad8326c5f77012f9d6ed7ae277868e", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:08", "1692315", "80be547cc6e440ec3f4cf148508ee4f9bc5d444a", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:07", "1692311", "409e28b22d72e0c28eed40fdbda86f7e", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:07", "1692312", "96847feba0ce0bb13356398c80185f402bd6c494", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:06", "1692310", "dde0d05aa7f0843b643d6168f71881a7e7e4f0fa747ce6c09c25791ae60d30a9", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:05", "1692309", "8548017dd86235e9ab7bead50da6d75fda59623f", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:04", "1692308", "a7195456159674e889a7a599915b31f4", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:03", "1692306", "be9ee06139f4759a06dfa1ef41c0a048da8d1535", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 03:58:03", "1692307", "c92d3b7961692f031863195786b6dbd7daff071635fc4622be6d50d6970ac531", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-07 00:04:09", "1692225", "3.132.51.96:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/3.132.51.96", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci" "2026-01-07 00:04:01", "1692224", "199.101.111.174:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.174", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-07 00:04:00", "1692222", "3.95.166.250:4443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.95.166.250", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-07 00:04:00", "1692223", "199.101.111.33:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.33", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-07 00:03:56", "1692221", "154.219.123.95:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/154.219.123.95", "AdaptixC2,AS8796,C2,censys,FD-298-8796", "0", "DonPasci" "2026-01-07 00:03:53", "1692220", "137.220.227.82:8080", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "False", "https://search.censys.io/hosts/137.220.227.82", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,hacktool,Mimikatz,open-dir", "0", "DonPasci" "2026-01-07 00:03:32", "1692219", "185.208.159.121:8080", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "False", "https://search.censys.io/hosts/185.208.159.121", "AS42624,C2,censys,RAT,SWISSNETWORK02,Venom", "0", "DonPasci" "2026-01-07 00:03:03", "1692218", "124.198.132.87:4000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/124.198.132.87", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2026-01-07 00:03:02", "1692217", "192.159.99.232:1994", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/192.159.99.232", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2026-01-07 00:03:01", "1692216", "191.107.87.178:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/191.107.87.178", "AS3816,C2,censys,COLOMBIA,RAT,Remcos", "0", "DonPasci" "2026-01-07 00:02:28", "1692215", "172.81.133.92:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/172.81.133.92", "AS27176,C2,censys,CobaltStrike,cs-watermark-987654321,DATAWAGON", "0", "DonPasci" "2026-01-06 23:30:05", "1692214", "http://a1122027.xsph.ru/bde277b7.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-01-06 23:01:49", "1692213", "3.85.11.144:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/3.85.11.144", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-06 23:01:36", "1692211", "95.164.53.246:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/95.164.53.246", "AS213702,censys,Viper", "0", "dyingbreeds_" "2026-01-06 23:01:35", "1692210", "43.139.158.30:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/43.139.158.30", "AS45090,censys,Viper", "0", "dyingbreeds_" "2026-01-06 23:01:17", "1692209", "195.24.237.166:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-07 00:03:31", "100", "False", "https://search.censys.io/hosts/195.24.237.166", "AS60223,C2,censys", "0", "dyingbreeds_" "2026-01-06 23:01:16", "1692208", "185.146.233.229:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-07 00:03:30", "100", "False", "https://search.censys.io/hosts/185.146.233.229", "AS200651,C2,censys,FLOKINET", "0", "dyingbreeds_" "2026-01-06 23:01:09", "1692207", "185.112.147.172:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-07 00:03:25", "100", "False", "https://search.censys.io/hosts/185.112.147.172", "AS44925,C2,censys,Mythic,THE-1984-AS", "0", "dyingbreeds_" "2026-01-06 23:00:12", "1692206", "47.104.73.191:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 00:02:29", "100", "False", "https://search.censys.io/hosts/47.104.73.191", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-01-06 23:00:08", "1692205", "8.145.34.111:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 00:02:32", "100", "False", "https://search.censys.io/hosts/8.145.34.111", "AS37963,C2,censys", "0", "dyingbreeds_" "2026-01-06 20:24:42", "1692202", "rang.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/9d620e2a5b4a61ec9d8705516e36c9d5dcff7a4c8d441afeeec86ca9a6d27fe4/", "asyncrat", "0", "abuse_ch" "2026-01-06 20:15:59", "1692201", "techsanjay.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/8994c8fd4c22d82bcc82fd7cfc226b443970511966ea488fcb5823bcc63ed697/", "asyncrat", "0", "abuse_ch" "2026-01-06 20:14:35", "1692200", "pqs.uk.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/8994c8fd4c22d82bcc82fd7cfc226b443970511966ea488fcb5823bcc63ed697/", "asyncrat", "0", "abuse_ch" "2026-01-06 20:13:49", "1692199", "karvacolud.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/8994c8fd4c22d82bcc82fd7cfc226b443970511966ea488fcb5823bcc63ed697/", "asyncrat", "0", "abuse_ch" "2026-01-06 20:04:13", "1692198", "217.154.114.85:443", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "False", "https://search.censys.io/hosts/217.154.114.85", "AS8560,C2,censys,hacktool,IONOS-AS,Mimikatz,open-dir", "0", "DonPasci" "2026-01-06 20:03:53", "1692196", "94.228.115.109:8888", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-06 23:01:20", "100", "False", "https://search.censys.io/hosts/94.228.115.109", "AS9123,C2,censys,DcRAT,RAT,TIMEWEB-AS", "0", "DonPasci" "2026-01-06 20:03:53", "1692197", "94.228.115.109:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-06 23:01:19", "100", "False", "https://search.censys.io/hosts/94.228.115.109", "AS9123,C2,censys,DcRAT,RAT,TIMEWEB-AS", "0", "DonPasci" "2026-01-06 20:03:48", "1692195", "58.187.17.156:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-01-06 23:01:13", "100", "False", "https://search.censys.io/hosts/58.187.17.156", "AS18403,C2,censys,FPT-AS-AP,Quasar,RAT", "0", "DonPasci" "2026-01-06 20:03:45", "1692194", "192.253.234.63:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2026-01-06 23:01:11", "100", "False", "https://search.censys.io/hosts/192.253.234.63", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Hookbot", "0", "DonPasci" "2026-01-06 20:03:38", "1692193", "95.9.236.229:1000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 23:01:06", "100", "False", "https://search.censys.io/hosts/95.9.236.229", "AS9121,AsyncRAT,C2,censys,RAT,TTNET", "0", "DonPasci" "2026-01-06 20:02:57", "1692192", "111.230.26.251:8000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/111.230.26.251", "AS45090,C2,censys,open-dir,payload,Sliver,TENCENT-NET-AP", "0", "DonPasci" "2026-01-06 20:02:56", "1692191", "51.83.254.62:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-06 23:00:59", "100", "False", "https://search.censys.io/hosts/51.83.254.62", "AS16276,C2,censys,OVH,Sliver", "0", "DonPasci" "2026-01-06 20:02:54", "1692190", "130.162.44.203:8443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-06 23:00:56", "100", "False", "https://search.censys.io/hosts/130.162.44.203", "AS31898,C2,censys,ORACLE-BMC-31898,Sliver", "0", "DonPasci" "2026-01-06 20:02:49", "1692189", "124.198.132.87:7777", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/124.198.132.87", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2026-01-06 20:02:29", "1692187", "13.61.10.87:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-06 23:00:09", "100", "False", "https://search.censys.io/hosts/13.61.10.87", "AMAZON-02,AS16509,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-01-06 20:02:29", "1692188", "144.91.107.138:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-06 23:00:11", "100", "False", "https://search.censys.io/hosts/144.91.107.138", "AS51167,C2,censys,CobaltStrike,CONTABO,cs-watermark-987654321", "0", "DonPasci" "2026-01-06 20:02:28", "1692186", "38.165.47.18:9000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-06 23:00:06", "100", "False", "https://search.censys.io/hosts/38.165.47.18", "AROSS-AS,AS400619,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-01-06 19:05:23", "1692176", "pradeepprabhu7.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/763c84813d8e69a29062f810598bdb3e0e1ec756e08ae587f3c6c20e26d9c419/", "asyncrat", "0", "abuse_ch" "2026-01-06 19:04:34", "1692175", "46.51.181.113:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:48:31", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 19:02:12", "1692174", "35.233.67.192:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-07 06:47:59", "75", "False", "None", "drb-ra,Mythic", "0", "abuse_ch" "2026-01-06 19:01:28", "1692173", "3.223.172.240:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:47:51", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 19:01:27", "1692172", "3.220.193.101:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:47:50", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 19:00:18", "1692171", "222.216.230.48:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:47:41", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 18:59:22", "1692170", "207.56.215.67:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:47:29", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 18:58:55", "1692169", "104.37.174.84:5723", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/0e01b51e306339081d897f81ede22bb42abfbe3c5536b7d0eb387c4e7b861e74/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:58:23", "1692168", "vxe.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:58:16", "1692167", "todayepisode.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:57:55", "1692166", "runafrica.us.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:57:20", "1692165", "n188.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:56:22", "1692164", "gate.motfim.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:56:12", "1692163", "gate.735bet12.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:55:25", "1692162", "exuberant.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:55:14", "1692161", "eihbgb.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:54:00", "1692160", "buybitcoin.us.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:53:08", "1692159", "8xx.de.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:52:41", "1692158", "777x.us.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:50:48", "1692157", "1710.cn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/851afa6f3343202f7cf017e1b4e7ada2063132ad3e726c26fc33e1d657e24586/", "asyncrat", "0", "abuse_ch" "2026-01-06 18:49:20", "1692156", "148.178.88.51:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:44:40", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 18:49:19", "1692154", "148.178.78.4:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:44:40", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 18:49:19", "1692155", "148.178.86.99:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:44:40", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 18:49:18", "1692153", "148.178.75.103:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:44:40", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 18:48:09", "1692152", "139.59.248.200:55443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-07 06:44:14", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch" "2026-01-06 18:46:17", "1692151", "111.22.248.46:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:43:47", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 18:45:09", "1692150", "106.14.250.82:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:43:37", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 18:44:53", "1692149", "104.168.38.238:51337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 06:43:32", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-01-06 18:43:08", "1692148", "100.31.161.153:443", "ip:port", "botnet_cc", "win.danabot", "DanaTools", "DanaBot", "2026-01-07 06:43:03", "75", "False", "None", "DanBot,drb-ra", "0", "abuse_ch" "2026-01-06 18:31:54", "1692146", "https://insightme.im/e/electric.php", "url", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/77e22f4e1af7758d6f7284f32a92539ea36a527fa89c8c6765f10a3f98a8d13e/", "GoToResolve", "0", "abuse_ch" "2026-01-06 18:31:54", "1692147", "https://pub-e306adc6127c4521869ba034f1b34502.r2.dev/EnterpriseElectricalReview.exe", "url", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/77e22f4e1af7758d6f7284f32a92539ea36a527fa89c8c6765f10a3f98a8d13e/", "GoToResolve", "0", "abuse_ch" "2026-01-06 18:23:46", "1692145", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s80-ap-k56/eut11", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 18:20:19", "1692144", "45.150.34.183:4444", "ip:port", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "False", "https://tria.ge/260106-pqrxlaslez", "android,AS215826,C2,spynote,triage", "0", "DonPasci" "2026-01-06 18:19:41", "1692143", "aaasx123.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-01-06 18:19:42", "100", "False", "https://tria.ge/260106-n3csrsgl9y", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2026-01-06 18:19:40", "1692142", "156.247.41.49:1746", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260106-b8spyswndr", "AS401739,C2,rat,triage,valleyrat", "0", "DonPasci" "2026-01-06 18:19:23", "1692141", "http://91.92.243.58", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260106-rtfd3shr3v", "C2,stealc,stealer,triage", "0", "DonPasci" "2026-01-06 18:17:33", "1692140", "178.16.52.97:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260106-s5d6tsam9x", "AS209800,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-06 18:15:05", "1692139", "http://co700017.tw1.ru/1703c858.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch" "2026-01-06 18:14:53", "1692138", "https://adwestmailcenter.com/", "url", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "True", "https://urlhaus.abuse.ch/url/3751500/", "GoToResolve", "0", "abuse_ch" "2026-01-06 18:13:42", "1692137", "cls-services.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:13:48", "100", "False", "https://tria.ge/260106-v13pqs1mfk", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2026-01-06 18:13:17", "1692136", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s01-k17/eno80", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 18:03:14", "1692135", "without-gibraltar.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-raqeyaax5b", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-06 18:03:12", "1692134", "support-prospect.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-raqeyaax5b", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-06 18:03:11", "1692133", "seller-editions.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-raqeyaax5b", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-06 18:03:09", "1692132", "23.26.108.156:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-n5hf2azlgm", "AS23470,C2,triage,xworm", "0", "DonPasci" "2026-01-06 18:03:08", "1692131", "vibeproject776-44233.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-n5lhpazlhk", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-06 18:03:07", "1692130", "109.243.148.237:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-sakecsbs8h", "AS39603,C2,triage,xworm", "0", "DonPasci" "2026-01-06 18:03:05", "1692129", "usb-norm.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-vbs41abl21", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-06 17:59:07", "1692128", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-ap20-s01/bep10", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 17:58:29", "1692127", "89.125.255.131:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 03:03:45", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:58:28", "1692126", "45.149.154.179:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 03:03:44", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:58:27", "1692125", "89.125.255.188:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 03:03:44", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:58:26", "1692124", "89.125.209.242:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 03:03:43", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:58:23", "1692123", "89.125.255.210:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 03:03:40", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:25:23", "1692120", "104.236.108.105:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:22:06", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:25:21", "1692119", "178.128.180.137:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:22:05", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:25:20", "1692118", "206.189.5.96:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:22:04", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:25:18", "1692117", "138.68.63.4:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:22:04", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:25:16", "1692116", "161.35.11.190:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:22:03", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:25:14", "1692115", "208.68.37.248:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:24:55", "1692114", "68.183.157.144:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:24:46", "1692113", "159.223.4.152:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:24:44", "1692112", "157.245.224.173:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:24:40", "1692111", "178.62.196.171:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:24:30", "1692110", "139.59.169.182:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:24:28", "1692109", "142.93.77.3:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 17:41:19", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:24:26", "1692108", "138.68.185.68:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:56", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:24:25", "1692107", "159.223.212.74:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:56", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 17:22:48", "1692106", "meiweibo.cn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:13:46", "75", "False", "https://bazaar.abuse.ch/sample/5da9c9a1226470e8c0277dbe887edb326a3f02969d4c448e8c869099bcb350a6/", "asyncrat", "0", "abuse_ch" "2026-01-06 17:22:12", "1692105", "franchise.uk.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5da9c9a1226470e8c0277dbe887edb326a3f02969d4c448e8c869099bcb350a6/", "asyncrat", "0", "abuse_ch" "2026-01-06 17:21:47", "1692104", "doggrooming.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/5da9c9a1226470e8c0277dbe887edb326a3f02969d4c448e8c869099bcb350a6/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:55:47", "1692103", "peal.us.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:14:14", "75", "False", "https://bazaar.abuse.ch/sample/333722c8cd0d94c34ed5c6964a09a1f7229e4ad0e620afc566607fccd140f1e6/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:55:46", "1692102", "kge.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:13:55", "75", "False", "https://bazaar.abuse.ch/sample/333722c8cd0d94c34ed5c6964a09a1f7229e4ad0e620afc566607fccd140f1e6/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:55:43", "1692101", "huanle.cn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:14:22", "75", "False", "https://bazaar.abuse.ch/sample/333722c8cd0d94c34ed5c6964a09a1f7229e4ad0e620afc566607fccd140f1e6/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:55:42", "1692100", "gdmp.cn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:14:02", "75", "False", "https://bazaar.abuse.ch/sample/333722c8cd0d94c34ed5c6964a09a1f7229e4ad0e620afc566607fccd140f1e6/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:55:39", "1692099", "dtk.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:14:08", "75", "False", "https://bazaar.abuse.ch/sample/333722c8cd0d94c34ed5c6964a09a1f7229e4ad0e620afc566607fccd140f1e6/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:49:50", "1692098", "116.196.75.68:65531", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 06:51:05", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-06 16:41:06", "1692097", "zun.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:14:36", "75", "False", "https://bazaar.abuse.ch/sample/07633175862d8e362fc8b19dad17e955528c2ffb7afd164ebaa06496ef3d3bd2/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:41:00", "1692096", "sunwin11.us.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:14:41", "75", "False", "https://bazaar.abuse.ch/sample/07633175862d8e362fc8b19dad17e955528c2ffb7afd164ebaa06496ef3d3bd2/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:40:50", "1692095", "ipv6.eu.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:14:30", "75", "False", "https://bazaar.abuse.ch/sample/07633175862d8e362fc8b19dad17e955528c2ffb7afd164ebaa06496ef3d3bd2/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:40:48", "1692094", "iez.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:14:56", "75", "False", "https://bazaar.abuse.ch/sample/07633175862d8e362fc8b19dad17e955528c2ffb7afd164ebaa06496ef3d3bd2/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:40:46", "1692093", "firstcall.eu.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:14:50", "75", "False", "https://bazaar.abuse.ch/sample/07633175862d8e362fc8b19dad17e955528c2ffb7afd164ebaa06496ef3d3bd2/", "asyncrat", "0", "abuse_ch" "2026-01-06 16:40:05", "1692092", "http://bobrecurwarmumsworms.com:8080/updater?for=76AB501390D0C329C365C14CDD1C4CAA", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "GoProxy", "0", "abuse_ch" "2026-01-06 16:30:08", "1692090", "http://45.93.20.198/82878e5702cc452c.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch" "2026-01-06 16:17:18", "1692089", "109.199.97.78:60003", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://www.virustotal.com/gui/file/4de00dae20cc17858656e7d3a9ffb6d7991eb39679673fe7786cccb1555c2d59", "AS51167,c2,CONTABO,virustotal,vshell", "0", "DonPasci" "2026-01-06 16:04:16", "1692088", "3.132.51.96:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/3.132.51.96", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci" "2026-01-06 16:04:15", "1692087", "3.132.202.210:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/3.132.202.210", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci" "2026-01-06 16:03:58", "1692086", "lavender-wallaby-90664.zap.cloud", "domain", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "False", "https://search.censys.io/hosts/185.239.236.172+lavender-wallaby-90664.zap.cloud", "AS206996,C2,censys,Gafgyt,open-dir,ZAP-HOSTING", "0", "DonPasci" "2026-01-06 16:03:53", "1692085", "adfs.vdjhrr.de", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-06 23:01:38", "100", "False", "https://search.censys.io/hosts/104.131.163.79+adfs.vdjhrr.de", "AS14061,censys,DIGITALOCEAN-ASN,EvilGinx,panel,Phishing", "0", "DonPasci" "2026-01-06 16:03:00", "1692084", "23.95.96.180:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 06:53:01", "100", "False", "https://search.censys.io/hosts/23.95.96.180", "AS-COLOCROSSING,AS36352,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2026-01-06 16:02:27", "1692083", "47.243.238.194:54188", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-06 23:00:13", "100", "False", "https://search.censys.io/hosts/47.243.238.194", "ALIBABA-CN-NET,AS45102,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-01-06 16:02:26", "1692082", "147.45.210.43:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-06 23:00:10", "100", "False", "https://search.censys.io/hosts/147.45.210.43", "AS207416,C2,censys,CobaltStrike,cs-watermark-987654321,NEKO-ORG-AS", "0", "DonPasci" "2026-01-06 15:31:05", "1692081", "grufuncinlhar.floresflorcravovermelho.cfd", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/dcc65e18a02dfb9a360694285c0b93faf4e6d8b14af5e4b1c69e261712dfca23/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 15:09:53", "1692080", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-200-fd-cloudi/gds10", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 15:06:01", "1692079", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s46-k127/70op", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 14:55:05", "1692078", "45.9.148.181:7707", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "False", "None", "PureLogsStealer", "0", "abuse_ch" "2026-01-06 14:45:41", "1692077", "9.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:45:39", "1692076", "8.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 18:15:03", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:45:36", "1692075", "7.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:45:34", "1692074", "6.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:45:32", "1692073", "5.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:45:30", "1692072", "4.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:45:28", "1692071", "3.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:45:26", "1692070", "2.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:45:24", "1692069", "10.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:45:22", "1692068", "1.qq8875.online", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7938e7b6dfe01efb34a4186ea425fb5003c67b0637e6919800ed246e3e57f7f4/", "asyncrat", "0", "abuse_ch" "2026-01-06 14:39:27", "1692067", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s46-k127/pm45", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 14:33:41", "1692066", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/set29", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 14:23:09", "1692065", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/yo100", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 13:55:34", "1692064", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/nol45", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 13:53:02", "1692063", "89.169.52.143:1334", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/f78238db552a2bcab1a68fcf3df9fbae50bba3c44d3bda6b7dddcfc007eee046/", "AEZA-AS,AS210644,c2,Quasar,RAT", "0", "DonPasci" "2026-01-06 13:43:02", "1692062", "gatemaden.space", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.virustotal.com/gui/file/9d43e059111460c4f81351a062fb7eb7dbfd34988a06d756c7206f330c06cb42", "c2,macsync,stealer,virustotal", "0", "DonPasci" "2026-01-06 13:10:04", "1692060", "tpl.tfba.me", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-06 13:10:04", "1692061", "tpl.kievteplo.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-06 13:09:50", "1692058", "https://tpl.tfba.me/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-06 13:09:50", "1692059", "https://tpl.kievteplo.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-06 12:25:50", "1692057", "invoice-statement.com", "domain", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "DattoRM", "0", "abuse_ch" "2026-01-06 12:25:45", "1692056", "https://invoice-statement.com/invoice/", "url", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "50", "False", "", "DattoRM", "0", "abuse_ch" "2026-01-06 12:13:34", "1692055", "eaupdateservice.ddns.net", "domain", "botnet_cc", "win.cybergate", "Rebhip", "CyberGate", "", "100", "False", "https://tria.ge/260106-k6c16aypd1", "C2,cybergate,domain,rat,triage", "0", "DonPasci" "2026-01-06 12:12:08", "1692053", "saliangel.ru", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://search.censys.io/hosts/213.21.233.205", "censys,domain,stealer,xillenkillers,XillenStealer", "0", "DonPasci" "2026-01-06 12:12:08", "1692054", "xillenkillers.ru", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://search.censys.io/hosts/213.21.233.205", "censys,domain,stealer,xillenkillers,XillenStealer", "0", "DonPasci" "2026-01-06 12:11:32", "1692049", "174.127.99.217:1016", "ip:port", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "False", "https://tria.ge/260106-n3g3gsgz7b", "C2,rat,RevengeRAT,triage", "0", "DonPasci" "2026-01-06 12:11:32", "1692050", "alien007.my-firewall.org", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "False", "https://tria.ge/260106-nysnesgw8c", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci" "2026-01-06 12:11:32", "1692051", "KevinDavis-58161.portmap.host", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "2026-01-06 12:11:33", "100", "False", "https://tria.ge/260106-nynpgagj7v", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci" "2026-01-06 12:11:32", "1692052", "r3dc0d3r.duckdns.org", "domain", "botnet_cc", "win.revenge_rat", "Revetrat", "Revenge RAT", "", "100", "False", "https://tria.ge/260106-nypxjagw7c", "C2,domain,rat,RevengeRAT,triage", "0", "DonPasci" "2026-01-06 12:11:18", "1692047", "125.208.23.7:80", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260106-ltmkhafz3b", "AS146817,C2,FXNET,rat,triage,valleyrat", "0", "DonPasci" "2026-01-06 12:11:18", "1692048", "fuu.tfuuuk.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2026-01-06 12:11:18", "100", "False", "https://tria.ge/260106-kmqg5sylem", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2026-01-06 12:11:17", "1692045", "125.208.23.7:2883", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260106-ltmkhafz3b", "AS146817,C2,FXNET,rat,triage,valleyrat", "0", "DonPasci" "2026-01-06 12:11:17", "1692046", "125.208.23.7:6229", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260106-ltmkhafz3b", "AS146817,C2,FXNET,rat,triage,valleyrat", "0", "DonPasci" "2026-01-06 12:11:16", "1692043", "whoami.cc.cd", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260106-l3sg4szmct", "C2,domain,rat,triage,valleyrat", "0", "DonPasci" "2026-01-06 12:11:16", "1692044", "154.23.127.134:1688", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260106-kntk7afs8a", "AS54801,C2,rat,triage,valleyrat,ZILLION-NETWORK", "0", "DonPasci" "2026-01-06 12:11:02", "1692042", "sadxssaw-41989.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260106-d3lesscl2v", "C2,domain,njrat,triage", "0", "DonPasci" "2026-01-06 12:11:01", "1692041", "starnhgggf-58632.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260106-l1avaafk6x", "C2,domain,njrat,triage", "0", "DonPasci" "2026-01-06 12:11:00", "1692040", "Owais5050-61656.portmap.io", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260106-nyqttsgw7e", "C2,domain,njrat,triage", "0", "DonPasci" "2026-01-06 12:08:32", "1692037", "128.0.118.15:14999", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260106-k7f47syphw", "AS16276,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-06 12:08:32", "1692038", "128.0.118.15:16213", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260106-k7f47syphw", "AS16276,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-06 12:08:32", "1692039", "128.0.118.15:18006", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260106-k7f47syphw", "AS16276,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-06 12:08:31", "1692033", "128.0.118.15:10013", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260106-k7f47syphw", "AS16276,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-06 12:08:31", "1692034", "128.0.118.15:10808", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260106-k7f47syphw", "AS16276,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-06 12:08:31", "1692035", "128.0.118.15:11534", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260106-k7f47syphw", "AS16276,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-06 12:08:31", "1692036", "128.0.118.15:11880", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260106-k7f47syphw", "AS16276,C2,quasar,rat,triage", "0", "DonPasci" "2026-01-06 12:04:10", "1692032", "199.101.111.94:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.94", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-06 12:04:09", "1692030", "54.92.204.109:2375", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.92.204.109", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-06 12:04:09", "1692031", "199.101.111.97:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.97", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-06 12:04:08", "1692029", "199.101.111.22:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.22", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-06 12:04:04", "1692028", "159.75.189.212:8989", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/159.75.189.212", "AdaptixC2,AS45090,C2,censys,TENCENT-NET-AP", "0", "DonPasci" "2026-01-06 12:03:41", "1692026", "206.71.149.30:6969", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "False", "https://search.censys.io/hosts/206.71.149.30", "AS399629,BLNWX,C2,censys,RAT,Venom", "0", "DonPasci" "2026-01-06 12:03:37", "1692025", "156.252.60.29:444", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://search.censys.io/hosts/156.252.60.29", "AS9294,C2,censys,GNETINC-AS-AP,RAT,SetcodeRAT", "0", "DonPasci" "2026-01-06 12:02:32", "1692024", "185.115.34.131:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-k6ak2aypds", "C2,triage,xworm", "0", "DonPasci" "2026-01-06 11:41:01", "1692023", "https://lwebcontrol.com/nfront.php", "url", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "False", "https://www.virustotal.com/gui/file/00217dba498d785f92d9591cb62a287f1235ec85b81a335f89a1e39326e43adf", "c2,donut,virustotal", "0", "DonPasci" "2026-01-06 11:40:15", "1692022", "95.164.53.76:80", "ip:port", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "", "100", "False", "https://www.virustotal.com/gui/file/00217dba498d785f92d9591cb62a287f1235ec85b81a335f89a1e39326e43adf", "AS213702,c2,donut,QWINS-LTD,virustotal", "0", "DonPasci" "2026-01-06 11:36:09", "1692021", "spark.ilovegrooming.xyz", "domain", "botnet_cc", "win.spark_rat", "None", "SparkRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/10fca076384a292f5e79bb6b92dbaefbf63ad025d5dae392007a993fb5391fca", "c2,domain,SparkRAT", "0", "DonPasci" "2026-01-06 11:25:06", "1692020", "tester.attackzombie.com", "domain", "botnet_cc", "win.donut_injector", "Donut", "donut_injector", "2026-01-06 11:25:06", "100", "False", "https://x.com/malwrhunterteam/status/2007580775915606020", "c2,domain,donut", "0", "DonPasci" "2026-01-06 11:01:04", "1692019", "164.90.228.165:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/164.90.228.165", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-06 11:01:03", "1692018", "103.165.194.103:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/103.165.194.103", "AS17995,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-06 11:01:01", "1692017", "104.237.1.95:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/104.237.1.95", "AS29802,censys,GoPhish,HVC-AS,Phishing", "0", "dyingbreeds_" "2026-01-06 11:01:00", "1692016", "18.210.62.176:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/18.210.62.176", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-06 11:00:59", "1692015", "151.80.233.191:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/151.80.233.191", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2026-01-06 11:00:34", "1692014", "128.140.91.58:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-07 06:43:59", "100", "False", "https://search.censys.io/hosts/128.140.91.58", "AS24940,C2,censys,HETZNER-AS", "0", "dyingbreeds_" "2026-01-06 11:00:26", "1692013", "34.38.240.174:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-07 06:47:55", "100", "False", "https://search.censys.io/hosts/34.38.240.174", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "dyingbreeds_" "2026-01-06 11:00:15", "1692012", "123.99.192.186:7777", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "2026-01-06 12:03:13", "75", "False", "https://search.censys.io/hosts/123.99.192.186", "AS58461,C2,censys,RAT", "0", "dyingbreeds_" "2026-01-06 11:00:13", "1692011", "103.151.217.136:9999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-06 12:02:27", "100", "False", "https://search.censys.io/hosts/103.151.217.136", "AS138538,C2,censys", "0", "dyingbreeds_" "2026-01-06 11:00:07", "1692010", "143.198.221.250:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-06 12:02:26", "100", "False", "https://search.censys.io/hosts/143.198.221.250", "AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "dyingbreeds_" "2026-01-06 10:49:38", "1692009", "gmail.myddns.me", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 06:49:50", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-06 10:49:31", "1692008", "api.shenzhenschool.fun", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 06:49:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2026-01-06 10:27:02", "1692007", "dfgdfgeiurguer.live", "domain", "payload_delivery", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/52c8dbdbb49a1df98c8b79b8e268e8e7c8c9c05aee6bf3fc5aecc0093e8627b0/", "None", "0", "abuse_ch" "2026-01-06 10:20:58", "1692006", "prukinsandiz41.luxmailing.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691990", "crolinpanrol.luxmailing.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691991", "cropenval8.mail-lab.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691992", "flipinlanjal.mail-cube.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691993", "flisinfuntar.mail-lab.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691994", "flononconsal.mail-genius.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691995", "frepanlanral563.luxpost.shop", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691996", "frukinvel.luxmailer.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691997", "glaronhal.lxmail.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691998", "glasal.luxmail.space", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1691999", "glefenbonder.luxomail.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1692000", "glejal.mail-craft.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1692001", "platum.luxxmail.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1692002", "pripingor.mail-boss.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1692003", "progongor822.mail-genius.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1692004", "prorol638.luxormail.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:57", "1692005", "prosil.mail-mentor.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:56", "1691988", "cretonriz.lxmail.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:20:56", "1691989", "crical.mail-craft.store", "domain", "botnet_cc", "win.astaroth", "Guildma", "Astaroth", "", "100", "False", "https://bazaar.abuse.ch/sample/c78ea254f8b069e2e77901645da2df969ac94208c19beb1d0b4c9e76d7a0a647/", "Astaroth,Guildma", "0", "abuse_ch" "2026-01-06 10:16:16", "1691987", "sgna.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 12:07:44", "75", "False", "https://bazaar.abuse.ch/sample/01139818cc4f023f50dfa34b471e6440f097d05a767d72e7f5cf129cc1b7f3b1/", "asyncrat", "0", "abuse_ch" "2026-01-06 10:16:14", "1691986", "riku.in.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 12:07:46", "75", "False", "https://bazaar.abuse.ch/sample/01139818cc4f023f50dfa34b471e6440f097d05a767d72e7f5cf129cc1b7f3b1/", "asyncrat", "0", "abuse_ch" "2026-01-06 10:10:42", "1691985", "win678.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 12:50:56", "75", "False", "https://bazaar.abuse.ch/sample/01139818cc4f023f50dfa34b471e6440f097d05a767d72e7f5cf129cc1b7f3b1/", "asyncrat", "0", "abuse_ch" "2026-01-06 10:10:35", "1691984", "psyca.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 12:07:41", "75", "False", "https://bazaar.abuse.ch/sample/01139818cc4f023f50dfa34b471e6440f097d05a767d72e7f5cf129cc1b7f3b1/", "asyncrat", "0", "abuse_ch" "2026-01-06 10:10:23", "1691983", "automotive6.sa.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 12:07:43", "75", "False", "https://bazaar.abuse.ch/sample/01139818cc4f023f50dfa34b471e6440f097d05a767d72e7f5cf129cc1b7f3b1/", "asyncrat", "0", "abuse_ch" "2026-01-06 09:55:04", "1691982", "103.121.93.78:2525", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-01-06 09:10:40", "1691981", "62.171.142.170:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-01-06 08:53:04", "1691980", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-cl0ud/sad", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 08:50:03", "1691979", "subdomain.minhaempresa.tv", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://x.com/smica83/status/2008454920765165914", "c2,domain,xworm", "0", "DonPasci" "2026-01-06 08:48:33", "1691978", "23.94.252.101:7007", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://x.com/smica83/status/2008454920765165914", "AS207043,c2,DEDIK-IO,XWorm", "0", "DonPasci" "2026-01-06 08:44:24", "1691977", "149.109.127.122:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2026-01-07 06:44:41", "75", "False", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2026-01-06 08:44:23", "1691976", "148.178.62.51:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:44:39", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-06 08:39:15", "1691975", "8.155.144.158:8077", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://www.virustotal.com/gui/file/10203472bf7ef15ad5da186911b4f276103eec85faadf6fb2723be854e76d87c", "ALIBABA-CN-NET,AS37963,c2,virustotal,vshell", "0", "DonPasci" "2026-01-06 08:35:56", "1691974", "23.95.243.123:6161", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/9842f7e9567bb2af79bbebb8832012df472fa2b8ed8d840f95985809f2bcaa9d/", "remcos", "0", "abuse_ch" "2026-01-06 08:35:48", "1691973", "www.classicashionprobackup2.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/1da392c740766d577b9c90edda753f04710798250ab6373ef07a095e1cb7a6ad/", "remcos", "0", "abuse_ch" "2026-01-06 08:35:47", "1691972", "www.classicashionprobackup1.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/1da392c740766d577b9c90edda753f04710798250ab6373ef07a095e1cb7a6ad/", "remcos", "0", "abuse_ch" "2026-01-06 08:35:46", "1691971", "www.classicashionpro.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/1da392c740766d577b9c90edda753f04710798250ab6373ef07a095e1cb7a6ad/", "remcos", "0", "abuse_ch" "2026-01-06 08:35:37", "1691970", "192.227.153.57:8084", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://www.virustotal.com/gui/file/5bde8bdd08f2248eb947cb6242b2b788e1837cbf6e5b0a25187500dc8bed75cc", "AS-COLOCROSSING,AS36352,c2,virustotal,vshell", "0", "DonPasci" "2026-01-06 08:31:52", "1691969", "154.89.152.200:9001", "ip:port", "botnet_cc", "win.xmrig", "None", "xmrig", "", "100", "False", "https://www.virustotal.com/gui/file/b362af32333b72f5b4f9dcc233c290ec5ca0957378646a361d258bd13ed64c8f", "ABCCLOUDSDNBHD-AS-AP,AS139923,c2,CoinMiner,xmrig", "0", "DonPasci" "2026-01-06 08:22:27", "1691968", "sagent.zabbixcloud.cloud", "domain", "botnet_cc", "win.spark_rat", "None", "SparkRAT", "", "100", "False", "https://www.virustotal.com/gui/file/1f6d651be8fc9332bfa01bdc0b1232457b8a657b509de523e83765673abda32b", "c2,domain,SparkRAT,virustotal", "0", "DonPasci" "2026-01-06 08:13:23", "1691966", "lacedomu.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-06 08:13:23", "1691967", "coverxyzer.su", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-06 08:12:29", "1691965", "spielbkr.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-06 08:13:23", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-06 08:10:52", "1691964", "103.83.86.27:3612", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/f112173b5d500c88b145622a0350ae02cfce06092d413b89af9c82d800ce0f4c/", "xworm", "0", "abuse_ch" "2026-01-06 08:03:41", "1691962", "104.131.164.45:1337", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/104.131.164.45", "AS14061,C2,censys,DIGITALOCEAN-ASN,Starkillerc2", "0", "DonPasci" "2026-01-06 08:03:37", "1691960", "103.177.47.183:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.183", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-06 08:03:37", "1691961", "199.101.111.76:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.76", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-06 08:03:32", "1691959", "89.125.255.29:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/89.125.255.29", "AdaptixC2,AS212477,C2,censys,ROYALE-AS", "0", "DonPasci" "2026-01-06 08:03:09", "1691958", "192.229.116.170:4449", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2026-01-06 11:00:34", "100", "False", "https://search.censys.io/hosts/192.229.116.170", "ANTBOX1-AS-AP,AS138995,C2,censys,RAT,Venom", "0", "DonPasci" "2026-01-06 08:03:03", "1691956", "54.178.105.10:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-07 06:48:46", "100", "False", "https://search.censys.io/hosts/54.178.105.10", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2026-01-06 08:03:03", "1691957", "102.117.173.15:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-07 06:43:07", "100", "False", "https://search.censys.io/hosts/102.117.173.15", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2026-01-06 08:02:45", "1691955", "192.3.136.217:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-07 06:46:57", "100", "False", "https://search.censys.io/hosts/192.3.136.217", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2026-01-06 08:02:44", "1691954", "213.136.81.204:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-07 06:47:34", "100", "False", "https://search.censys.io/hosts/213.136.81.204", "AS51167,C2,censys,CONTABO,RAT,Remcos", "0", "DonPasci" "2026-01-06 08:02:24", "1691953", "124.71.109.52:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 06:51:25", "100", "False", "https://search.censys.io/hosts/124.71.109.52", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2026-01-06 08:02:23", "1691952", "115.190.233.79:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 06:51:04", "100", "False", "https://search.censys.io/hosts/115.190.233.79", "AS137718,C2,censys,CobaltStrike,cs-watermark-987654321,VOLCANO-ENGINE", "0", "DonPasci" "2026-01-06 07:51:37", "1691950", "app.modernbusinessevolution.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/a4c10608db883e2691dd4d2b600e94a6db7f3ebfae2fbc55bb0a5a43febae61b/", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2026-01-06 07:51:37", "1691951", "administrator.modernbusinessevolution.com", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/a4c10608db883e2691dd4d2b600e94a6db7f3ebfae2fbc55bb0a5a43febae61b/", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2026-01-06 07:50:02", "1691949", "securedock.ltd", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://bazaar.abuse.ch/sample/5b17f943852a6387ff38d516e94d9c42e5f8f54a37b5f55932edcd3f01c22a50/", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2026-01-06 07:35:14", "1691948", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-cl0ud/dash", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 07:27:38", "1691947", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-1key/dash", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 07:25:30", "1691946", "supphouse.minhacasa.tv", "domain", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/aa412cb3954e212d73da73ceb3fb468d74b2acbbdeb09ff3eb015c914bede0a0/", "None", "0", "abuse_ch" "2026-01-06 07:23:50", "1691945", "memory-scanner.cc", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/9ed2cb2a84fb6b8576cd7c14a7d8c56fb567d223e0500aea01647cc6ce3d47e9/", "None", "0", "abuse_ch" "2026-01-06 07:15:05", "1691944", "103.85.225.40:8000", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2026-01-06 07:09:30", "1691942", "springdogs.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-01-06 07:09:30", "1691943", "turnclass.xyz", "domain", "botnet_cc", "unknown_loader", "None", "Unknown Loader", "", "100", "False", "", "OffLoader", "0", "abuse_ch" "2026-01-06 06:10:44", "1691941", "qq88.za.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/aee493659ec6207cbbb1fb31b8e186b97702de4205fd49eaa585b835d7482ce6/", "asyncrat", "0", "abuse_ch" "2026-01-06 06:07:06", "1691940", "agn121-64753.portmap.host", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260106-cl6hzacs6h", "C2,domain,njrat,triage", "0", "DonPasci" "2026-01-06 06:03:27", "1691939", "mnnenmvgfj.a.pinggy.link", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260106-cnhvpacs8g", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2026-01-06 06:02:40", "1691937", "dal-business-20.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-dlkf6scj9s", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-06 06:02:40", "1691938", "ghostisrealll-39376.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260106-etgwpawles", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-06 06:00:39", "1691677", "https://topbilliondirectory.com/author/368betcv-89206/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/topbilliondirectory.com", "ClickFix", "0", "CarsonWilliams" "2026-01-06 06:00:38", "1691664", "www.essistme.com", "domain", "botnet_cc", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "None", "Gootloader", "0", "monitorsg" "2026-01-06 06:00:34", "1691686", "185.112.59.176:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-05 20:00:07", "100", "False", "None", "3,c2,loader,StealC,stealer", "0", "Bitsight" "2026-01-06 06:00:33", "1691687", "www.identitetsmanual.se", "domain", "botnet_cc", "js.gootloader", "SLOWPOUR", "GootLoader", "", "100", "True", "None", "Gootloader", "0", "monitorsg" "2026-01-06 06:00:32", "1691710", "http://62.60.226.159/geter/login.php", "url", "botnet_cc", "win.tinyloader", "None", "TinyLoader", "", "100", "False", "None", "AS214351,FEMO IT SOLUTIONS LIMITED,tinyloader", "0", "antiphishorg" "2026-01-06 06:00:31", "1691713", "http://47.101.2.90:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS37963,Hangzhou Alibaba Advertising Co. Ltd.,supershell", "0", "antiphishorg" "2026-01-06 06:00:30", "1691714", "http://117.72.62.70:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "AS141679,China Telecom Beijing Tianjin Hebei Big Data Industry Park Branch,supershell", "0", "antiphishorg" "2026-01-06 06:00:29", "1691715", "213.176.72.194:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-06 22:00:15", "100", "False", "None", "build6,c2,loader,StealC,stealer", "0", "Bitsight" "2026-01-06 06:00:13", "1691725", "84.234.99.235:1312", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle" "2026-01-06 06:00:11", "1691732", "77cb60d5a0293b34dcc98da4887e4028", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "2026-01-06 04:32:05", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Global%20Group", "global,ransomware", "0", "TheRavenFile" "2026-01-06 06:00:10", "1691733", "4abd2ecd7e3b12219b4644bcfe614561", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Global%20Group", "global,ransomware", "0", "TheRavenFile" "2026-01-06 06:00:10", "1691734", "ca979fad68362cd3d9ad24424d5ac3fd", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "75", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Global%20Group", "global,ransomware", "0", "TheRavenFile" "2026-01-06 06:00:09", "1691742", "http://178.16.54.109/lfucky.exe", "url", "botnet_cc", "win.global", "GLOBAL GROUP", "Global", "", "50", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/Global%20Group", "global,ransomware", "0", "TheRavenFile" "2026-01-06 06:00:08", "1691743", "https://3.130.42.49/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/3.130.42.49", "ClickFix", "0", "CarsonWilliams" "2026-01-06 05:52:11", "1691936", "167.71.116.96:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:55", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 05:52:10", "1691935", "192.241.128.41:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:55", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 05:52:09", "1691934", "167.99.83.147:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:54", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 05:52:08", "1691933", "64.227.78.61:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:53", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 05:52:07", "1691932", "104.248.181.152:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:53", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 05:52:05", "1691931", "209.38.46.113:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:52", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 05:52:04", "1691930", "167.172.128.152:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:51", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 05:52:03", "1691929", "138.197.123.169:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:51", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 05:52:02", "1691928", "206.189.12.206:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:50", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 05:52:00", "1691927", "159.65.29.33:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-07 00:21:50", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-06 04:33:16", "1691926", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-key/sash21", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-06 04:32:10", "1691925", "6552cd85b1ee07d8aced15897ece90c8", "md5_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:09", "1691922", "2839de01a529fe7ad145f4a1025f1be1", "md5_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:09", "1691923", "1e4391e226a261e76acdfffa04bdd75f2d65f679", "sha1_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:09", "1691924", "05fb76a09b71268dc5873c9f7160207e7c512d0f1dee822604c778838bf6c559", "sha256_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:08", "1691918", "8ec7101ec30f4c18b21af18360f691175adfa52a6474f88f0e15d064d0565a1d", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:08", "1691919", "bc853cbd116d10f15bfd073dc3447244", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:08", "1691920", "e08016485310896a4534d870d70cdfce02e5c300", "sha1_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:08", "1691921", "505d1cd0b9caf7efa10ed2076c0042ae04645aa1299baacc5033a7daef0220b8", "sha256_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:07", "1691915", "6505d5f4aba8aebf0c442a5648aab5087bcc8a406bb4a764d416ab63378b2cc5", "sha256_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:07", "1691916", "07063a1804826b58b02f2826b792a44e", "md5_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:07", "1691917", "cdd89ee49a8c726ca905dfe56742e6d48a93e163", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:06", "1691912", "55f3a2d89485bb40ea45e5fa1f24828f71a81ef4ccc541b6657fc7a861ef3add", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:06", "1691913", "e07a31636d8b705054cfaf2ec1c05edb", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:06", "1691914", "49b9e54ac1cfdc9996b7613774a509bde2633af0", "sha1_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:05", "1691910", "f6f7a37b49310287a253dbdf81e22f0593f44111215ca9308e46d2c68516196f", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:05", "1691911", "41368619f68009cbfa41da369602e1c98f712eb2", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:04", "1691907", "70cc64fb4dc5e32b9a8973be10e7e2d4378479f3521b5ab9bb044f76d1e2379b", "sha256_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:04", "1691908", "99c20da798b978ae4e6487b4acc772ab", "md5_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:04", "1691909", "d82a76db31733b9bcb48287bd5449d10180870c8", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:03", "1691904", "07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:03", "1691905", "600e1b59222ec1bf5d83f62a7cc0b9cc", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:03", "1691906", "422ab8e986e4124cf40c7c8ae3ca9d6095b45e90", "sha1_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:02", "1691902", "d9bebfa5a87db80fac3a62e9ea5e410e", "md5_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:02", "1691903", "9497cb3a673c53c4c45db85818326e675e9d928f", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:01", "1691900", "9d33f21b00fdeb209d9eba0ab4d7bbc56b51abc1", "sha1_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:01", "1691901", "5b5e85f9aaddc637b944a78fe390c93d21fa4ffadd953dc7a9412b658d9b15f0", "sha256_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:00", "1691898", "8ebb428ad35eceea596ffffc9bbf23b7ef3f09e4493eb894dade07eadb9f9652", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:32:00", "1691899", "77799727eaf6513440c0a8796944965e", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:59", "1691897", "99c1f2031431124d50b26047bba6a8643df1b3bc", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:58", "1691894", "f912afcbd388531a0d4f415114ad0f13b56089f0", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:58", "1691895", "26c4a28e9bdd3f85433ced68c48d60ac89e44ff0bde47326d3d19bddc9399a83", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:58", "1691896", "d87ea45b6dc62c259d548dfce574f3a6", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:57", "1691891", "034a838f2a4490d6e2ff2911d1389eab3246a518", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:57", "1691892", "4fc29cee350f69681728c009449f12682d90db8541459c505a2830a278be809b", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:57", "1691893", "d3a19b7bb618fddf99ecdc73a5e9cb07", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:56", "1691890", "9438dcd3d776efd3aadff0e98ecd0f9a", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:55", "1691889", "43a000847d155da05e5c080587b4eb97cbeed61bf6b5d6a4062e5f459f387888", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:52", "1691888", "ab757abaee05db62d28757373f93a91a2ef8ded8", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:50", "1691887", "17f619bf905173d95183a89b57480a66", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:49", "1691886", "a858bbbfe1332816b23c8d46443b63f318958e6748c54e4b4040fd908d175d62", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:47", "1691885", "1a470dd4cbdc249d661fe44143b1846988c804ef", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:45", "1691882", "bea42b51471e77582e00f892c95bd40c8198c78c", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:45", "1691883", "17c40dc8cfe53fc24d01df2ff4aad1d4914dd592b00d053762f12daec16c7035", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:45", "1691884", "b3ed6ab7b4fb322108895714d25acf85", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:44", "1691879", "9c763527cf5cd0dc2bd1a47bd8aa1f57a0c99aa6", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:44", "1691880", "5b0684dde84168b41eb1d7022f490f0036a90ea3d00a37e35d69323887826628", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:44", "1691881", "90e84a0928435a8f4664a5d6e646db96", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:43", "1691876", "1e8cf0c70db6ec1a96e5687fb8edfe930b338677", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:43", "1691877", "e7ba958cac186815f76fbc5809e479000a5a569034fd0425bf0fb512ac523639", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:43", "1691878", "f4ea89031ff750e457c309b849b2b278", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:42", "1691873", "97bd7c3c773bf82dc990c895e3662ee39ce20074", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:42", "1691874", "8baadd5caf6014222b98656e875382126e719f53342591a47c29c408e10fbd60", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:42", "1691875", "7b8a826eff29fce133769e7418b88312", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:41", "1691870", "ded4107d571fed90d59aa8d999f8980dcf0f0927", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:41", "1691871", "4013d5545b490d4bdea2fbfc31cad82cd73e9d617ef5946ae9b9df19d6eada48", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:41", "1691872", "adb56ea89f05cdd9acaeed4238ea355c", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:40", "1691867", "e356257de68c79976e536c21609367d41da732c1", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:40", "1691868", "23437efc7bf2f691678472e0080f4b22fa8e327d41781f95912ff6722a62f5fb", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:40", "1691869", "087065ddbd89c48b62f49230d6ef22b0", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:39", "1691864", "9bddf7dbc3b3c1632f41e2cc7949007c51e16c9e", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:39", "1691865", "823da032a4b7f64d6f3706f207d0f2a0cd44cd45b602193c4580403c2d4e8342", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:39", "1691866", "cda6134efa7ee6d95a466190f84a25fe", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:38", "1691861", "8fccaf76aa9c6450da4ca9750c81d61a3318beed", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:38", "1691862", "38b9825abef45b2fb9e0efbfae7124499af85b9f328d4619ac8a37af274e7b4e", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:38", "1691863", "16594656cf923af32ccdd0a7ab70e9ff", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:37", "1691857", "3407cbcb6d54ec7f4a1693ffd962cf68", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:37", "1691858", "9e38af4bcfa70b0940f4bdc37f494449b5caceae", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:37", "1691859", "770df171362179564bb433aa4c82502926c420482b7e6b8441a857c5934377ac", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:37", "1691860", "21325233f0f93d1a009c9a1e0f98b6e5", "md5_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:36", "1691854", "eaa689a39099a3130d977cf9ca5f9e5e", "md5_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:36", "1691855", "8cfc6432b92df8a89743937281a744c2351eac2a", "sha1_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:36", "1691856", "b1a0fd0c9c72e68f74b654988423acb2a953427e83990c26c91e5e908ec66387", "sha256_hash", "payload", "win.global", "GLOBAL GROUP", "Global", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:35", "1691851", "d7789d522fcb33668d1b7f3a819598c5", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:35", "1691852", "ac5975d9b687b6d43a17ff68b1a6095e0d99ec4f", "sha1_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:35", "1691853", "2e7230657e27ed7f47cb8a8018c7bac088bfa7ee20e168e3665385ec35734c01", "sha256_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:34", "1691848", "213f41e55bb7f0d2f3336809f0653814", "md5_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:34", "1691849", "3ff6545c9b3d4dcfb80e23c161ec3000ea800cd7", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:34", "1691850", "1af859ae8dab6d05433b1c60bd2d0e337fcd1a5e55abd7c90832e36d839f8a13", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:33", "1691845", "c2fb368770fe8db78111a61700e55895", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:33", "1691846", "f47bf155f58cbea6f85d6b5cf4bdcf972f8aee82", "sha1_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:33", "1691847", "41b946332366eee08614c375b0fba08330f51ce17ef710735bc59183529e3dbc", "sha256_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:32", "1691841", "1ae8f04c1df741db5490b76fc30b6136bd518df14f30e179c5c0d50d70bacd0f", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:32", "1691842", "2566326c89ef340429a86ce36e02e160", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:32", "1691843", "340066164fb78508209839b64af306c356c44484", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:32", "1691844", "5b7ecbe3c3b8a204f9124ebfab81dce69c5153c0b0e19b75f79f06581d93b1b1", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:31", "1691838", "d1ad885ba252de7144126fd3722839f6cccf632140490dca6989cdc6d7076a9a", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:31", "1691839", "ab951e2a04007b0f5dd4bb0575a0d0d2", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:31", "1691840", "aa1734ab6178e960bfba5f1a7d86ac8025e110f4", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:30", "1691834", "acc977bc3109e5e0c1b7118ca786dd30269387c1", "sha1_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:30", "1691835", "1b1ae798262843bc8f19e030481c7aaac400020cd9152e26681286f628d145b9", "sha256_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:30", "1691836", "0ae6f45ab2fc48d3ae5c073cdd8e4287", "md5_hash", "payload", "win.attor", "None", "Attor", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:30", "1691837", "fe6bab4c57ab9aaf117c4aa61105fdf8d193029b", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:29", "1691831", "9c9f2479fe63d85ead448c770978ca91ad07adaa", "sha1_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:29", "1691832", "938c2ee8a07cbeafc655f1f57449271c1b254f969225e8ef72a1f055c765ef75", "sha256_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:29", "1691833", "4ecdc5826df51967689b5f55528e3b7d", "md5_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:28", "1691828", "ffe15ada5a338c44cf4bdab4c38bb1dd98934d84", "sha1_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:28", "1691829", "7dc80f38cdef77c86e4a46bbcaa08b2fb9393d04bbcb1909e096cd81414fbebb", "sha256_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:28", "1691830", "847ec81ea1d28829a187489e416c8f6b", "md5_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:27", "1691825", "2537291ea270a9e6341e32a75f2162dcc835ebe2", "sha1_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:27", "1691826", "d799b7e6f8737997ba9c040a20cd729e83e6824c531f7b5eb52fcc339ef86437", "sha256_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:27", "1691827", "2b7729284851f69c70ee2ff99c18360a", "md5_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:26", "1691822", "26ebee68b678f47eca9ffbca355ee37969f9714a", "sha1_hash", "payload", "win.arkei_stealer", "ArkeiStealer", "Arkei Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:26", "1691823", "31d1c07ba414edadd583878dd111cbf7dfe0cf6a39ecdcfee9d39975c9a31e39", "sha256_hash", "payload", "win.arkei_stealer", "ArkeiStealer", "Arkei Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:26", "1691824", "1bc8fadf53aebab4d08859e645fdafce", "md5_hash", "payload", "win.arkei_stealer", "ArkeiStealer", "Arkei Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:25", "1691819", "b870172c260fd9b541a249073cc514dcee5051fa", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:25", "1691820", "cd6ae5780f0ea51212da9c633cb6b9c6dcea80cf0ce61cca31f7644d2ef0462a", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:25", "1691821", "e437754fac8a0d2b656bfe1634f506f9", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:24", "1691817", "eb2df1ba4f3b1a8681594ddcfe605c38749fd6e723bbe5c60dc885d03da0f578", "sha256_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:24", "1691818", "ce5be389732f7a563bf36859d7aa8a8b", "md5_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:23", "1691816", "b864bba28ef44433dcbb8799e1820c9ef807ff48", "sha1_hash", "payload", "win.coffee_loader", "None", "CoffeeLoader", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:22", "1691813", "d24ad1d3a86e8f23a4d9306efd16fd2e8f942278", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:22", "1691814", "b18e1a32b6e0c83273c1b3d29162a65be03d189e1863718ef5a2697eea897aef", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:22", "1691815", "38341db731a6775c00098302f871dd3c", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:21", "1691810", "39e79ab96acda6b8f2d1c09d8658e290564b6682", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:21", "1691811", "1eeae4bd8179fd33f1ec6aab09fed88e4db166e81383e5014bd92f3b12f92416", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:21", "1691812", "e1ac4f9c1361fdab8280fd7e0ff04540", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:20", "1691807", "7ec78fc4c16441339cd2f31be926d4f41cba3f7d", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:20", "1691808", "a5cd237305bf63d71639f928930d22fc0b2b112a48c4a74b6b2271bd0124c6ba", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:20", "1691809", "73053c356751f504379879723ee60ca2", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:19", "1691804", "bfd283ee68e5dcc291c2f5c15c65fd9682111151", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:19", "1691805", "112c066c16f726d0f3bcaf0217b9d76c64818e127832d3cf81abdc1d4c080b5a", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:19", "1691806", "d00b8dedd6cad796f21b5faebdd1b17c", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:18", "1691801", "6b323a69ded30d05ac2aed3b1a47f6b9a631bdd8", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:18", "1691802", "9f26363ffe8538072b6088d99b05a76074735343ea8046f76af75fcab93c5626", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:18", "1691803", "1ae725a96dddfafe0f27a3040b6a80ec", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:17", "1691798", "4a6f47d582ad7db9e945bd7deddadcac438a7e0f", "sha1_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:17", "1691799", "5ebd46d6931c37b436447575035b82e64d938e9a829838b78dfc935804d2e97b", "sha256_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:17", "1691800", "1cb916542911b00d0b1f78f1f5d66aea", "md5_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:16", "1691794", "42e7f424c19b1cee1d93d21ad6f2c077", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:16", "1691795", "8ce7d5ea1b052c5d098daa816eb7a294ab9fb13f", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:16", "1691796", "aa74f693ca9240065a96cf3b372d3fc6cfbe6f1b74ffceebf0b5a897ff05cb46", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:16", "1691797", "f9f6883b0c10ac81a6c2f657742abc59", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:15", "1691791", "3f2c30f491d0802aa57c932ce63267da", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:15", "1691792", "ac306b5e432c643d0ce91c5c0ee2c5408c1f67ae", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:15", "1691793", "e52d48d5bceab7e1a1a4bcf783690d83cfaa06ca8cb68ae73d285aa00affd8c1", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:14", "1691788", "41dbca92f8b95dc7ac0038959ab6c94f", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:14", "1691789", "403c4993871e98794934ae7ec9f432bf3ecdb520", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:14", "1691790", "732e34e74d37a7f24b098539a5a205b70baf5395bf13279c99be2bebd546c0c7", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:13", "1691785", "e7e63459891dea0d2ef03b656c38c9c3", "md5_hash", "payload", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:13", "1691786", "ce054b3257d6e031cfd743f8cc516b0c28cf3c72", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:13", "1691787", "1a9f0780df992170c2fb9f0fe2111fd0ac7d395bf41e1816e6f5a28b525914b6", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:12", "1691782", "c538706b0dad5c33ba709ba722c43ce3", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:12", "1691783", "94baefd21da563e309032f4e072b07fe1a371a4f", "sha1_hash", "payload", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:12", "1691784", "7d30c01dcb8bb19069f96f84ee4b693f4540783f5ccae37eeb1cd3d3f71bc939", "sha256_hash", "payload", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:11", "1691780", "3608a57b9557cfcd176127638417cac28e6a249f", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:11", "1691781", "aee493659ec6207cbbb1fb31b8e186b97702de4205fd49eaa585b835d7482ce6", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:10", "1691777", "d90054c8acff97bbb2f39c192cd4c268f0864e14", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:10", "1691778", "8f9e7b559aa9c2aedc0453bde8ac2eb966d00e43fd9fbdbfe50fba5591020887", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:10", "1691779", "929f97266d179df2f95626b9dc240c29", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:09", "1691774", "d4d2b1003ce35495bbf5c3ea4251d641a6b01e7b", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:09", "1691775", "4701a5fedd90061a18ab4901f4fb8f78fb54332b0fe996318cf04b5e88a6a4b8", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:09", "1691776", "620508f698e933681e92dad0bd308566", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:08", "1691771", "732cd1bb1943daf0b0c2edcd8ad1abb3928c9f06", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 03:59:16", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:08", "1691772", "196a2ff1ea16a4f2e63f41a833735477d84800e648ea6412b813b6775fa8334a", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 03:59:16", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:08", "1691773", "a042f1ee652115e63e5b389f7c4b2b38", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 03:59:16", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:07", "1691768", "c6677d16c744f174b58a17fc35b740392626c4cb", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 03:59:15", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:07", "1691769", "6173f089ad3738d51f8df09d9e59bb732b01925f9192ca5c0c68cee2a09a994c", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 03:59:15", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:07", "1691770", "e9a7943474633ec31267d959e22734ea", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 03:59:15", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:06", "1691766", "d62ef0a828a92ac117fe34edb2aacc21a4c5cf2cca0897d9e86d5898d4c485d1", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "2026-01-07 03:59:14", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:06", "1691767", "9c1e0aad3e5f84784aecdd96f47c9630", "md5_hash", "payload", "win.vidar", "None", "Vidar", "2026-01-07 03:59:15", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:31:05", "1691765", "9a004814db05b314fac7b1862a0d8ac117e0464f", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "2026-01-07 03:59:14", "95", "False", "None", "None", "0", "Grim" "2026-01-06 04:04:38", "1691764", "75.103.85.88:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/75.103.85.88", "AS14992,C2,censys,clickfix,CRYSTALTECH,first-stage", "0", "DonPasci" "2026-01-06 04:04:01", "1691763", "196.75.3.197:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/196.75.3.197", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci" "2026-01-06 04:04:00", "1691762", "54.163.169.73:789", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.163.169.73", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-06 04:03:03", "1691761", "185.76.242.120:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-06 11:00:36", "100", "False", "https://search.censys.io/hosts/185.76.242.120", "AS207713,C2,censys,DcRAT,GIR-AS,RAT", "0", "DonPasci" "2026-01-06 04:02:57", "1691760", "34.213.239.56:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-06 11:00:28", "100", "False", "https://search.censys.io/hosts/34.213.239.56", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2026-01-06 04:02:52", "1691758", "91.92.241.103:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 06:49:32", "100", "False", "https://search.censys.io/hosts/91.92.241.103", "AS214943,AsyncRAT,C2,censys,RAILNET,RAT", "0", "DonPasci" "2026-01-06 04:02:52", "1691759", "144.126.149.104:20700", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 06:44:22", "100", "False", "https://search.censys.io/hosts/144.126.149.104", "AS40021,AsyncRAT,C2,censys,CONTABO-40021,RAT", "0", "DonPasci" "2026-01-06 04:02:48", "1691757", "23.144.92.98:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/23.144.92.98", "AS979,C2,censys,NETLAB-SDN,payload,Sliver", "0", "DonPasci" "2026-01-06 04:02:38", "1691756", "5.101.85.77:6326", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-07 06:48:37", "100", "False", "https://search.censys.io/hosts/5.101.85.77", "AS-GLOBALTELEHOST,AS63023,C2,censys,RAT,Remcos", "0", "DonPasci" "2026-01-06 04:02:23", "1691755", "172.233.26.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 06:52:21", "100", "False", "https://search.censys.io/hosts/172.233.26.43", "AKAMAI-LINODE-AP,AS63949,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2026-01-06 03:10:45", "1691754", "https://spielbkr.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/9f26363ffe8538072b6088d99b05a76074735343ea8046f76af75fcab93c5626/", "lumma", "0", "abuse_ch" "2026-01-06 02:15:33", "1691753", "sunrbf.za.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-06 06:03:20", "75", "False", "https://bazaar.abuse.ch/sample/6173f089ad3738d51f8df09d9e59bb732b01925f9192ca5c0c68cee2a09a994c/", "asyncrat", "0", "abuse_ch" "2026-01-06 01:50:50", "1691752", "https://whitepepper.su/asds", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4/", "lumma", "0", "abuse_ch" "2026-01-06 01:50:48", "1691751", "https://offenms.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4/", "lumma", "0", "abuse_ch" "2026-01-06 01:50:47", "1691750", "https://izzardtow.su/cascasc", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4/", "lumma", "0", "abuse_ch" "2026-01-06 01:50:45", "1691749", "https://homuncloud.su/ascasef", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4/", "lumma", "0", "abuse_ch" "2026-01-06 01:50:43", "1691748", "https://heavylussy.su/ccvfd", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4/", "lumma", "0", "abuse_ch" "2026-01-06 01:50:41", "1691747", "https://hammernew.su/asdase", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4/", "lumma", "0", "abuse_ch" "2026-01-06 01:50:39", "1691746", "https://familyriwo.su/fssdaw", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4/", "lumma", "0", "abuse_ch" "2026-01-06 01:50:37", "1691745", "https://broguenko.su/asfase", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4/", "lumma", "0", "abuse_ch" "2026-01-06 01:50:35", "1691744", "https://basilicros.su/asdasq", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/07b8e705a0017ab1df5ffabc1fc7fb0a4d0738e98235b5725e47bb9d5229c5c4/", "lumma", "0", "abuse_ch" "2026-01-06 00:05:50", "1691741", "216.119.126.23:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/216.119.126.23", "AS14992,C2,censys,clickfix,CRYSTALTECH,first-stage", "0", "DonPasci" "2026-01-06 00:05:49", "1691740", "3.130.42.49:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/3.130.42.49", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci" "2026-01-06 00:05:45", "1691739", "104.131.164.45:80", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/104.131.164.45", "AS14061,C2,censys,DIGITALOCEAN-ASN,PowershellEmpire", "0", "DonPasci" "2026-01-06 00:05:41", "1691738", "196.75.236.2:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/196.75.236.2", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci" "2026-01-06 00:04:59", "1691737", "194.163.179.157:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-07 06:47:04", "100", "False", "https://search.censys.io/hosts/194.163.179.157", "AS51167,censys,CONTABO,EvilGoPhish,panel,Phishing", "0", "DonPasci" "2026-01-06 00:04:04", "1691736", "66.135.27.20:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-06 11:00:28", "100", "False", "https://search.censys.io/hosts/66.135.27.20", "AS-VULTR,AS20473,C2,censys,Mythic", "0", "DonPasci" "2026-01-05 23:54:57", "1691735", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-ls-key/7fnk", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-05 23:40:27", "1691731", "zuqiuzhiye.cn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/1eeae4bd8179fd33f1ec6aab09fed88e4db166e81383e5014bd92f3b12f92416/", "asyncrat", "0", "abuse_ch" "2026-01-05 23:40:20", "1691730", "kf8.cn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/1eeae4bd8179fd33f1ec6aab09fed88e4db166e81383e5014bd92f3b12f92416/", "asyncrat", "0", "abuse_ch" "2026-01-05 23:40:19", "1691729", "ceu.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/1eeae4bd8179fd33f1ec6aab09fed88e4db166e81383e5014bd92f3b12f92416/", "asyncrat", "0", "abuse_ch" "2026-01-05 23:37:53", "1691728", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-ky/roj19", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-05 23:31:40", "1691727", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/put200", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-05 23:16:01", "1691726", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/tem41", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-05 23:01:53", "1691724", "51.45.9.16:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/51.45.9.16", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-05 23:01:52", "1691722", "157.230.28.1:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/157.230.28.1", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-05 23:01:52", "1691723", "117.72.91.252:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/117.72.91.252", "AS141679,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-05 23:01:51", "1691721", "162.245.186.118:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/162.245.186.118", "AS19318,censys,GoPhish,IS-AS-1,Phishing", "0", "dyingbreeds_" "2026-01-05 23:01:44", "1691720", "185.172.129.105:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/185.172.129.105", "AS204154,censys,FIRST-SERVER-US-AS,Viper", "0", "dyingbreeds_" "2026-01-05 23:00:54", "1691719", "galciabeneficios.shop", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-06 00:04:09", "100", "False", "https://search.censys.io/hosts/185.208.159.162+galciabeneficios.shop", "AS42624,C2,censys,SWISSNETWORK02", "0", "dyingbreeds_" "2026-01-05 23:00:49", "1691717", "163.172.58.59:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-06 00:04:05", "100", "False", "https://search.censys.io/hosts/163.172.58.59", "AS12876,C2,censys,Mythic", "0", "dyingbreeds_" "2026-01-05 23:00:49", "1691718", "163.172.58.59:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-07 06:45:11", "100", "False", "https://search.censys.io/hosts/163.172.58.59", "AS12876,C2,censys,Mythic", "0", "dyingbreeds_" "2026-01-05 23:00:07", "1691716", "69.63.200.182:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-07 06:53:55", "100", "False", "https://search.censys.io/hosts/69.63.200.182", "AS906,C2,censys,DMIT", "0", "dyingbreeds_" "2026-01-05 21:28:30", "1691712", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-13-fd-cloude/sten47", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-05 21:22:10", "1691711", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tu20", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-05 20:28:57", "1691709", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tons25", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-05 20:25:18", "1691708", "open88-01.pro", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/732e34e74d37a7f24b098539a5a205b70baf5395bf13279c99be2bebd546c0c7/", "asyncrat", "0", "abuse_ch" "2026-01-05 20:25:16", "1691707", "ampelectrical.it.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/732e34e74d37a7f24b098539a5a205b70baf5395bf13279c99be2bebd546c0c7/", "asyncrat", "0", "abuse_ch" "2026-01-05 20:24:02", "1691706", "62.60.226.159:80", "ip:port", "botnet_cc", "win.tinyloader", "None", "TinyLoader", "2026-01-07 07:00:03", "50", "False", "https://tracker.viriback.com/index.php?q=62.60.226.159", "TinyLoader,ViriBack", "0", "abuse_ch" "2026-01-05 20:20:28", "1691705", "win678.uk.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b18e1a32b6e0c83273c1b3d29162a65be03d189e1863718ef5a2697eea897aef/", "asyncrat", "0", "abuse_ch" "2026-01-05 20:20:26", "1691704", "win678.de.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b18e1a32b6e0c83273c1b3d29162a65be03d189e1863718ef5a2697eea897aef/", "asyncrat", "0", "abuse_ch" "2026-01-05 20:20:25", "1691703", "win678.cn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b18e1a32b6e0c83273c1b3d29162a65be03d189e1863718ef5a2697eea897aef/", "asyncrat", "0", "abuse_ch" "2026-01-05 20:07:52", "1691702", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/pet12", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-05 20:04:30", "1691701", "jersey-tricks.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://www.virustotal.com/gui/file/aa74f693ca9240065a96cf3b372d3fc6cfbe6f1b74ffceebf0b5a897ff05cb46", "c2,domain,Quasar,rat,virustotal", "0", "DonPasci" "2026-01-05 20:04:13", "1691700", "185.146.233.228:8080", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/185.146.233.228", "AS200651,C2,censys,FLOKINET,Starkillerc2", "0", "DonPasci" "2026-01-05 20:04:11", "1691699", "213.163.204.80:10000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/213.163.204.80", "AS202053,C2,censys,CobaltStrike,open-dir,UPCLOUD", "0", "DonPasci" "2026-01-05 20:04:09", "1691698", "54.226.62.115:37556", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.226.62.115", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-05 20:04:08", "1691695", "83.244.127.230:4444", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/83.244.127.230", "AS12975,C2,censys,hacktool,MetaSploit,Meterpreter,PALTEL-AS", "0", "DonPasci" "2026-01-05 20:04:08", "1691696", "54.159.225.70:18245", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.159.225.70", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-05 20:04:08", "1691697", "54.226.62.115:20256", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.226.62.115", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-05 20:03:41", "1691694", "69.167.10.51:443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-05 23:00:57", "100", "False", "https://search.censys.io/hosts/69.167.10.51", "AS40861,C2,censys,DcRAT,PARAD-40-ASN,RAT", "0", "DonPasci" "2026-01-05 20:03:35", "1691693", "192.253.234.63:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2026-01-07 06:46:56", "100", "False", "https://search.censys.io/hosts/192.253.234.63", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Hookbot", "0", "DonPasci" "2026-01-05 20:03:34", "1691691", "35.233.18.166:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-07 06:47:59", "100", "False", "https://search.censys.io/hosts/35.233.18.166", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Mythic", "0", "DonPasci" "2026-01-05 20:03:34", "1691692", "34.213.239.56:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-05 23:00:50", "100", "False", "https://search.censys.io/hosts/34.213.239.56", "AMAZON-02,AS16509,C2,censys,Mythic", "0", "DonPasci" "2026-01-05 20:03:29", "1691690", "162.243.28.13:8400", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 06:45:10", "100", "False", "https://search.censys.io/hosts/162.243.28.13", "AS14061,AsyncRAT,C2,censys,DIGITALOCEAN-ASN,RAT", "0", "DonPasci" "2026-01-05 20:03:28", "1691689", "34.78.59.131:3000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 06:47:56", "100", "False", "https://search.censys.io/hosts/34.78.59.131", "AS396982,AsyncRAT,C2,censys,GOOGLE-CLOUD-PLATFORM,RAT", "0", "DonPasci" "2026-01-05 20:03:15", "1691688", "194.14.217.105:443", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://search.censys.io/hosts/194.14.217.105", "AS9009,C2,censys,M247,RAT,SpiceRAT", "0", "DonPasci" "2026-01-05 19:52:26", "1691685", "64.188.79.45:8000", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://www.joesandbox.com/analysis/1845062/0/html", "AS209693,c2,joesandbox,OC-NETWORK,stealer,Xorium", "0", "DonPasci" "2026-01-05 19:36:52", "1691684", "107.152.32.98:8840", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260105-s7zwbasqbq", "AS11878,c2,Quasar,rat,TZULO", "0", "DonPasci" "2026-01-05 19:35:46", "1691683", "6nuzshlva.localto.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260105-s7zwbasqbq", "c2,domain,Quasar,rat,triage", "0", "DonPasci" "2026-01-05 19:27:30", "1691682", "mullanyauricvista.com", "domain", "botnet_cc", "win.deerstealer", "None", "DeerStealer", "", "100", "False", "https://tria.ge/251231-tb1cmsct4g", "c2,deerstealer,domain,stealer,triage", "0", "DonPasci" "2026-01-05 19:25:19", "1691681", "holdrem.dynuddns.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/1af859ae8dab6d05433b1c60bd2d0e337fcd1a5e55abd7c90832e36d839f8a13/", "remcos", "0", "abuse_ch" "2026-01-05 19:20:14", "1691680", "xid.zabbixcloud.cloud", "domain", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://tria.ge/250930-lkpy9sdp31", "c2,domain,triage,vshell", "0", "DonPasci" "2026-01-05 19:18:09", "1691679", "194.56.225.14:443", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://www.virustotal.com/gui/file/21e4eb28e3509407ff134a7f2956a23d993f4a7ed5e8364f9b0bdcfff33433d3", "AS142594,c2,SPEEDYPAGELTD-AS-AP,virustotal,VShell", "0", "DonPasci" "2026-01-05 19:15:34", "1691678", "linux.docker-update.com", "domain", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://www.virustotal.com/gui/file/21e4eb28e3509407ff134a7f2956a23d993f4a7ed5e8364f9b0bdcfff33433d3", "c2,domain,virustotal,VShell", "0", "DonPasci" "2026-01-05 18:52:57", "1691676", "89.125.255.226:8443", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://search.censys.io/hosts/89.125.255.226", "365-Stealer,AS212477,censys,opendir,ROYALE-AS,stealer", "0", "DonPasci" "2026-01-05 18:46:56", "1691675", "39.40.139.67:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2026-01-07 06:48:08", "75", "False", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2026-01-05 18:28:30", "1691674", "204.48.26.120:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:28", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:28:29", "1691673", "159.65.108.10:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:28", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:28:28", "1691672", "188.166.144.67:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:27", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:28:27", "1691671", "143.198.3.74:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:26", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:28:26", "1691670", "138.68.188.230:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:26", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:28:25", "1691669", "178.128.185.35:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:25", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:28:24", "1691668", "206.189.182.30:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:23", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:28:23", "1691667", "138.197.217.91:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:24", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:28:22", "1691666", "159.65.216.7:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:23", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:28:21", "1691665", "206.189.7.37:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-05 19:37:22", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 18:02:43", "1691663", "CRINGEASFASLTO-34920.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260105-a1n65abw6c", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-05 17:04:31", "1691662", "130.12.180.108:44532", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/4828cdeeb726ac3ac178441bce69ef804373522045bce9f917fee59269535b6b/", "Mirai", "0", "abuse_ch" "2026-01-05 16:59:13", "1691661", "91.208.206.49:6699", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/7362b0cccda81090811164cefa514e0687e31329c773ae287c3c0ed0b9deda8e/", "Mirai", "0", "abuse_ch" "2026-01-05 16:57:50", "1691660", "176.65.132.46:38241", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/7720750a19073e4567d2cadf84bac8b7cbfc2ea89d9b5b32bb9e8af311dac236/", "Mirai", "0", "abuse_ch" "2026-01-05 16:55:58", "1691659", "45.156.87.115:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/2bc736600a09538b49f17eb1eb1bb8ccdfc332355141bab80b8654437aff9b8e/", "Mirai", "0", "abuse_ch" "2026-01-05 16:53:11", "1691658", "87.248.150.68:8010", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/5be60b6dbc6d6ab4b62a1b2639acec1099ffffa6ff4ab49d957e87aaf2ba9dd6/", "Mirai", "0", "abuse_ch" "2026-01-05 16:46:02", "1691657", "45.153.34.74:12344", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://bazaar.abuse.ch/sample/73ed2c3b85a3b6805b6ec88cb67bf2141b2a3bb41792ebc2df9659771e437e54/", "Mirai", "0", "abuse_ch" "2026-01-05 16:19:57", "1691608", "https://18.119.212.249/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/18.119.212.249", "ClickFix", "0", "CarsonWilliams" "2026-01-05 16:19:57", "1691618", "http://89.125.255.226:82/365-Stealer/yourVictims/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "365-stealer,AS212477,RoyaleHosting BV", "0", "antiphishorg" "2026-01-05 16:19:56", "1691619", "89.125.255.226:82", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "365-stealer,AS212477,RoyaleHosting BV", "0", "antiphishorg" "2026-01-05 16:19:56", "1691620", "77.110.119.94:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-06 14:00:09", "100", "False", "None", "8153269964,c2,loader,StealC,stealer", "0", "Bitsight" "2026-01-05 16:19:56", "1691622", "http://178.16.54.109/l2.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:55", "1691621", "http://178.16.54.109/l1.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:54", "1691623", "http://178.16.54.109/l3.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:53", "1691624", "http://178.16.54.109/l4.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:53", "1691625", "http://178.16.54.109/l5.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:53", "1691626", "http://178.16.54.109/l6.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:52", "1691627", "http://178.16.54.109/l7.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:52", "1691631", "http://178.16.54.109/l11.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:51", "1691630", "http://178.16.54.109/l10.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:50", "1691628", "http://178.16.54.109/l8.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:50", "1691629", "http://178.16.54.109/l9.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:49", "1691632", "http://178.16.54.109/l12.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:49", "1691633", "http://178.16.54.109/l13.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:49", "1691634", "http://178.16.54.109/l14.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:48", "1691635", "http://178.16.54.109/l15.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 16:19:48", "1691636", "https://scrroeder.com/1q1q.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/115842873686551807", "KongTuke", "0", "monitorsg" "2026-01-05 16:19:47", "1691637", "scrroeder.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-05 14:06:24", "100", "True", "https://infosec.exchange/@monitorsg/115842873686551807", "KongTuke", "0", "monitorsg" "2026-01-05 16:19:47", "1691638", "https://scrroeder.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/115842873686551807", "KongTuke", "0", "monitorsg" "2026-01-05 16:19:46", "1691639", "http://144.31.221.71/a", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/115842873686551807", "KongTuke", "0", "monitorsg" "2026-01-05 16:19:43", "1691651", "https://chrispetley.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/chrispetley.com", "ClickFix", "0", "CarsonWilliams" "2026-01-05 16:04:35", "1691652", "34.102.116.83:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/34.102.116.83", "AS396982,C2,censys,clickfix,first-stage,GOOGLE-CLOUD-PLATFORM", "0", "DonPasci" "2026-01-05 15:01:17", "1691650", "54.92.96.88:48001", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://bazaar.abuse.ch/sample/abca2eeb4070fa29f5cec8217d7c938973a8ecb184138aa83d3180bb4cfd8832/", "AMAZON-02,AS16509,c2,vshell", "0", "DonPasci" "2026-01-05 14:56:10", "1691649", "https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-113-cloud/eos24", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "", "ClearFake", "0", "threatcat_ch" "2026-01-05 14:51:02", "1691648", "157.230.59.188:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 16:51:38", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 14:44:48", "1691647", "https://github.com/gstatic-kh5q6ekh/cdn-113-cloud/blob/main/eos24)", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch" "2026-01-05 14:22:32", "1691643", "annonalc.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-06 08:12:29", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-05 14:22:32", "1691644", "porcupvu.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-05 14:22:32", "1691645", "statisnv.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-05 14:22:32", "1691646", "genusstv.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-06 08:12:29", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2026-01-05 14:15:42", "1691642", "165.232.92.145:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 17:08:39", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 14:15:15", "1691641", "165.227.29.5:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 17:08:20", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 14:14:44", "1691640", "178.128.66.197:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 17:08:01", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 13:57:16", "1691617", "139.59.181.228:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 17:08:11", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 13:57:15", "1691616", "165.232.105.76:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 17:08:09", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 13:57:14", "1691615", "68.183.40.145:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 17:08:07", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 13:57:13", "1691614", "46.101.47.30:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 17:08:03", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 13:57:12", "1691613", "161.35.4.69:8001", "ip:port", "botnet_cc", "elf.aisuru", "None", "Aisuru", "2026-01-06 17:08:30", "75", "False", "None", "AISURU", "0", "abuse_ch" "2026-01-05 13:37:06", "1691611", "gvo.tfba.me", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 13:37:06", "1691612", "gvo.kievteplo.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 13:36:51", "1691609", "https://gvo.tfba.me/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 13:36:51", "1691610", "https://gvo.kievteplo.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 13:21:43", "1691602", "http://178.16.54.109/lfucky.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-06 17:08:02", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 13:21:42", "1691601", "http://178.16.54.109/lfuck.exe", "url", "payload_delivery", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "2026-01-06 17:08:29", "100", "False", "None", "Download,Phorpiex", "0", "Bitsight" "2026-01-05 13:21:42", "1691605", "http://213.5.130.122", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:41", "1691603", "http://213.5.130.151", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691604", "http://213.5.130.124", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691606", "http://213.5.130.187", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 13:21:40", "1691607", "ttwweb.live", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "None", "c2,REMPROXY", "0", "BlackLotusLabs" "2026-01-05 12:03:39", "1691600", "18.119.212.249:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/18.119.212.249", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci" "2026-01-05 12:03:32", "1691599", "199.101.111.240:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.240", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-05 12:02:40", "1691598", "Clawless-42512.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260105-kn8p4syqdl", "C2,domain,triage,xworm", "0", "DonPasci" "2026-01-05 11:01:29", "1691597", "3.80.48.2:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/3.80.48.2", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2026-01-05 11:01:26", "1691596", "20.196.109.183:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/20.196.109.183", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2026-01-05 11:01:18", "1691595", "45.61.134.92:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/45.61.134.92", "AS14956,censys,ROUTERHOSTING,Viper", "0", "dyingbreeds_" "2026-01-05 11:00:22", "1691594", "185.196.8.221:5001", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 06:46:23", "100", "False", "https://search.censys.io/hosts/185.196.8.221", "AS42624,C2,censys,RAT,SWISSNETWORK02", "0", "dyingbreeds_" "2026-01-05 11:00:08", "1691593", "121.36.217.43:1234", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-05 12:02:20", "100", "False", "https://search.censys.io/hosts/121.36.217.43", "AS55990,C2,censys", "0", "dyingbreeds_" "2026-01-05 10:31:05", "1691591", "156.226.174.252:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "", "c2,sliver", "0", "juroots" "2026-01-05 10:31:05", "1691592", "156.226.174.252:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:09", "50", "False", "", "c2,sliver", "0", "juroots" "2026-01-05 10:30:07", "1691590", "api.bitcoinusdtusdc.xyz", "domain", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "", "c2,sliver", "0", "juroots" "2026-01-05 10:13:22", "1691589", "176.65.132.242:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-06 09:10:11", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2026-01-05 10:12:52", "1691588", "175.24.138.5:8088", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-305419896", "0", "abuse_ch" "2026-01-05 10:07:57", "1691585", "65.21.63.246:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:57", "1691586", "91.124.149.85:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:57", "1691587", "77.42.42.202:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691575", "84.200.87.5:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691576", "185.196.11.23:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691577", "95.217.246.140:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691578", "95.217.29.133:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691579", "46.62.159.110:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691580", "95.217.24.39:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691581", "5.75.196.146:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691582", "95.216.178.83:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691583", "95.217.28.115:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:56", "1691584", "95.217.243.215:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:55", "1691567", "185.196.8.99:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:55", "1691568", "185.208.156.57:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:55", "1691569", "86.54.42.227:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:55", "1691570", "185.208.156.184:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:55", "1691571", "95.216.181.234:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:55", "1691572", "141.11.164.188:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:55", "1691573", "91.124.149.170:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:55", "1691574", "95.217.240.165:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:29", "1691566", "krs.kievteplo.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691547", "ptn.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691548", "pex.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691549", "y26.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691550", "drn.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691551", "bnb.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691552", "lop.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691553", "fre.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691554", "ges.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691555", "nnw.passadisco.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691556", "ptn.kievteplo.in.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691557", "pex.kievteplo.in.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691558", "y26.kievteplo.in.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691559", "drn.kievteplo.in.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691560", "bnb.kievteplo.in.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691561", "lop.kievteplo.in.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691562", "fre.kievteplo.in.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691563", "ges.kievteplo.in.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691564", "nnw.kievteplo.in.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:28", "1691565", "grj.kievteplo.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691533", "hov.multiatend.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691534", "hov.kievholod.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691535", "dit.multiatend.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691536", "boe.multiatend.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691537", "boe.kievholod.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691538", "rfg.multiatend.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691539", "rfg.kievholod.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691540", "xet.multiatend.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691541", "gog.multiatend.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691542", "gog.kievholod.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691543", "hex.multiatend.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691544", "hex.kievholod.kiev.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691545", "grj.tfba.me", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:07:27", "1691546", "krs.tfba.me", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:57", "1691530", "https://185.167.234.238/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:57", "1691531", "https://91.124.149.85/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:57", "1691532", "https://77.42.42.202/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:56", "1691524", "https://95.217.24.39/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:56", "1691525", "https://5.75.196.146/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:56", "1691526", "https://95.216.178.83/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:56", "1691527", "https://95.217.28.115/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:56", "1691528", "https://95.217.243.215/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:56", "1691529", "https://65.21.63.246/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:55", "1691518", "https://95.217.240.165/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:55", "1691519", "https://84.200.87.5/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:55", "1691520", "https://185.196.11.23/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:55", "1691521", "https://95.217.246.140/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:55", "1691522", "https://95.217.29.133/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:55", "1691523", "https://46.62.159.110/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:54", "1691512", "https://185.196.8.99/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:54", "1691513", "https://185.208.156.57/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:54", "1691514", "https://86.54.42.227/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:54", "1691515", "https://185.208.156.184/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:54", "1691516", "https://141.11.164.188/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:54", "1691517", "https://91.124.149.170/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:53", "1691506", "https://ges.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:53", "1691507", "https://nnw.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:53", "1691508", "https://oil.kievteplo.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:53", "1691509", "https://grj.kievteplo.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:53", "1691510", "https://krs.kievteplo.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:53", "1691511", "https://ptn.kievteplo.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:52", "1691499", "https://pex.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:52", "1691500", "https://lgo.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:52", "1691501", "https://y26.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:52", "1691502", "https://drn.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:52", "1691503", "https://bnb.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:52", "1691504", "https://lop.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:52", "1691505", "https://fre.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:51", "1691492", "https://drn.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:51", "1691493", "https://bnb.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:51", "1691494", "https://lop.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:51", "1691495", "https://fre.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:51", "1691496", "https://ges.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:51", "1691497", "https://nnw.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:51", "1691498", "https://ptn.kievteplo.in.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:50", "1691486", "https://krs.tfba.me/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:50", "1691487", "https://ptn.tfba.me/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:50", "1691488", "https://ptn.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:50", "1691489", "https://pex.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:50", "1691490", "https://lgo.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:50", "1691491", "https://y26.passadisco.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:49", "1691480", "https://dit.multiatend.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:49", "1691481", "https://dit.kievholod.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:49", "1691482", "https://hov.multiatend.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:49", "1691483", "https://hov.kievholod.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:49", "1691484", "https://oil.tfba.me/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:49", "1691485", "https://grj.tfba.me/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:48", "1691473", "https://gog.kievholod.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:48", "1691474", "https://xet.multiatend.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:48", "1691475", "https://xet.kievholod.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:48", "1691476", "https://rfg.multiatend.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:48", "1691477", "https://rfg.kievholod.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:48", "1691478", "https://boe.multiatend.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:48", "1691479", "https://boe.kievholod.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:47", "1691470", "https://hex.multiatend.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:47", "1691471", "https://hex.kievholod.kiev.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 10:06:47", "1691472", "https://gog.multiatend.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x" "2026-01-05 09:55:05", "1691469", "90.143.182.93:5552", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "None", "NjRAT", "0", "abuse_ch" "2026-01-05 09:48:34", "1691467", "https://3.150.227.197/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/3.150.227.197", "ClickFix", "0", "CarsonWilliams" "2026-01-05 09:48:33", "1691468", "https://34.102.116.83/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/34.102.116.83", "ClickFix", "0", "CarsonWilliams" "2026-01-05 09:28:51", "1691464", "pitifed.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "c2,lumma", "0", "juroots" "2026-01-05 09:28:51", "1691465", "sendyprotecte.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "50", "False", "", "c2,lumma", "0", "juroots" "2026-01-05 09:27:40", "1691462", "47.122.114.32:10819", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots" "2026-01-05 09:27:40", "1691463", "104.64.192.238:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots" "2026-01-05 09:27:17", "1691460", "among-publisher.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots" "2026-01-05 09:27:17", "1691461", "bill-lu.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots" "2026-01-05 09:26:42", "1691458", "https://pastebin.com/raw/BnfuTUHU", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots" "2026-01-05 09:26:42", "1691459", "https://pastebin.com/raw/akZF25tE", "url", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "False", "", "c2,xworm", "0", "juroots" "2026-01-05 09:26:09", "1691457", "185.157.162.101:3435", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots" "2026-01-05 09:25:51", "1691456", "yuahdgbceja.sytes.net", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "False", "", "c2,remcos", "0", "juroots" "2026-01-05 09:25:33", "1691453", "https://telete.in/jbitchsucks", "url", "botnet_cc", "win.raccoon", "Mohazo,RaccoonStealer,Racealer,Racoon", "Raccoon", "", "50", "False", "", "c2,raccoon", "0", "juroots" "2026-01-05 09:25:33", "1691454", "https://telete.in/jredmankun", "url", "botnet_cc", "win.raccoon", "Mohazo,RaccoonStealer,Racealer,Racoon", "Raccoon", "", "50", "False", "", "c2,raccoon", "0", "juroots" "2026-01-05 09:25:33", "1691455", "https://tttttt.me/jredmankun", "url", "botnet_cc", "win.raccoon", "Mohazo,RaccoonStealer,Racealer,Racoon", "Raccoon", "", "50", "False", "", "c2,raccoon", "0", "juroots" "2026-01-05 09:24:54", "1691451", "milolo-44643.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots" "2026-01-05 09:24:54", "1691452", "webdowner.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "50", "False", "", "c2,quasar", "0", "juroots" "2026-01-05 09:24:14", "1691447", "lmfao.school-kids.space", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "False", "", "c2,mirai", "0", "juroots" "2026-01-05 09:24:14", "1691448", "rfrfcrfvcrvfrvfrf.duckdns.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "False", "", "c2,mirai", "0", "juroots" "2026-01-05 09:24:14", "1691449", "sndrsshtvip.vip", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "False", "", "c2,mirai", "0", "juroots" "2026-01-05 09:24:14", "1691450", "www.id888.pw", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "False", "", "c2,mirai", "0", "juroots" "2026-01-05 09:23:50", "1691446", "https://thammyvienanthea.com/mmm/playbook/onelove/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "50", "False", "", "c2,lokibot", "0", "juroots" "2026-01-05 09:23:12", "1691445", "https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%211158&authkey=ACUV8eZ2ZZ9Qq9sa", "url", "payload_delivery", "unknown_loader", "None", "Unknown Loader", "", "50", "False", "", "guloader", "0", "juroots" "2026-01-05 09:22:47", "1691438", "client.traumvillen.de.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-05 09:24:53", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:47", "1691439", "client.virtuoso.uk.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-05 09:24:53", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:47", "1691440", "login.danhdeonline.co.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:47", "1691441", "login.vidyaayurved.in.net", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:47", "1691442", "server.traumvillen.de.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-05 09:24:54", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:47", "1691443", "server.virtuoso.uk.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-05 09:24:54", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:47", "1691444", "wqp.uk.com", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-05 09:22:48", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691427", "1.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691428", "10.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691429", "2.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691430", "3.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691431", "4.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691432", "5.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691433", "6.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691434", "7.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691435", "8.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-05 09:22:47", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691436", "9.qq88765.online", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:46", "1691437", "avefenix35630.duckdns.org", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "False", "", "c2,dcrat", "0", "juroots" "2026-01-05 09:22:25", "1691424", "disayts10.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "False", "", "c2,cryptbot", "0", "juroots" "2026-01-05 09:22:25", "1691425", "lisagy25.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "False", "", "c2,cryptbot", "0", "juroots" "2026-01-05 09:22:25", "1691426", "morlisanqr02.top", "domain", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "False", "", "c2,cryptbot", "0", "juroots" "2026-01-05 09:22:07", "1691422", "http://lisagy25.top/index.php", "url", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "False", "", "c2,cryptbot", "0", "juroots" "2026-01-05 09:22:07", "1691423", "http://morlisanqr02.top/index.php", "url", "botnet_cc", "win.cryptbot", "None", "CryptBot", "", "50", "False", "", "c2,cryptbot", "0", "juroots" "2026-01-05 09:21:41", "1691421", "http://disayts10.top/download.php?file=4.exe", "url", "payload_delivery", "win.cryptbot", "None", "CryptBot", "", "50", "False", "", "cryptbot", "0", "juroots" "2026-01-05 09:21:06", "1691420", "x.maximaforfa.com", "domain", "botnet_cc", "win.bunitu", "None", "Bunitu", "", "50", "False", "", "bunitu,c2", "0", "juroots" "2026-01-05 09:21:05", "1691419", "w.maximaforfa.com", "domain", "botnet_cc", "win.bunitu", "None", "Bunitu", "", "50", "False", "", "bunitu,c2", "0", "juroots" "2026-01-05 09:20:44", "1691414", "login.kk999.net.br", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:44", "1691415", "logs.999slot.media", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:44", "1691416", "logs.altex.jpn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:44", "1691417", "logs.kubet.de.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:44", "1691418", "msf.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:43", "1691406", "api.999slot.media", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:43", "1691407", "api.emi.co.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:43", "1691408", "api.naturesremedies.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:43", "1691409", "channel-think.gl.at.ply.gg", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:43", "1691410", "clearsolutions.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:43", "1691411", "fly88-1.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-05 09:20:44", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:43", "1691412", "hho.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:20:43", "1691413", "hvu.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "False", "", "asyncrat,c2", "0", "juroots" "2026-01-05 09:19:40", "1691404", "https://qinh12.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlquery.net/report/0d1087e8-0ca8-4452-80d5-77450832d98e", "c2,spynote,urlquery", "0", "juroots" "2026-01-05 09:19:40", "1691405", "https://chenzx01.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlquery.net/report/bb798e1e-95f0-4ce1-80e1-b42d90cd1ec7", "c2,spynote,urlquery", "0", "juroots" "2026-01-05 09:18:03", "1691402", "https://95.181.160.249/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://urlquery.net/report/4679f472-2f0a-4981-a065-b72a4f2b96f9", "c2,unam,urlquery", "0", "juroots" "2026-01-05 09:18:03", "1691403", "https://185.132.53.18/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://urlquery.net/report/e4d0ed95-1003-44ae-9099-b39e82a1607f", "c2,unam,urlquery", "0", "juroots" "2026-01-05 09:17:30", "1691401", "https://154.201.84.243:8080/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "False", "https://urlquery.net/report/6ef254fa-7f3f-4ada-bd3a-329bd83de3f4", "c2,hookbot,urlquery", "0", "juroots" "2026-01-05 09:16:59", "1691400", "http://193.236.79.44/attivita/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "False", "https://urlscan.io/result/019b8d72-07e6-7102-85a9-044ba329f440", "amadey,c2,urlscan", "0", "juroots" "2026-01-05 09:16:58", "1691399", "https://77.91.77.140/g9bkfkwf/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "50", "False", "https://urlscan.io/result/019b8d72-02dc-7539-aa17-6f780a41ce8b", "amadey,c2,urlscan", "0", "juroots" "2026-01-05 09:16:02", "1691398", "http://94.183.168.33/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "False", "https://urlscan.io/result/019b8d71-260f-741a-b3f5-f2bb7d4d56b4", "c2,hookbot,urlscan", "0", "juroots" "2026-01-05 09:16:00", "1691397", "http://154.61.69.121/", "url", "botnet_cc", "apk.hook", "None", "Hook", "", "50", "False", "https://urlscan.io/result/019b8d71-21e1-7659-a69f-7b2164d7b2f7", "c2,hookbot,urlscan", "0", "juroots" "2026-01-05 09:15:57", "1691396", "http://154.201.84.243:8080/", "url", "botnet_cc", "apk.hook", "None", "Hook", "2026-01-05 09:16:04", "50", "False", "https://urlscan.io/result/019b8d71-1492-70e3-960d-8a75d3d0006e", "c2,hookbot,urlscan", "0", "juroots" "2026-01-05 09:15:56", "1691395", "https://185.11.61.143:45051/", "url", "botnet_cc", "apk.hook", "None", "Hook", "2026-01-05 09:16:03", "50", "False", "https://urlscan.io/result/019b8d71-10ac-76c8-b85e-cea3c6143f94", "c2,hookbot,urlscan", "0", "juroots" "2026-01-05 09:15:40", "1691394", "http://89.110.110.198/f999fb4b778f4b7a.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019b8d70-d14c-7609-81fa-55ffa8317ae9", "c2,stealc,urlscan", "0", "juroots" "2026-01-05 09:15:39", "1691393", "http://77.110.109.2/ce369e7324834845.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019b8d70-cd70-7367-9147-0e0764c71a0e", "c2,stealc,urlscan", "0", "juroots" "2026-01-05 09:15:34", "1691392", "https://45.131.215.139/4c0eeee3a4b86b26.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "50", "False", "https://urlscan.io/result/019b8d70-bca8-738a-b54b-6873cec8cc4d", "c2,stealc,urlscan", "0", "juroots" "2026-01-05 09:15:26", "1691391", "https://sunqiangxx.top/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019b8d70-9cae-7585-8e40-2947e0ce9276", "c2,spynote,urlscan", "0", "juroots" "2026-01-05 09:15:25", "1691390", "https://sc3.tiktoktiaozhuan.xyz/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-01-05 09:15:29", "50", "False", "https://urlscan.io/result/019b8d70-96fa-72af-bd41-86b34e69b3e9", "c2,spynote,urlscan", "0", "juroots" "2026-01-05 09:15:24", "1691389", "https://sc-003.tiktoktiaozhuan.xyz/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-01-05 09:15:28", "50", "False", "https://urlscan.io/result/019b8d70-91b7-7060-90ae-9da610b42d80", "c2,spynote,urlscan", "0", "juroots" "2026-01-05 09:15:22", "1691388", "https://net-acceleration-sg.cloud/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019b8d70-8dab-728c-8635-09a8fedc1bff", "c2,spynote,urlscan", "0", "juroots" "2026-01-05 09:15:21", "1691387", "http://www.net-acceleration-sg.cloud/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019b8d70-88aa-72d3-9339-6e7af75991aa", "c2,spynote,urlscan", "0", "juroots" "2026-01-05 09:15:20", "1691386", "https://staging1.caverntechnologies.com/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "2026-01-05 09:15:27", "50", "False", "https://urlscan.io/result/019b8d70-8399-77d9-b5ef-728077f455fa", "c2,spynote,urlscan", "0", "juroots" "2026-01-05 09:15:19", "1691385", "https://cproter.de/", "url", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "50", "False", "https://urlscan.io/result/019b8d70-7dd9-71df-977f-869979f4762f", "c2,spynote,urlscan", "0", "juroots" "2026-01-05 08:48:24", "1691383", "52.2.9.54:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:48:45", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-05 08:47:04", "1691382", "216.238.67.15:12345", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:47:37", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-05 08:46:36", "1691381", "195.20.17.49:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 06:47:10", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch" "2026-01-05 08:44:50", "1691380", "16.146.239.135:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:44:59", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-05 08:44:42", "1691379", "158.175.130.146:32201", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-07 06:44:53", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch" "2026-01-05 08:36:58", "1691378", "178.183.152.111:10080", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "False", "https://www.shodan.io/host/178.183.152.111#10080", "c2,extreme,shodan", "0", "juroots" "2026-01-05 08:36:25", "1691377", "103.12.148.42:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/103.12.148.42#80", "c2,redguard,shodan", "0", "juroots" "2026-01-05 08:36:02", "1691376", "149.210.43.57:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "50", "False", "https://www.shodan.io/host/149.210.43.57#443", "c2,gh0st,shodan", "0", "juroots" "2026-01-05 08:35:25", "1691375", "124.198.131.115:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/124.198.131.115#5555", "c2,evilginx,shodan", "0", "juroots" "2026-01-05 08:33:51", "1691374", "176.82.138.192:6000", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "False", "https://www.shodan.io/host/176.82.138.192#6000", "c2,netsupport,shodan", "0", "juroots" "2026-01-05 08:33:32", "1691373", "2.34.147.176:9002", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-01-07 00:03:36", "50", "False", "https://www.shodan.io/host/2.34.147.176#9002", "bruteratel,c2,shodan", "0", "juroots" "2026-01-05 08:33:31", "1691372", "84.46.239.89:6443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "", "50", "False", "https://www.shodan.io/host/84.46.239.89#6443", "bruteratel,c2,shodan", "0", "juroots" "2026-01-05 08:33:12", "1691369", "156.252.60.26:444", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "2026-01-06 12:03:36", "50", "False", "https://www.shodan.io/host/156.252.60.26#444", "c2,SetcodeRAT,shodan", "0", "juroots" "2026-01-05 08:33:12", "1691370", "156.252.60.27:444", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "2026-01-06 12:03:37", "50", "False", "https://www.shodan.io/host/156.252.60.27#444", "c2,SetcodeRAT,shodan", "0", "juroots" "2026-01-05 08:33:12", "1691371", "137.220.155.86:444", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "50", "False", "https://www.shodan.io/host/137.220.155.86#444", "c2,SetcodeRAT,shodan", "0", "juroots" "2026-01-05 08:32:22", "1691368", "103.30.72.195:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/103.30.72.195#8443", "c2,powersploit,shodan", "0", "juroots" "2026-01-05 08:32:21", "1691365", "190.210.197.3:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/190.210.197.3#8080", "c2,powersploit,shodan", "0", "juroots" "2026-01-05 08:32:21", "1691366", "216.41.237.22:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/216.41.237.22#8443", "c2,powersploit,shodan", "0", "juroots" "2026-01-05 08:32:21", "1691367", "216.200.96.231:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/216.200.96.231#8443", "c2,powersploit,shodan", "0", "juroots" "2026-01-05 08:32:20", "1691363", "3.30.137.33:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/3.30.137.33#443", "c2,powersploit,shodan", "0", "juroots" "2026-01-05 08:32:20", "1691364", "82.145.125.194:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "False", "https://www.shodan.io/host/82.145.125.194#80", "c2,powersploit,shodan", "0", "juroots" "2026-01-05 08:31:44", "1691362", "46.16.214.154:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-06 23:01:45", "50", "False", "https://www.shodan.io/host/46.16.214.154#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2026-01-05 08:31:43", "1691361", "123.249.117.187:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-06 23:01:47", "50", "False", "https://www.shodan.io/host/123.249.117.187#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2026-01-05 08:31:25", "1691359", "34.209.232.97:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/34.209.232.97#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:25", "1691360", "103.125.219.196:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/103.125.219.196#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:24", "1691358", "130.94.33.52:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/130.94.33.52#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:23", "1691356", "185.216.68.254:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/185.216.68.254#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:23", "1691357", "150.241.68.11:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/150.241.68.11#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:22", "1691353", "93.127.128.88:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:10", "50", "False", "https://www.shodan.io/host/93.127.128.88#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:22", "1691354", "2.57.122.59:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:08", "50", "False", "https://www.shodan.io/host/2.57.122.59#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:22", "1691355", "129.212.178.8:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/129.212.178.8#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:21", "1691350", "92.246.90.154:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/92.246.90.154#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:21", "1691351", "124.220.165.194:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:07", "50", "False", "https://www.shodan.io/host/124.220.165.194#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:21", "1691352", "34.78.59.131:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:11", "50", "False", "https://www.shodan.io/host/34.78.59.131#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:20", "1691347", "45.84.59.254:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/45.84.59.254#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:20", "1691348", "185.45.192.121:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/185.45.192.121#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:20", "1691349", "81.217.161.211:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/81.217.161.211#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:19", "1691343", "91.210.57.176:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:11", "50", "False", "https://www.shodan.io/host/91.210.57.176#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:19", "1691344", "159.100.14.125:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:08", "50", "False", "https://www.shodan.io/host/159.100.14.125#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:19", "1691345", "185.250.36.92:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:07", "50", "False", "https://www.shodan.io/host/185.250.36.92#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:19", "1691346", "192.227.253.42:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-06 23:00:55", "50", "False", "https://www.shodan.io/host/192.227.253.42#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:18", "1691340", "80.82.67.58:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/80.82.67.58#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:18", "1691341", "138.68.92.59:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:10", "50", "False", "https://www.shodan.io/host/138.68.92.59#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:18", "1691342", "38.165.40.9:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/38.165.40.9#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:17", "1691337", "45.137.99.78:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:09", "50", "False", "https://www.shodan.io/host/45.137.99.78#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:17", "1691338", "46.101.64.237:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:06", "50", "False", "https://www.shodan.io/host/46.101.64.237#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:17", "1691339", "192.52.167.197:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/192.52.167.197#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:16", "1691334", "92.113.124.206:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/92.113.124.206#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:16", "1691335", "46.250.231.5:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:07", "50", "False", "https://www.shodan.io/host/46.250.231.5#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:16", "1691336", "207.180.207.252:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:08", "50", "False", "https://www.shodan.io/host/207.180.207.252#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:15", "1691332", "65.49.211.67:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/65.49.211.67#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:15", "1691333", "165.232.180.204:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:10", "50", "False", "https://www.shodan.io/host/165.232.180.204#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:14", "1691330", "23.94.38.104:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/23.94.38.104#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:14", "1691331", "167.86.120.234:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-07 00:03:08", "50", "False", "https://www.shodan.io/host/167.86.120.234#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:31:13", "1691329", "5.61.209.131:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "False", "https://www.shodan.io/host/5.61.209.131#31337", "c2,shodan,sliver", "0", "juroots" "2026-01-05 08:30:54", "1691328", "20.81.130.132:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/20.81.130.132#8443", "c2,cobaltstrike,shodan", "0", "juroots" "2026-01-05 08:30:52", "1691326", "209.97.168.63:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-05 08:30:53", "50", "False", "https://www.shodan.io/host/209.97.168.63#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2026-01-05 08:30:52", "1691327", "111.228.3.39:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-05 08:30:53", "50", "False", "https://www.shodan.io/host/111.228.3.39#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2026-01-05 08:30:51", "1691325", "180.76.141.175:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-05 08:30:53", "50", "False", "https://www.shodan.io/host/180.76.141.175#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2026-01-05 08:30:50", "1691324", "152.32.251.78:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-05 08:30:53", "50", "False", "https://www.shodan.io/host/152.32.251.78#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2026-01-05 08:30:49", "1691322", "160.250.128.197:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-05 08:30:53", "50", "False", "https://www.shodan.io/host/160.250.128.197#50050", "c2,cobaltstrike,shodan", "0", "juroots" "2026-01-05 08:30:49", "1691323", "35.182.254.92:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/35.182.254.92#443", "c2,cobaltstrike,shodan", "0", "juroots" "2026-01-05 08:30:48", "1691321", "202.56.160.190:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "False", "https://www.shodan.io/host/202.56.160.190#80", "c2,cobaltstrike,shodan", "0", "juroots" "2026-01-05 08:30:05", "1691320", "124.156.113.135:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-05 08:30:54", "50", "False", "https://www.shodan.io/host/124.156.113.135#8443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2026-01-05 08:04:31", "1691318", "34.102.116.83:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/34.102.116.83", "AS396982,C2,censys,clickfix,first-stage,GOOGLE-CLOUD-PLATFORM", "0", "DonPasci" "2026-01-05 08:04:31", "1691319", "3.150.227.197:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/3.150.227.197", "AMAZON-02,AS16509,C2,censys,clickfix,first-stage", "0", "DonPasci" "2026-01-05 08:04:24", "1691317", "103.177.47.172:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.172", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci" "2026-01-05 08:03:29", "1691316", "130.12.180.110:4444", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "False", "https://search.censys.io/hosts/130.12.180.110", "AS214943,C2,censys,RAILNET,RAT,Venom", "0", "DonPasci" "2026-01-05 08:02:50", "1691315", "185.196.8.221:5000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-07 06:46:23", "100", "False", "https://search.censys.io/hosts/185.196.8.221", "AS42624,AsyncRAT,C2,censys,RAT,SWISSNETWORK02", "0", "DonPasci" "2026-01-05 08:02:36", "1691314", "185.39.19.53:5002", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-07 06:46:35", "100", "False", "https://search.censys.io/hosts/185.39.19.53", "AS216341,C2,censys,OPTIMA-AS,RAT,Remcos", "0", "DonPasci" "2026-01-05 08:02:20", "1691313", "107.23.16.36:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-05 11:00:10", "100", "False", "https://search.censys.io/hosts/107.23.16.36", "AMAZON-AES,AS14618,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci" "2026-01-05 08:02:18", "1691311", "182.255.44.77:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-06 09:09:58", "100", "False", "https://search.censys.io/hosts/182.255.44.77", "AS932,C2,censys,CobaltStrike,cs-watermark-987654321,XNNET", "0", "DonPasci" "2026-01-05 08:02:18", "1691312", "103.143.231.99:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-05 11:00:09", "100", "False", "https://search.censys.io/hosts/103.143.231.99", "AS138152,C2,censys,CobaltStrike,cs-watermark-987654321,YISUCLOUDLTD-HK", "0", "DonPasci" "2026-01-05 07:53:18", "1691310", "85.234.91.247:1337", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://x.com/Xlab_qax/status/2007141232355729753", "Kimwolf", "0", "abuse_ch" "2026-01-05 07:47:05", "1691309", "https://github.com/gstatic-kh5q6ekh/cdn-113-cloud/releases/download/static/id-owf836aos", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "", "ClearFake", "0", "threatcat_ch" "2026-01-05 07:45:39", "1691308", "62.164.143.35:6666", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://x.com/Xlab_qax/status/2006687780521521439", "Kimwolf", "0", "abuse_ch" "2026-01-05 07:44:04", "1691307", "93.95.112.59:8443", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "False", "https://x.com/Xlab_qax/status/2006687780521521439", "Kimwolf", "0", "abuse_ch" "2026-01-05 07:44:02", "1691305", "sdk1.lolbrogg123424.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "https://x.com/Xlab_qax/status/2006687780521521439", "Kimwolf", "0", "abuse_ch" "2026-01-05 07:44:02", "1691306", "lolxd.713mtauburnctcolumbusoh43085.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "https://x.com/Xlab_qax/status/2006687780521521439", "Kimwolf", "0", "abuse_ch" "2026-01-05 07:39:20", "1691302", "api.echoyesterday.com", "domain", "botnet_cc", "apk.badbox", "None", "BADBOX", "", "50", "False", "https://x.com/TuringAlex/status/2007403999625101341", "BadBox", "0", "abuse_ch" "2026-01-05 07:39:20", "1691303", "us-a.keepgo123.com", "domain", "botnet_cc", "apk.badbox", "None", "BADBOX", "", "50", "False", "https://x.com/TuringAlex/status/2007403999625101341", "BadBox", "0", "abuse_ch" "2026-01-05 07:39:20", "1691304", "us-a.gsonx.com", "domain", "botnet_cc", "apk.badbox", "None", "BADBOX", "", "50", "False", "https://x.com/TuringAlex/status/2007403999625101341", "BadBox", "0", "abuse_ch" # Number of entries: 1245