################################################################
# ThreatFox IOCs: recent additions - CSV format                #
# Last updated: 2026-01-29 16:06:00 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","is_compromised","reference","tags","anonymous","reporter"
"2026-01-29 16:06:00", "1738818", "151.64.17.150:8080", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/151.64.17.150", "AS1267,ASN-WINDTRE,C2,censys,PowershellEmpire", "0", "DonPasci"
"2026-01-29 16:05:55", "1738817", "103.177.47.176:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.176", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-29 16:05:54", "1738816", "13.245.75.48:53744", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.245.75.48", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-29 16:05:53", "1738815", "196.75.172.144:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/196.75.172.144", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci"
"2026-01-29 16:05:27", "1738814", "20.106.187.78:443", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "", "100", "False", "https://search.censys.io/hosts/20.106.187.78", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Posh", "0", "DonPasci"
"2026-01-29 16:05:24", "1738813", "185.11.61.241:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "https://search.censys.io/hosts/185.11.61.241", "AS57523,C2,censys,CHANGWAY-AS,DcRAT,RAT", "0", "DonPasci"
"2026-01-29 16:05:19", "1738812", "81.17.99.174:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/81.17.99.174", "AS51167,C2,censys,CONTABO,Mythic", "0", "DonPasci"
"2026-01-29 16:05:14", "1738811", "107.172.31.102:4465", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://search.censys.io/hosts/107.172.31.102", "AS-COLOCROSSING,AS36352,AsyncRAT,C2,censys,RAT", "0", "DonPasci"
"2026-01-29 16:05:00", "1738810", "45.83.31.246:5000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/45.83.31.246", "028f45e8dd4f225cb46a7d8003745a3a7f55d3a0,AS210558,C2,censys,RAT,Remcos", "0", "DonPasci"
"2026-01-29 16:04:59", "1738808", "124.198.131.201:8888", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/124.198.131.201", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci"
"2026-01-29 16:04:59", "1738809", "185.208.159.173:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/185.208.159.173", "AS42624,C2,censys,RAT,Remcos,SWISSNETWORK02", "0", "DonPasci"
"2026-01-29 16:04:42", "1738807", "47.101.152.28:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/47.101.152.28", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-01-29 16:04:39", "1738806", "156.234.218.171:24704", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/156.234.218.171", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-01-29 15:51:48", "1738804", "unmindv.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:51:47", "1738802", "genussy.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:51:47", "1738803", "studfdu.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:49:26", "1738795", "aliengp.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:49:26", "1738796", "vetchir.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-29 15:51:47", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:49:26", "1738797", "menopjc.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-29 15:51:48", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:49:26", "1738798", "stathas.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-29 15:51:47", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:49:26", "1738799", "odovakmc.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:49:26", "1738800", "mummifjn.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:49:26", "1738801", "offseti.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:49:25", "1738794", "interrg.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-29 15:51:47", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-29 15:35:56", "1738793", "https://interrg.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/82bdee8aa681c4b8c3a32cf0794fe25be37da15362cc2952bb6e09a440ee696e/", "lumma", "0", "abuse_ch"
"2026-01-29 15:25:56", "1738792", "https://stathas.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/6143dfdc6428ff6aa55662a3f765e02c50fd1b00f832d26e332dc9c98c2a8470/", "lumma", "0", "abuse_ch"
"2026-01-29 15:25:53", "1738791", "https://menopjc.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/6a6827eafd369653905715d2439ba34ee6bf5fd13d3ed7166fe7579f09f756d7/", "lumma", "0", "abuse_ch"
"2026-01-29 13:45:48", "1738780", "vyy.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/f18a34552062be2e2912e9990b01eb7b6d2ca5749b54ae3076a666f596900e44/", "quasar", "0", "abuse_ch"
"2026-01-29 13:45:39", "1738779", "nog.jp.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/f18a34552062be2e2912e9990b01eb7b6d2ca5749b54ae3076a666f596900e44/", "quasar", "0", "abuse_ch"
"2026-01-29 13:45:35", "1738778", "license.eu.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/f18a34552062be2e2912e9990b01eb7b6d2ca5749b54ae3076a666f596900e44/", "quasar", "0", "abuse_ch"
"2026-01-29 13:28:05", "1738777", "104.248.130.195:7492", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://www.malware-traffic-analysis.net/2026/01/29/index.html", "|Ghost|", "0", "netresec"
"2026-01-29 12:09:03", "1738776", "luvxcide.duckdns.org", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260129-lxgtesd16e", "C2,domain,nanocore,rat,triage", "0", "DonPasci"
"2026-01-29 12:08:24", "1738775", "dohinukss.localto.net", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "False", "https://tria.ge/260129-mjhz1afw9c", "android,C2,domain,spynote,triage", "0", "DonPasci"
"2026-01-29 12:07:06", "1738774", "91.108.244.139:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "False", "None", "SocGholish", "0", "threatcat_ch"
"2026-01-29 12:05:52", "1738773", "172.104.188.247:9999", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/172.104.188.247", "AdaptixC2,AKAMAI-LINODE-AP,AS63949,C2,censys", "0", "DonPasci"
"2026-01-29 12:05:10", "1738772", "47.109.78.104:8080", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/47.109.78.104", "ALIBABA-CN-NET,AS37963,C2,censys,open-dir,payload,Sliver", "0", "DonPasci"
"2026-01-29 12:05:06", "1738771", "194.68.225.168:80", "ip:port", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "https://search.censys.io/hosts/194.68.225.168", "AS57169,C2,censys,EDIS-AS-EU,RAT,SpiceRAT", "0", "DonPasci"
"2026-01-29 12:05:04", "1738770", "20.206.201.190:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/20.206.201.190", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT,Remcos", "0", "DonPasci"
"2026-01-29 12:05:00", "1738769", "192.3.136.235:5070", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260129-gx9f8ahv3c", "AS36352,C2,rat,remcos,triage", "0", "DonPasci"
"2026-01-29 12:04:53", "1738768", "Boosterman22q1-33740.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260129-lvt1zadz5c", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-29 12:04:52", "1738766", "hebasix.duckdns.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260129-l836ssez9h", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-29 12:04:52", "1738767", "45.150.128.141:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260129-l5h2fsex9d", "AS56309,C2,triage,xworm", "0", "DonPasci"
"2026-01-29 12:04:51", "1738764", "Boosterman22q1-42479.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2026-01-29 12:06:20", "100", "False", "https://tria.ge/260129-mwr4fagv4d", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-29 12:04:51", "1738765", "Egornigga-61525.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260129-l1bftaet8d", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-29 12:04:40", "1738763", "206.238.70.42:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/206.238.70.42", "AS399077,C2,censys,CobaltStrike,cs-watermark-987654321,TERAEXCH", "0", "DonPasci"
"2026-01-29 12:04:38", "1738762", "43.156.27.192:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/43.156.27.192", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci"
"2026-01-29 11:36:19", "1738761", "https://cdn.jsdelivr.net/gh/web3call/ws014/zr0", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 11:19:58", "1738760", "https://cdn.jsdelivr.net/gh/web3call/ws014/das", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 11:01:11", "1738759", "194.150.220.63:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/194.150.220.63", "AS215540,censys,GCS-AS,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-29 11:01:10", "1738758", "194.150.220.63:2083", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/194.150.220.63", "AS215540,censys,GCS-AS,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-29 11:01:09", "1738757", "178.156.234.79:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/178.156.234.79", "AS213230,censys,GoPhish,HETZNER-CLOUD2-AS,Phishing", "0", "dyingbreeds_"
"2026-01-29 11:01:08", "1738756", "34.233.15.237:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/34.233.15.237", "AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-29 11:01:07", "1738754", "54.90.55.61:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/54.90.55.61", "AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-29 11:01:07", "1738755", "80.211.130.251:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/80.211.130.251", "ARUBA-ASN,AS31034,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-29 11:01:05", "1738753", "159.198.37.223:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/159.198.37.223", "AS22612,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-29 11:00:36", "1738752", "45.155.173.119:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 12:05:28", "100", "False", "https://search.censys.io/hosts/45.155.173.119", "AS213250,C2,censys,ITP-SOLUTIONS", "0", "dyingbreeds_"
"2026-01-29 11:00:35", "1738750", "rousedonkibure.us", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 12:05:27", "100", "False", "https://search.censys.io/hosts/2606:4700:3033:0:0:0:ac43:d72f+rousedonkibure.us", "AS13335,C2,censys", "0", "dyingbreeds_"
"2026-01-29 11:00:35", "1738751", "146.103.40.249:8000", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 12:05:27", "100", "False", "https://search.censys.io/hosts/146.103.40.249", "AS215311,C2,censys,REGXA-CLOUD", "0", "dyingbreeds_"
"2026-01-29 11:00:30", "1738749", "evil.azuretest.fr", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/2606:4700:3033:0:0:0:ac43:85a2+evil.azuretest.fr", "AS13335,C2,censys,Mythic", "0", "dyingbreeds_"
"2026-01-29 11:00:14", "1738748", "http://cb042722.tw1.ru/b4e69250.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "None", "DCRat,RAT", "0", "abuse_ch"
"2026-01-29 11:00:12", "1738747", "8.148.251.204:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 12:04:41", "100", "False", "https://search.censys.io/hosts/8.148.251.204", "AS37963,C2,censys", "0", "dyingbreeds_"
"2026-01-29 11:00:10", "1738746", "194.87.198.205:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 12:04:39", "100", "False", "https://search.censys.io/hosts/194.87.198.205", "AS26383,C2,censys", "0", "dyingbreeds_"
"2026-01-29 10:53:32", "1738745", "https://cdn.jsdelivr.net/gh/web3call/ws014/tor", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 10:45:08", "1738744", "193.161.193.99:42479", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "None", "NjRAT", "0", "abuse_ch"
"2026-01-29 10:44:51", "1738743", "https://cdn.jsdelivr.net/gh/web3call/ws014/hex", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 10:38:25", "1738742", "https://cdn.jsdelivr.net/gh/web3call/ws014/bra", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 10:10:36", "1738741", "91.215.85.119:9999", "ip:port", "botnet_cc", "win.castle_rat", "None", "CastleRAT", "", "75", "False", "", "None", "0", "abuse_ch"
"2026-01-29 10:10:33", "1738740", "kakapupuneww.com", "domain", "botnet_cc", "win.castle_rat", "None", "CastleRAT", "", "100", "False", "https://bazaar.abuse.ch/sample/29906fe1239c28536b0281acf61504b01acd102a23c7921455f4c34b8b7c67b5/", "CastleRAT,RAT", "0", "abuse_ch"
"2026-01-29 10:00:58", "1738739", "https://cdn.jsdelivr.net/gh/web3call/ws014/zec", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 09:32:15", "1738714", "midlandaudio.com", "domain", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "", "c2,domain,macsync,stealer", "0", "DonPasci"
"2026-01-29 09:31:49", "1738713", "https://cdn.jsdelivr.net/gh/web3call/ws014/var", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 09:16:02", "1738712", "178.17.59.34:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:16:01", "1738707", "49.13.124.144:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:16:01", "1738708", "49.13.33.221:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:16:01", "1738709", "135.181.14.70:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:16:01", "1738710", "37.27.63.113:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:16:01", "1738711", "95.217.227.187:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:35", "1738701", "bek.cloudvaly.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:35", "1738702", "bek.beznervov.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:35", "1738703", "pov.cloudvaly.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:35", "1738704", "pov.beznervov.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:35", "1738705", "tor.cloudvaly.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:35", "1738706", "tor.beznervov.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:17", "1738699", "https://95.217.227.187/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:17", "1738700", "https://178.17.59.34/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:16", "1738695", "https://49.13.124.144/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:16", "1738696", "https://49.13.33.221/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:16", "1738697", "https://135.181.14.70/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:16", "1738698", "https://37.27.63.113/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:15", "1738691", "https://pov.cloudvaly.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:15", "1738692", "https://pov.beznervov.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:15", "1738693", "https://bek.cloudvaly.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:15", "1738694", "https://bek.beznervov.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:14", "1738689", "https://tor.cloudvaly.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:15:14", "1738690", "https://tor.beznervov.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-29 09:10:26", "1738688", "https://cdn.jsdelivr.net/gh/web3call/ws014/cvx", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 09:09:04", "1738687", "84.54.37.191:7080", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "75", "False", "https://bazaar.abuse.ch/sample/18d92432c267b1c37fc9f2703f4545a9f03bd3d52a8b4633e2e27a0f5844cc7c/", "Gafgyt", "0", "abuse_ch"
"2026-01-29 09:03:54", "1738595", "81.94.151.189:1312", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "80", "False", "None", "mirai", "0", "seckle"
"2026-01-29 09:03:50", "1738629", "45.93.20.205:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-28 23:00:19", "100", "False", "None", "c2,click,loader,StealC,stealer", "0", "Bitsight"
"2026-01-29 09:03:49", "1738630", "138.226.236.254:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-28 23:00:09", "100", "False", "None", "1,c2,loader,StealC,stealer", "0", "Bitsight"
"2026-01-29 09:03:49", "1738639", "https://34ten.com/", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/34ten.com", "ClickFix", "0", "CarsonWilliams"
"2026-01-29 09:03:48", "1738660", "http://144.172.106.251/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/RakeshKrish12/status/2016700324850127072", "nightspire,ransomware", "0", "TheRavenFile"
"2026-01-29 09:03:48", "1738686", "213.152.162.170:5580", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://threatquery.com/engines/ip.html?value=213.152.162.170&type=ip", "AS49453,c2,NanoCore,threatquery", "0", "threatquery"
"2026-01-29 09:03:47", "1738685", "213.152.162.89:5580", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "75", "False", "https://threatquery.com/engines/ip.html?value=213.152.162.89&type=ip", "AS49453,c2,NanoCore,threatquery", "0", "threatquery"
"2026-01-29 08:59:18", "1738684", "https://cdn.jsdelivr.net/gh/web3call/ws014/eth", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 08:54:08", "1738683", "123.207.50.225:9002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:51:45", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-29 08:52:12", "1738682", "8.219.240.66:10230", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-29 15:49:35", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-01-29 08:51:55", "1738681", "74.48.214.25:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-29 15:49:26", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-01-29 08:51:32", "1738680", "54.153.244.254:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-29 15:49:08", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-01-29 08:44:18", "1738679", "125.25.56.12:7443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-29 15:43:49", "75", "False", "None", "drb-ra,NetSupport,RAT", "0", "abuse_ch"
"2026-01-29 08:41:21", "1738678", "https://cdn.jsdelivr.net/gh/grading-chatter-dock73/super-docs-web3/forward", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 08:05:52", "1738677", "34.123.90.49:8082", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/34.123.90.49", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,PowershellEmpire", "0", "DonPasci"
"2026-01-29 08:05:42", "1738676", "83.136.249.143:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "False", "https://search.censys.io/hosts/83.136.249.143", "AS202053,C2,censys,hacktool,Mimikatz,open-dir,UPCLOUD", "0", "DonPasci"
"2026-01-29 08:05:24", "1738675", "138.2.16.164:5038", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-29 11:00:42", "100", "False", "https://search.censys.io/hosts/138.2.16.164", "AS31898,C2,censys,DcRAT,ORACLE-BMC-31898,RAT", "0", "DonPasci"
"2026-01-29 08:05:23", "1738674", "129.151.142.36:5038", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-29 11:00:39", "100", "False", "https://search.censys.io/hosts/129.151.142.36", "AS31898,C2,censys,DcRAT,ORACLE-BMC-31898,RAT", "0", "DonPasci"
"2026-01-29 08:05:21", "1738673", "193.233.113.81:8080", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2026-01-29 11:00:37", "100", "False", "https://search.censys.io/hosts/193.233.113.81", "AS215826,C2,censys,PARTNER-HOSTING-LTD,RAT,Venom", "0", "DonPasci"
"2026-01-29 08:05:20", "1738672", "3.137.149.24:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 15:48:06", "100", "False", "https://search.censys.io/hosts/3.137.149.24", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci"
"2026-01-29 08:04:56", "1738671", "51.178.11.179:2487", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://search.censys.io/hosts/51.178.11.179", "AS16276,C2,censys,OVH,RAT,Remcos", "0", "DonPasci"
"2026-01-29 08:04:40", "1738670", "63.176.129.242:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 11:00:13", "100", "False", "https://search.censys.io/hosts/63.176.129.242", "AMAZON-02,AS16509,C2,censys,CobaltStrike,cs-watermark-100000", "0", "DonPasci"
"2026-01-29 08:04:39", "1738669", "216.126.239.50:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:52:16", "100", "False", "https://search.censys.io/hosts/216.126.239.50", "AS14956,C2,censys,CobaltStrike,cs-watermark-987654321,ROUTERHOSTING", "0", "DonPasci"
"2026-01-29 08:04:38", "1738668", "216.126.239.50:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:52:16", "100", "False", "https://search.censys.io/hosts/216.126.239.50", "AS14956,C2,censys,CobaltStrike,cs-watermark-987654321,ROUTERHOSTING", "0", "DonPasci"
"2026-01-29 08:04:37", "1738667", "23.235.179.117:34781", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 11:00:09", "100", "False", "https://search.censys.io/hosts/23.235.179.117", "AS138415,C2,censys,CobaltStrike,cs-watermark-987654321,YANCYLIMITED-AS-HK", "0", "DonPasci"
"2026-01-29 06:55:42", "1738666", "185.222.58.48:55615", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "75", "False", "https://bazaar.abuse.ch/sample/851eff1ee63fed8cc3c032689e157ae350dbf68a49a23192bad20277c409d477/", "redline", "0", "abuse_ch"
"2026-01-29 06:34:08", "1738665", "https://cdn.jsdelivr.net/gh/grading-chatter-dock73/super-docs-web3/sdf", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 06:05:01", "1738662", "33.53.50.4:4449", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260129-c6al2aft9h", "AS749,asyncrat,C2,rat,triage", "0", "DonPasci"
"2026-01-29 06:05:01", "1738663", "33.53.50.4:25340", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260129-c6al2aft9h", "AS749,asyncrat,C2,rat,triage", "0", "DonPasci"
"2026-01-29 06:05:01", "1738664", "33.53.50.4:53504", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260129-c6al2aft9h", "AS749,asyncrat,C2,rat,triage", "0", "DonPasci"
"2026-01-29 06:04:43", "1738661", "Th3Hunt3r-53504.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260129-b61msaez5f", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-29 04:05:40", "1738659", "45.129.9.25:4444", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/45.129.9.25", "AdaptixC2,AS3258,C2,censys,XTOM-JAPAN", "0", "DonPasci"
"2026-01-29 04:05:19", "1738657", "167.86.153.197:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-29 15:46:25", "100", "False", "https://search.censys.io/hosts/167.86.153.197", "AS25019,C2,censys,Netsupport,RAT,SAUDINETSTC-AS", "0", "DonPasci"
"2026-01-29 04:05:19", "1738658", "93.198.186.62:82", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-29 15:49:56", "100", "False", "https://search.censys.io/hosts/93.198.186.62", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci"
"2026-01-29 04:05:18", "1738656", "140.238.207.208:5038", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-29 11:00:42", "100", "False", "https://search.censys.io/hosts/140.238.207.208", "AS31898,C2,censys,DcRAT,ORACLE-BMC-31898,RAT", "0", "DonPasci"
"2026-01-29 04:05:17", "1738653", "146.235.38.234:5038", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-29 11:00:41", "100", "False", "https://search.censys.io/hosts/146.235.38.234", "AS31898,C2,censys,DcRAT,ORACLE-BMC-31898,RAT", "0", "DonPasci"
"2026-01-29 04:05:17", "1738654", "144.24.139.70:5038", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-29 11:00:40", "100", "False", "https://search.censys.io/hosts/144.24.139.70", "AS31898,C2,censys,DcRAT,ORACLE-BMC-31898,RAT", "0", "DonPasci"
"2026-01-29 04:05:17", "1738655", "103.106.229.177:5038", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-29 11:00:40", "100", "False", "https://search.censys.io/hosts/103.106.229.177", "AS136258,C2,censys,DcRAT,ONEPROVIDER-AS,RAT", "0", "DonPasci"
"2026-01-29 04:05:12", "1738652", "37.148.133.242:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-29 11:00:31", "100", "False", "https://search.censys.io/hosts/37.148.133.242", "AS210356,BATTLEHOST,C2,censys,Mythic", "0", "DonPasci"
"2026-01-29 04:05:09", "1738651", "185.11.61.237:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/185.11.61.237", "AS57523,C2,censys,CHANGWAY-AS,RAT,Sectop", "0", "DonPasci"
"2026-01-29 04:05:07", "1738650", "158.94.210.95:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-29 15:45:37", "100", "False", "https://search.censys.io/hosts/158.94.210.95", "AS214943,AsyncRAT,C2,censys,RAILNET,RAT", "0", "DonPasci"
"2026-01-29 04:04:55", "1738649", "109.248.151.109:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:43:37", "100", "False", "https://search.censys.io/hosts/109.248.151.109", "AS52048,C2,censys,RAT,Remcos,RIXHOST", "0", "DonPasci"
"2026-01-29 04:04:36", "1738648", "124.221.65.130:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 11:00:07", "100", "False", "https://search.censys.io/hosts/124.221.65.130", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2026-01-29 02:50:54", "1738647", "38.60.214.166:4443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:52:23", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-29 00:43:55", "1738646", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl/ypfcbjy5exc2pzs4bc7j", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-29 00:05:56", "1738645", "52.51.175.248:2082", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/52.51.175.248", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-29 00:05:49", "1738644", "83.136.251.141:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "False", "https://search.censys.io/hosts/83.136.251.141", "AS202053,C2,censys,hacktool,Mimikatz,open-dir,UPCLOUD", "0", "DonPasci"
"2026-01-29 00:05:30", "1738643", "93.198.186.62:81", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-29 15:49:56", "100", "False", "https://search.censys.io/hosts/93.198.186.62", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci"
"2026-01-29 00:05:24", "1738642", "194.59.31.64:8727", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-01-29 11:00:33", "100", "False", "https://search.censys.io/hosts/194.59.31.64", "AS399486,C2,censys,Quasar,RAT,VIRTUO", "0", "DonPasci"
"2026-01-29 00:05:01", "1738641", "72.60.30.120:8090", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-29 15:49:24", "100", "False", "https://search.censys.io/hosts/72.60.30.120", "AS-HOSTINGER,AS47583,C2,censys,Sliver", "0", "DonPasci"
"2026-01-29 00:04:37", "1738640", "112.213.110.180:9090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 11:00:13", "100", "False", "https://search.censys.io/hosts/112.213.110.180", "AS152194,C2,censys,CobaltStrike,cs-watermark-666666666,CTGSERVERLIMITED-AS-AP", "0", "DonPasci"
"2026-01-28 23:00:57", "1738638", "64.76.214.54:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/64.76.214.54", "AS3549,censys,GoPhish,LVLT-3549,Phishing", "0", "dyingbreeds_"
"2026-01-28 23:00:48", "1738636", "47.101.152.28:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/47.101.152.28", "AS37963,censys,Viper", "0", "dyingbreeds_"
"2026-01-28 23:00:48", "1738637", "103.110.81.59:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/103.110.81.59", "AS401696,censys,Viper", "0", "dyingbreeds_"
"2026-01-28 23:00:42", "1738635", "91.188.254.18:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "2026-01-29 00:05:39", "100", "False", "https://search.censys.io/hosts/91.188.254.18", "AS213772,C2,censys", "0", "dyingbreeds_"
"2026-01-28 23:00:21", "1738634", "62.72.51.165:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-29 00:05:16", "100", "False", "https://search.censys.io/hosts/62.72.51.165", "AS-HOSTINGER,AS47583,C2,censys,Supershell", "0", "dyingbreeds_"
"2026-01-28 23:00:18", "1738633", "77.110.106.206:8839", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-29 15:49:27", "90", "False", "https://search.censys.io/hosts/77.110.106.206", "AEZA-AS,AS210644,C2,censys", "0", "dyingbreeds_"
"2026-01-28 23:00:12", "1738632", "79.137.192.191:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 00:04:35", "100", "False", "https://search.censys.io/hosts/79.137.192.191", "AS216246,C2,censys,RU-AEZA-AS", "0", "dyingbreeds_"
"2026-01-28 23:00:10", "1738631", "deeyou.xyz", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "https://search.censys.io/hosts/38.60.214.166+deeyou.xyz", "AS138915,C2,censys", "0", "dyingbreeds_"
"2026-01-28 21:08:58", "1738627", "144.31.4.78:3334", "ip:port", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "100", "False", "https://www.virustotal.com/gui/file/6260f900197592b6d88f500c58e3bb03cc98606ac5f4f5c33b2953c2b3aa2309", "AS215730,c2,H2NEXUS-AS,HijackLoader,virustotal", "0", "DonPasci"
"2026-01-28 21:08:58", "1738628", "144.31.4.78:3333", "ip:port", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "100", "False", "https://www.virustotal.com/gui/file/6260f900197592b6d88f500c58e3bb03cc98606ac5f4f5c33b2953c2b3aa2309", "AS215730,c2,H2NEXUS-AS,HijackLoader,virustotal", "0", "DonPasci"
"2026-01-28 21:04:32", "1738625", "92.255.85.108:3334", "ip:port", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "100", "False", "https://www.virustotal.com/gui/file/57748e42e68e56c1f8813ed1c6a372191dfacc6488b4500f973a3aad93add2ed", "AS57523,CHANGWAY-AS,hijackloader,virustotal", "0", "DonPasci"
"2026-01-28 21:04:32", "1738626", "92.255.85.108:3333", "ip:port", "botnet_cc", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "100", "False", "https://www.virustotal.com/gui/file/57748e42e68e56c1f8813ed1c6a372191dfacc6488b4500f973a3aad93add2ed", "AS57523,CHANGWAY-AS,hijackloader,virustotal", "0", "DonPasci"
"2026-01-28 20:55:44", "1738624", "www.carhartt-market.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:50:43", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-28 20:05:51", "1738623", "35.182.191.224:14265", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.182.191.224", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 20:05:25", "1738622", "185.251.91.53:8888", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 23:00:33", "100", "False", "https://search.censys.io/hosts/185.251.91.53", "AS35278,C2,censys,DcRAT,RAT,SPRINTHOST", "0", "DonPasci"
"2026-01-28 20:05:22", "1738621", "46.201.19.142:10000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2026-01-28 23:00:30", "100", "False", "https://search.censys.io/hosts/46.201.19.142", "AS6849,C2,censys,RAT,UKRTELNET,Venom", "0", "DonPasci"
"2026-01-28 20:05:19", "1738620", "45.140.213.38:6726", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-29 15:48:37", "100", "False", "https://search.censys.io/hosts/45.140.213.38", "AS212477,C2,censys,Mythic,ROYALE-AS", "0", "DonPasci"
"2026-01-28 20:05:03", "1738619", "172.104.228.241:444", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-29 15:46:27", "100", "False", "https://search.censys.io/hosts/172.104.228.241", "AKAMAI-LINODE-AP,AS63949,C2,censys,Sliver", "0", "DonPasci"
"2026-01-28 20:04:58", "1738618", "158.94.211.126:2004", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:45:38", "100", "False", "https://search.censys.io/hosts/158.94.211.126", "AS202412,C2,censys,OMEGATECH-AS,RAT,Remcos", "0", "DonPasci"
"2026-01-28 20:04:37", "1738617", "49.235.140.227:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 23:00:07", "100", "False", "https://search.censys.io/hosts/49.235.140.227", "AS45090,C2,censys,CobaltStrike,cs-watermark-666666666,TENCENT-NET-AP", "0", "DonPasci"
"2026-01-28 20:04:34", "1738616", "185.132.53.17:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 23:00:09", "100", "False", "https://search.censys.io/hosts/185.132.53.17", "AS211507,C2,censys,CobaltStrike,cs-watermark-987654321,LAIN", "0", "DonPasci"
"2026-01-28 19:07:00", "1738615", "154.90.62.19:443", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://bazaar.abuse.ch/sample/345f2f3d3cb863c9004504ae89954828057832d32488a278cb88940894a3c562/", "AS138915,c2,KAOPU-HK,VShell", "0", "DonPasci"
"2026-01-28 19:05:21", "1738614", "dnsuptime.dns.army", "domain", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://bazaar.abuse.ch/sample/345f2f3d3cb863c9004504ae89954828057832d32488a278cb88940894a3c562/", "c2,domain,vshell", "0", "DonPasci"
"2026-01-28 18:49:17", "1738613", "72.62.181.214:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 15:49:24", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-01-28 18:49:11", "1738612", "65.153.151.24:10011", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-29 15:49:19", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-01-28 18:48:40", "1738611", "45.88.186.45:2331", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:48:46", "75", "False", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch"
"2026-01-28 18:19:50", "1738609", "csp.cloudvaly.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 18:19:50", "1738610", "csp.beznervov.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 18:19:34", "1738607", "https://csp.cloudvaly.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 18:19:34", "1738608", "https://csp.beznervov.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 18:09:46", "1738605", "projectindia999.loseyourip.com", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260128-vpd71agv3f", "C2,domain,nanocore,rat,triage", "0", "DonPasci"
"2026-01-28 18:09:46", "1738606", "cia.anondns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260128-vpdw8sgv2g", "C2,domain,nanocore,rat,triage", "0", "DonPasci"
"2026-01-28 18:09:45", "1738602", "82.29.96.239:16013", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260128-vshplagv8h", "AS212238,C2,nanocore,rat,triage", "0", "DonPasci"
"2026-01-28 18:09:45", "1738603", "82.29.92.238:26163", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260128-vrprhsgv8a", "AS212238,C2,nanocore,rat,triage", "0", "DonPasci"
"2026-01-28 18:09:45", "1738604", "skittlesforlife.anondns.net", "domain", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "False", "https://tria.ge/260128-vrprhsgv8a", "C2,domain,nanocore,rat,triage", "0", "DonPasci"
"2026-01-28 18:09:17", "1738601", "suzrbgndb.localto.net", "domain", "botnet_cc", "apk.spynote", "CypherRat", "SpyNote", "", "100", "False", "https://tria.ge/260128-phm9fagy4h", "android,C2,domain,spynote,triage", "0", "DonPasci"
"2026-01-28 18:06:18", "1738600", "ecolombia223.casacam.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "False", "https://tria.ge/260128-raqeyadt9d", "asyncrat,C2,domain,rat,triage", "0", "DonPasci"
"2026-01-28 18:04:52", "1738599", "atlnewmedia.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260128-qxasbscw6a", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-28 18:04:51", "1738598", "ArenalExperience.com", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260128-qxasbscw6a", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-28 18:04:50", "1738597", "203.188.171.87:25565", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260128-q1m7tscx9f", "AS19318,C2,triage,xworm", "0", "DonPasci"
"2026-01-28 18:04:49", "1738596", "Mikey12325Ja1-31716.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260128-q8s32sds7b", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-28 17:06:29", "1738561", "yoga.tatatech.net", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/115973363616938724", "SocGholish", "0", "monitorsg"
"2026-01-28 17:06:29", "1738562", "37.59.181.219:6969", "ip:port", "botnet_cc", "win.sshnet", "None", "SSHNET", "", "100", "False", "", "c2,ssh", "0", "Klez2003"
"2026-01-28 17:06:28", "1738563", "45.156.87.105:6969", "ip:port", "botnet_cc", "win.sshnet", "None", "SSHNET", "", "100", "False", "", "c2,ssh", "0", "Klez2003"
"2026-01-28 17:06:28", "1738593", "194.15.36.133:39538", "ip:port", "botnet_cc", "win.sshnet", "None", "SSHNET", "", "100", "False", "", "botnet,c2,ddos,ssh", "0", "Klez2003"
"2026-01-28 17:06:27", "1738594", "158.94.211.84:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-28 17:00:12", "100", "False", "None", "c2,loader,NewFile28Jan,StealC,stealer", "0", "Bitsight"
"2026-01-28 16:15:11", "1738592", "45.207.199.109:10801", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "None", "RAT,ValleyRAT", "0", "abuse_ch"
"2026-01-28 16:11:17", "1738591", "nra.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b9bcb58a007f500432d69d733cd9e2c41e806cdeb088c415f7c8e46debb88a1b/", "asyncrat", "0", "abuse_ch"
"2026-01-28 16:11:08", "1738590", "jwwp.cn.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b9bcb58a007f500432d69d733cd9e2c41e806cdeb088c415f7c8e46debb88a1b/", "asyncrat", "0", "abuse_ch"
"2026-01-28 16:10:57", "1738589", "d8zljb.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b9bcb58a007f500432d69d733cd9e2c41e806cdeb088c415f7c8e46debb88a1b/", "asyncrat", "0", "abuse_ch"
"2026-01-28 16:10:47", "1738588", "changingcanoes.us.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b9bcb58a007f500432d69d733cd9e2c41e806cdeb088c415f7c8e46debb88a1b/", "asyncrat", "0", "abuse_ch"
"2026-01-28 16:10:41", "1738587", "asianswitch.gb.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/b9bcb58a007f500432d69d733cd9e2c41e806cdeb088c415f7c8e46debb88a1b/", "asyncrat", "0", "abuse_ch"
"2026-01-28 16:06:03", "1738586", "54.201.232.216:57722", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.201.232.216", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:06:02", "1738585", "54.201.232.216:37322", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.201.232.216", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:06:00", "1738584", "35.154.199.187:8888", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.154.199.187", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:59", "1738583", "54.233.241.135:42786", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.233.241.135", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:58", "1738582", "54.229.170.71:9876", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.229.170.71", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:57", "1738580", "3.28.130.59:2281", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.28.130.59", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:57", "1738581", "3.28.130.59:6881", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.28.130.59", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:56", "1738579", "56.155.31.63:56425", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/56.155.31.63", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:55", "1738578", "35.86.100.13:1469", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.86.100.13", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:54", "1738577", "3.253.240.233:32093", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.253.240.233", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:53", "1738576", "16.176.152.155:4841", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.176.152.155", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:52", "1738575", "54.250.54.122:42359", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.250.54.122", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:51", "1738573", "98.130.134.213:18246", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/98.130.134.213", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:51", "1738574", "98.130.134.213:29346", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/98.130.134.213", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:49", "1738572", "16.51.42.214:1080", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.51.42.214", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 16:05:42", "1738571", "66.154.109.89:8088", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2026-01-29 15:49:20", "100", "False", "https://search.censys.io/hosts/66.154.109.89", "AdaptixC2,AS7393,C2,censys,CYBERCON", "0", "DonPasci"
"2026-01-28 16:05:30", "1738570", "mail.onetime-authentication.cruiserscrib.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-28 23:00:50", "100", "False", "https://search.censys.io/hosts/20.64.242.81+mail.onetime-authentication.cruiserscrib.com", "AS8075,censys,EvilGinx,MICROSOFT-CORP-MSN-AS-BLOCK,panel,Phishing", "0", "DonPasci"
"2026-01-28 16:05:19", "1738568", "185.251.91.53:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 23:00:32", "100", "False", "https://search.censys.io/hosts/185.251.91.53", "AS35278,C2,censys,DcRAT,RAT,SPRINTHOST", "0", "DonPasci"
"2026-01-28 16:05:19", "1738569", "137.220.157.106:5944", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 23:00:32", "100", "False", "https://search.censys.io/hosts/137.220.157.106", "AS4907,BGPNETPTELTD-AS-AP,C2,censys,DcRAT,RAT", "0", "DonPasci"
"2026-01-28 16:05:16", "1738567", "79.133.51.186:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 15:49:30", "100", "False", "https://search.censys.io/hosts/79.133.51.186", "AS214036,C2,censys,Havoc,ULTAHOST-AS", "0", "DonPasci"
"2026-01-28 16:05:15", "1738566", "18.119.116.102:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 15:46:46", "100", "False", "https://search.censys.io/hosts/18.119.116.102", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci"
"2026-01-28 16:05:09", "1738565", "185.11.61.124:15647", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "False", "https://search.censys.io/hosts/185.11.61.124", "AS57523,C2,censys,CHANGWAY-AS,RAT,Sectop", "0", "DonPasci"
"2026-01-28 16:04:33", "1738564", "160.124.146.235:13700", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 23:00:12", "100", "False", "https://search.censys.io/hosts/160.124.146.235", "AS132839,C2,censys,CobaltStrike,cs-watermark-987654321,POWERLINE-AS-AP", "0", "DonPasci"
"2026-01-28 14:44:52", "1738546", "213.176.72.208:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-29 13:00:21", "100", "False", "None", "build1,c2,loader,StealC,stealer", "0", "Bitsight"
"2026-01-28 14:44:52", "1738547", "https://banengids.com/5g7h.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-28 14:08:39", "100", "True", "https://infosec.exchange/@monitorsg/115972869548039976", "KongTuke", "0", "monitorsg"
"2026-01-28 14:44:52", "1738548", "banengids.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-28 14:08:42", "100", "True", "https://infosec.exchange/@monitorsg/115972869548039976", "KongTuke", "0", "monitorsg"
"2026-01-28 14:44:51", "1738549", "https://banengids.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-28 14:08:41", "100", "True", "https://infosec.exchange/@monitorsg/115972869548039976", "KongTuke", "0", "monitorsg"
"2026-01-28 14:44:51", "1738551", "globaljira.com", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-28 14:09:24", "100", "True", "https://infosec.exchange/@monitorsg/115972871563526097", "SmartApeSG", "0", "monitorsg"
"2026-01-28 14:44:50", "1738550", "https://globaljira.com/token/handler-fetch.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-28 14:09:21", "100", "True", "https://infosec.exchange/@monitorsg/115972871563526097", "SmartApeSG", "0", "monitorsg"
"2026-01-28 14:44:50", "1738552", "https://globaljira.com/token/middleware-render.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-28 14:09:23", "100", "True", "https://infosec.exchange/@monitorsg/115972871563526097", "SmartApeSG", "0", "monitorsg"
"2026-01-28 14:44:49", "1738553", "http://193.42.38.42/rate", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-28 14:09:26", "100", "True", "https://infosec.exchange/@monitorsg/115972871563526097", "SmartApeSG", "0", "monitorsg"
"2026-01-28 14:44:49", "1738554", "https://immortalexser.com/rate", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-28 14:09:27", "100", "True", "https://infosec.exchange/@monitorsg/115972871563526097", "SmartApeSG", "0", "monitorsg"
"2026-01-28 14:44:49", "1738555", "https://193.42.38.42/limit", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-28 14:09:28", "100", "True", "https://infosec.exchange/@monitorsg/115972871563526097", "SmartApeSG", "0", "monitorsg"
"2026-01-28 14:10:04", "1738560", "45.88.78.8:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "False", "None", "NetSupport", "0", "abuse_ch"
"2026-01-28 13:15:15", "1738558", "gty.cloudvaly.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 13:15:15", "1738559", "gty.beznervov.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 13:15:04", "1738557", "https://gty.beznervov.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 13:15:02", "1738556", "https://gty.cloudvaly.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 12:55:20", "1738545", "83.147.18.16:8010", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2026-01-29 15:53:16", "75", "False", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch"
"2026-01-28 12:55:00", "1738544", "64.95.11.52:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2026-01-29 15:52:51", "75", "False", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch"
"2026-01-28 12:54:15", "1738543", "193.112.177.149:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:52:11", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-28 12:54:00", "1738542", "148.113.3.133:8443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2026-01-29 15:51:55", "75", "False", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch"
"2026-01-28 12:53:08", "1738541", "static.cos-tencent.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:50:40", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-28 12:52:54", "1738540", "img2.huorongsec.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:50:27", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-28 12:26:47", "1738539", "http://213.176.72.208", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/29220ebfc242ac2dbc3cce2137365499cdc58497257c76afe200d50d9b0eb5fe/", "stealc", "0", "abuse_ch"
"2026-01-28 12:09:45", "1738462", "http://158.94.211.91/health", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/6a9322c8c79190516c1944b444d9147f8846863956abac74f77b547a1dea3e30/", "c2,ScarfaceStealer", "0", "burger"
"2026-01-28 12:09:44", "1738461", "158.94.211.91:80", "ip:port", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/6a9322c8c79190516c1944b444d9147f8846863956abac74f77b547a1dea3e30/", "c2,ScarfaceStealer", "0", "burger"
"2026-01-28 12:09:44", "1738463", "http://158.94.211.91/dd0e7ee6f5e1af92436a3a938660db61/txvhf.irrz", "url", "botnet_cc", "unknown_stealer", "None", "Unknown Stealer", "", "100", "False", "https://bazaar.abuse.ch/sample/6a9322c8c79190516c1944b444d9147f8846863956abac74f77b547a1dea3e30/", "c2,ScarfaceStealer", "0", "burger"
"2026-01-28 12:09:43", "1738469", "kernel-compass.com", "domain", "botnet_cc", "win.santa_stealer", "None", "SantaStealer", "", "100", "False", "https://bazaar.abuse.ch/sample/cc109a845c4e4a33e0316672af3bfbf4a589015a33846c3d1caaf7c6862fe6c5/", "c2,SantaStealer", "0", "burger"
"2026-01-28 12:09:43", "1738470", "https://kernel-compass.com/", "url", "botnet_cc", "win.santa_stealer", "None", "SantaStealer", "", "100", "False", "https://bazaar.abuse.ch/sample/cc109a845c4e4a33e0316672af3bfbf4a589015a33846c3d1caaf7c6862fe6c5/", "c2,SantaStealer", "0", "burger"
"2026-01-28 12:09:42", "1738479", "91.214.78.169:5000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://bazaar.abuse.ch/sample/3f015d491145c8cee52a261b9a0b4e057f5d685859615528cd572b75fdbc50fe/", "c2", "0", "burger"
"2026-01-28 12:09:42", "1738480", "http://91.219.237.175/m4dfhweEw/Login.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "False", "None", "amadey,AS56322,ServerAstra Kft.", "0", "antiphishorg"
"2026-01-28 12:09:11", "1738538", "47.237.192.99:4444", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260128-b8jgaaht9a", "AS45102,C2,rat,triage,valleyrat", "0", "DonPasci"
"2026-01-28 12:07:06", "1738537", "them-choose.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260128-mw8fescv9d", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-01-28 12:06:39", "1738536", "54.206.120.4:13253", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.206.120.4", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:37", "1738535", "13.247.183.200:47001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.247.183.200", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:36", "1738534", "13.247.183.200:16001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.247.183.200", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:35", "1738533", "13.247.183.200:5901", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.247.183.200", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:34", "1738532", "13.247.183.200:49501", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.247.183.200", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:32", "1738531", "51.44.212.198:9335", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.44.212.198", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:31", "1738530", "16.62.233.190:52110", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.62.233.190", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:30", "1738529", "16.62.233.190:3260", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.62.233.190", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:28", "1738528", "13.231.219.216:34660", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.231.219.216", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:27", "1738527", "3.110.215.54:40142", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.110.215.54", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:25", "1738526", "3.110.215.54:21242", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.110.215.54", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:23", "1738525", "13.210.94.68:4242", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.210.94.68", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:21", "1738524", "18.171.160.244:43771", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.171.160.244", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:19", "1738523", "3.71.44.81:18363", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.71.44.81", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:17", "1738522", "3.71.44.81:8013", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.71.44.81", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:16", "1738521", "35.182.126.9:41085", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.182.126.9", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:14", "1738520", "18.185.60.187:57596", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.185.60.187", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:13", "1738519", "18.185.60.187:2096", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.185.60.187", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:11", "1738518", "54.249.14.243:29385", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.249.14.243", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:09", "1738517", "103.177.47.243:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.243", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:08", "1738516", "18.228.30.148:20548", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.228.30.148", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:07", "1738515", "16.79.136.145:40000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.79.136.145", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:06", "1738514", "78.12.17.189:8085", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/78.12.17.189", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:04", "1738513", "18.117.229.27:7231", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.117.229.27", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:03", "1738512", "50.18.8.12:10260", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/50.18.8.12", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:06:01", "1738511", "50.18.8.12:8010", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/50.18.8.12", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:05:59", "1738510", "40.172.191.40:37817", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/40.172.191.40", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:05:58", "1738509", "15.160.190.189:9042", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.160.190.189", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:05:56", "1738508", "51.34.136.225:44817", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.34.136.225", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:05:54", "1738507", "34.207.217.142:31673", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/34.207.217.142", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 12:05:39", "1738506", "http://5.181.86.244", "url", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "False", "https://tria.ge/260128-mrrbcact3f", "amadey,AS211632,C2,loader,triage", "0", "DonPasci"
"2026-01-28 12:05:17", "1738505", "daroughgan.com", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-28 12:05:17", "100", "False", "https://tria.ge/260128-m3twlscy7h", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-01-28 12:05:16", "1738504", "daroughgan8hajous5.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260128-m3twlscy7h", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-01-28 12:05:15", "1738503", "daroughgan8hajous4.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260128-m3twlscy7h", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-01-28 12:05:14", "1738502", "daroughgan8hajous3.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260128-m3twlscy7h", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-01-28 12:05:13", "1738501", "daroughgan8hajous2.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "False", "https://tria.ge/260128-m3twlscy7h", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-01-28 12:05:12", "1738500", "daroughgan8hajous1.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-28 12:05:13", "100", "False", "https://tria.ge/260128-m3twlscy7h", "C2,domain,rat,remcos,triage", "0", "DonPasci"
"2026-01-28 12:04:56", "1738499", "154.3.40.94:8080", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:45:20", "100", "False", "https://search.censys.io/hosts/154.3.40.94", "AS174,C2,censys,COGENT-174,RAT,Remcos", "0", "DonPasci"
"2026-01-28 11:16:28", "1738498", "zaryef.za.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/4409a082e2b18f4b19668b7311ee4a882c8bd76ddad7272b1f042d0e5f828e82/", "quasar", "0", "abuse_ch"
"2026-01-28 11:10:56", "1738497", "uber.gr.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/374b9834e0d3f8ec78f577c83f292b6e10240bb984f0d891203a87c542d6fdbd/", "quasar", "0", "abuse_ch"
"2026-01-28 11:10:52", "1738496", "sri.gb.net", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/374b9834e0d3f8ec78f577c83f292b6e10240bb984f0d891203a87c542d6fdbd/", "quasar", "0", "abuse_ch"
"2026-01-28 11:10:40", "1738495", "leivistabaltic.eu.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/374b9834e0d3f8ec78f577c83f292b6e10240bb984f0d891203a87c542d6fdbd/", "quasar", "0", "abuse_ch"
"2026-01-28 11:10:37", "1738494", "hoianorchidgarden.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/374b9834e0d3f8ec78f577c83f292b6e10240bb984f0d891203a87c542d6fdbd/", "quasar", "0", "abuse_ch"
"2026-01-28 11:07:22", "1738493", "https://cdn.jsdelivr.net/gh/grading-chatter-dock73/vigilant-bucket-gui/p1lot", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-28 11:03:50", "1738492", "144.31.198.177:3535", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "False", "https://app.any.run/tasks/bb656b37-70f4-43c3-9169-1fb51d5c03f2", "anyrun,AS213877,c2,dcrat,rat,U1HOST-AS", "0", "DonPasci"
"2026-01-28 11:01:13", "1738489", "103.73.67.112:11019", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/103.73.67.112", "AS63473,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-28 11:01:13", "1738490", "157.180.3.168:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/157.180.3.168", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_"
"2026-01-28 11:00:58", "1738488", "135.181.14.68:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "https://search.censys.io/hosts/135.181.14.68", "AS24940,C2,censys,HETZNER-AS", "0", "dyingbreeds_"
"2026-01-28 11:00:39", "1738487", "208.110.72.181:4449", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2026-01-28 12:05:23", "100", "False", "https://search.censys.io/hosts/208.110.72.181", "AS32097,C2,censys,RAT,WII", "0", "dyingbreeds_"
"2026-01-28 11:00:36", "1738486", "5.182.204.134:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 15:48:59", "100", "False", "https://search.censys.io/hosts/5.182.204.134", "AS213250,C2,censys,ITP-SOLUTIONS", "0", "dyingbreeds_"
"2026-01-28 11:00:28", "1738485", "198.46.147.169:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-28 12:05:11", "100", "False", "https://search.censys.io/hosts/198.46.147.169", "AS36352,C2,censys,Supershell", "0", "dyingbreeds_"
"2026-01-28 11:00:15", "1738484", "192.227.167.185:20330", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 12:04:34", "100", "False", "https://search.censys.io/hosts/192.227.167.185", "AS-COLOCROSSING,AS36352,C2,censys", "0", "dyingbreeds_"
"2026-01-28 11:00:14", "1738483", "103.144.244.252:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 12:04:33", "100", "False", "https://search.censys.io/hosts/103.144.244.252", "AS138152,C2,censys", "0", "dyingbreeds_"
"2026-01-28 11:00:12", "1738482", "45.136.14.43:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 12:04:38", "100", "False", "https://search.censys.io/hosts/45.136.14.43", "AS139659,C2,censys", "0", "dyingbreeds_"
"2026-01-28 11:00:07", "1738481", "39.101.78.48:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 12:04:32", "100", "False", "https://search.censys.io/hosts/39.101.78.48", "AS37963,C2,censys", "0", "dyingbreeds_"
"2026-01-28 10:36:02", "1738478", "91.219.237.175:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "2026-01-29 16:24:02", "50", "False", "https://tracker.viriback.com/index.php?q=91.219.237.175", "Amadey,ViriBack", "0", "abuse_ch"
"2026-01-28 10:31:41", "1738477", "https://cdn.jsdelivr.net/gh/grading-chatter-dock73/sassy-generous-drv9/wrap1q", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-28 10:17:24", "1738476", "szdxmm-ydbaoji0126.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260128-hpxccsey3b", "C2,domain,rat,triage,valleyrat", "0", "DonPasci"
"2026-01-28 10:17:23", "1738475", "szdxmm-yd0126.com", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "False", "https://tria.ge/260128-hpxccsey3b", "C2,domain,rat,triage,valleyrat", "0", "DonPasci"
"2026-01-28 10:16:17", "1738474", "gohapel398-62132.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://tria.ge/260128-jqyggsf12f", "C2,domain,quasar,rat,triage", "0", "DonPasci"
"2026-01-28 10:15:27", "1738473", "206.82.9.205:6389", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260128-kcnwkagz3d", "AS963,C2,triage,xworm", "0", "DonPasci"
"2026-01-28 10:15:26", "1738472", "act-tingly.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260128-kabhfsgy4d", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-28 10:01:26", "1738471", "http://138.226.236.148", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "75", "False", "https://bazaar.abuse.ch/sample/9de91176c21607a231f19a68d3c413ce17518650be2c1ef2a5b4e42c7728d0fb/", "stealc", "0", "abuse_ch"
"2026-01-28 09:56:03", "1738468", "207.56.138.126:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-01-28 09:53:27", "1738467", "59.110.46.3:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch"
"2026-01-28 09:52:57", "1738466", "39.99.33.10:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-01-28 09:51:41", "1738465", "103.143.40.201:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:51:02", "100", "False", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch"
"2026-01-28 09:50:04", "1738464", "47.243.133.40:5178", "ip:port", "botnet_cc", "win.nworm", "nw0rm,NWorm", "N-W0rm", "", "100", "False", "None", "N-W0rm", "0", "abuse_ch"
"2026-01-28 09:43:01", "1738459", "blank-carrot.com", "domain", "botnet_cc", "win.santa_stealer", "None", "SantaStealer", "", "100", "False", "https://bazaar.abuse.ch/sample/dd3251010efac018f809ad69ed40ba2d30f32147692c25e83938236d13f2aafa/", "c2,domain,SantaStealer", "0", "burger"
"2026-01-28 09:43:01", "1738460", "https://blank-carrot.com/", "url", "botnet_cc", "win.santa_stealer", "None", "SantaStealer", "", "100", "False", "https://bazaar.abuse.ch/sample/dd3251010efac018f809ad69ed40ba2d30f32147692c25e83938236d13f2aafa/", "c2,SantaStealer", "0", "burger"
"2026-01-28 09:43:00", "1738457", "http://91.219.237.175/m4dfhweEw/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2026-01-29 09:27:27", "100", "False", "None", "amadey,c2,f397a7", "0", "Bitsight"
"2026-01-28 09:43:00", "1738458", "80.97.160.81:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-29 09:00:17", "100", "False", "None", "c2,default1,loader,StealC,stealer", "0", "Bitsight"
"2026-01-28 08:48:43", "1738456", "42.228.55.214:8443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-29 15:48:32", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-01-28 08:43:49", "1738455", "124.243.150.112:6010", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-29 15:43:48", "75", "False", "None", "drb-ra,Sliver", "0", "abuse_ch"
"2026-01-28 08:43:40", "1738454", "116.26.10.158:36183", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-29 15:43:41", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-01-28 08:43:16", "1738453", "103.245.38.125:7547", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 15:43:15", "75", "False", "None", "drb-ra,Havoc", "0", "abuse_ch"
"2026-01-28 08:23:14", "1738447", "135.181.14.71:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:23:14", "1738448", "135.181.14.65:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:23:14", "1738449", "84.234.29.122:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:23:14", "1738450", "135.181.14.67:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:23:14", "1738451", "89.125.48.8:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:23:14", "1738452", "135.181.14.69:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:23:13", "1738446", "135.181.14.66:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:54", "1738444", "rrg.cdcmn.edu.bd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:54", "1738445", "rrg.lidiia.com.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:53", "1738442", "trx.cdcmn.edu.bd", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:53", "1738443", "trx.lidiia.com.ua", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:15", "1738437", "https://135.181.14.65/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:15", "1738438", "https://84.234.29.122/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:15", "1738439", "https://135.181.14.67/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:15", "1738440", "https://89.125.48.8/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:15", "1738441", "https://135.181.14.69/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:14", "1738431", "https://rrg.cdcmn.edu.bd/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:14", "1738432", "https://rrg.lidiia.com.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:14", "1738433", "https://trx.cdcmn.edu.bd/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:14", "1738434", "https://trx.lidiia.com.ua/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:14", "1738435", "https://135.181.14.66/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:22:14", "1738436", "https://135.181.14.71/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "crep1x"
"2026-01-28 08:05:59", "1738430", "91.236.230.250:8081", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2026-01-29 15:49:51", "100", "False", "https://search.censys.io/hosts/91.236.230.250", "AS62005,BianLian,BV-EU-AS,C2,censys", "0", "DonPasci"
"2026-01-28 08:05:54", "1738428", "18.141.236.113:22722", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.141.236.113", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:54", "1738429", "18.141.236.113:12322", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.141.236.113", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:53", "1738427", "18.141.236.113:22122", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.141.236.113", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:52", "1738425", "18.176.57.81:14000", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.176.57.81", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:52", "1738426", "18.176.57.81:52200", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.176.57.81", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:51", "1738424", "35.183.99.14:55615", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.183.99.14", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:50", "1738422", "43.202.6.158:103", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.202.6.158", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:50", "1738423", "43.202.6.158:2053", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.202.6.158", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:49", "1738421", "43.202.6.158:5903", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.202.6.158", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:48", "1738420", "199.101.111.32:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/199.101.111.32", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:47", "1738418", "15.188.81.74:54522", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.188.81.74", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:47", "1738419", "65.2.168.204:6443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/65.2.168.204", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:46", "1738417", "103.177.47.199:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.199", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:45", "1738415", "54.213.75.53:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.213.75.53", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:45", "1738416", "16.24.81.41:6443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.24.81.41", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:44", "1738414", "15.152.37.174:32176", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.152.37.174", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:43", "1738412", "103.177.47.154:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.154", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:43", "1738413", "103.177.47.141:3790", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/103.177.47.141", "AS58580,C2,censys,FASTRACK,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:42", "1738411", "16.78.83.132:2375", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.78.83.132", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 08:05:20", "1738410", "103.143.81.127:8082", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "2026-01-28 11:00:51", "100", "False", "https://search.censys.io/hosts/103.143.81.127", "AS139659,C2,censys,LUCID-AS-AP,Vshell", "0", "DonPasci"
"2026-01-28 08:05:17", "1738409", "13.159.155.186:80", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-01-29 15:43:51", "100", "False", "https://search.censys.io/hosts/13.159.155.186", "AMAZON-02,AS16509,BRC4,C2,censys", "0", "DonPasci"
"2026-01-28 08:05:15", "1738408", "45.93.20.48:8888", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 11:00:44", "100", "False", "https://search.censys.io/hosts/45.93.20.48", "AS57523,C2,censys,CHANGWAY-AS,DcRAT,RAT", "0", "DonPasci"
"2026-01-28 08:05:14", "1738407", "51.158.54.228:5038", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 11:00:43", "100", "False", "https://search.censys.io/hosts/51.158.54.228", "AS12876,C2,censys,DcRAT,Online,RAT", "0", "DonPasci"
"2026-01-28 08:05:12", "1738406", "144.172.103.54:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 15:44:14", "100", "False", "https://search.censys.io/hosts/144.172.103.54", "AS14956,C2,censys,Havoc,ROUTERHOSTING", "0", "DonPasci"
"2026-01-28 08:05:11", "1738405", "82.23.146.219:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-29 15:49:38", "100", "False", "https://search.censys.io/hosts/82.23.146.219", "AS212238,C2,CDNEXT,censys,Havoc", "0", "DonPasci"
"2026-01-28 08:04:54", "1738404", "115.190.113.252:80", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "False", "https://search.censys.io/hosts/115.190.113.252", "AS137718,C2,censys,open-dir,payload,Sliver,VOLCANO-ENGINE", "0", "DonPasci"
"2026-01-28 08:04:53", "1738403", "47.109.33.245:1234", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2026-01-29 15:48:49", "100", "False", "https://search.censys.io/hosts/47.109.33.245", "ALIBABA-CN-NET,AS37963,C2,censys,Sliver", "0", "DonPasci"
"2026-01-28 08:04:49", "1738402", "46.151.182.129:22", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:48:47", "100", "False", "https://search.censys.io/hosts/46.151.182.129", "AS214967,C2,censys,OPTIBOUNCE,RAT,Remcos", "0", "DonPasci"
"2026-01-28 08:04:34", "1738401", "77.223.214.207:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 11:00:13", "100", "False", "https://search.censys.io/hosts/77.223.214.207", "AS46475,C2,censys,CobaltStrike,cs-watermark-666666666,LIMESTONENETWORKS", "0", "DonPasci"
"2026-01-28 08:04:31", "1738400", "120.26.48.207:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:51:40", "100", "False", "https://search.censys.io/hosts/120.26.48.207", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci"
"2026-01-28 07:15:48", "1738393", "185.205.187.108:25498", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://x.com/suyog41/status/2016126098384593287", "AS197648,c2,CL8ASN1,doc", "0", "DonPasci"
"2026-01-28 07:15:41", "1738392", "wmk99.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/c453863d6439ee0c6ab1b18084a5eb2ab299958e903df0700d5c7d704cffb6f8/", "asyncrat", "0", "abuse_ch"
"2026-01-28 07:15:40", "1738391", "wmk88.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/c453863d6439ee0c6ab1b18084a5eb2ab299958e903df0700d5c7d704cffb6f8/", "asyncrat", "0", "abuse_ch"
"2026-01-28 07:15:38", "1738390", "wmk77.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/c453863d6439ee0c6ab1b18084a5eb2ab299958e903df0700d5c7d704cffb6f8/", "asyncrat", "0", "abuse_ch"
"2026-01-28 07:11:01", "1738389", "185.11.61.84:80", "ip:port", "botnet_cc", "osx.amos", "Atomic macOS Stealer", "AMOS", "", "100", "False", "https://x.com/suyog41/status/2016401814548316275", "AS57523,c2,CHANGWAY-AS,Odyssey,stealer", "0", "DonPasci"
"2026-01-28 07:07:03", "1738386", "gubbisx.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-28 07:07:03", "1738387", "braxttp.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "2026-01-29 15:51:47", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-28 07:07:03", "1738388", "potashbx.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-28 07:07:02", "1738385", "recyclqb.cyou", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "False", "", "c2,domain,lumma,stealer", "0", "DonPasci"
"2026-01-28 07:03:03", "1738384", "206.238.73.183:80", "ip:port", "botnet_cc", "win.vshell", "None", "VShell", "", "100", "False", "https://www.virustotal.com/gui/file/a29dd665227bc76e5c71242c1517a46e9f8489d1247276ee13d83ddb0728074c", "AS399077,c2,TERAEXCH,virustotal,vshell", "0", "DonPasci"
"2026-01-28 06:55:59", "1738383", "158.94.210.122:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://app.any.run/tasks/f2961848-ef25-48c3-b73c-2c5e137db501", "anyrun,AS214943,c2,RAILNET,xworm", "0", "DonPasci"
"2026-01-28 06:43:11", "1738014", "d6a9f97b4e37f6d619a5b88c2947730e", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:10", "1738012", "47deaf4e5b35781b5447c3a1b92721ad", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:10", "1738013", "020d888236be6a7fffa99c7f35bf2797", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:09", "1738010", "a9b717d4d038bf50b08c5de5b491e32e", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:09", "1738011", "b80c7b84bb479a2ec526f0b195a83b99", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:08", "1738009", "733efdd0895e5fd1fe9ee73d214ce58c", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:07", "1738007", "3bc9f741223f23601c3a8975da552af6", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:07", "1738008", "f1347fec7c34ba11884cb216c7ff5af0", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:06", "1738004", "ac9088078884311fd32c47997c5c77cc", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:06", "1738005", "ab03fe3fb16b8b931d2679e67f571cf1", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:06", "1738006", "147e72282e47ba19f121402abc358bc2", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:05", "1738003", "f578c14c36833491fa8aa407b4d4b00b", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:04", "1738002", "f558a0bcd20e01e46551a491c66114e8", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:03", "1738000", "30121e98200ba3a8ae4704c3441f2618", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:03", "1738001", "ac8acef11171d3d45bb9386b59f7e2a9", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:02", "1737998", "af123fab559cb11a1a844acf997b2c61", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:02", "1737999", "de96beb0baa7243dd7f39b2c400bbc44", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:01", "1737996", "08b7c181fa4f234e3b3ad8a0e36c613b", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:01", "1737997", "5062c623fe8368cc69c00a8f7d780fbb", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "2026-01-27 15:09:44", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:00", "1737994", "f52d8ae29652f58eda468caf80aebc33", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "2026-01-27 15:09:45", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:43:00", "1737995", "6880e0567dc6a8885d1d58b79b6d5c12", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "2026-01-27 15:09:44", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:59", "1737992", "7ff1a6efe00d7b78094d3eb1740f179c", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "2026-01-27 15:09:44", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:59", "1737993", "a6d91094a222da6576260abf52a07b79", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:58", "1737990", "7170292337a894ce9a58f5b2176dfefc", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:58", "1737991", "9323fca75a86c75ffbdcc88ed8f35e5a", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:57", "1737989", "d244b63e40aab7299d194c11bf060054", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:56", "1737986", "03427263da43843baf7cfd85f305fc77", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:56", "1737987", "1859f56847ccabc6581a56f55041955f", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:56", "1737988", "e0080e35657caed78566384a2e7b1ef4", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:55", "1737984", "4e7434ac13001fe55474573aa5e9379d", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:55", "1737985", "a065c2d25096957126b9739f95810a12", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:52", "1737983", "https://peg.bexca.org", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "HuntYethHounds"
"2026-01-28 06:42:44", "1737974", "https://reberts.com/6h3d.js", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/115967462225260735", "KongTuke", "0", "monitorsg"
"2026-01-28 06:42:44", "1737975", "reberts.com", "domain", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "2026-01-27 14:11:06", "100", "True", "https://infosec.exchange/@monitorsg/115967462225260735", "KongTuke", "0", "monitorsg"
"2026-01-28 06:42:44", "1737976", "https://reberts.com/js.php", "url", "payload_delivery", "js.kongtuke", "TAG-124,js.LandUpdate808", "KongTuke", "", "100", "True", "https://infosec.exchange/@monitorsg/115967462225260735", "KongTuke", "0", "monitorsg"
"2026-01-28 06:42:43", "1737977", "cpanel.mahfuzrealtor.com", "domain", "botnet_cc", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "True", "https://infosec.exchange/@monitorsg/115967466567658057", "SocGholish", "0", "monitorsg"
"2026-01-28 06:42:42", "1737979", "account.quarklab.app", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://x.com/solostalking/status/2016152925106798712", "None", "0", "solostalking"
"2026-01-28 06:42:42", "1737980", "account.quarkdrainer.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "75", "False", "https://x.com/solostalking/status/2016152925106798712", "None", "0", "solostalking"
"2026-01-28 06:42:41", "1737981", "peg.bexca.org", "domain", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "HuntYethHounds"
"2026-01-28 06:42:41", "1737982", "https://steamcommunity.com/profiles/76561198747567141", "url", "payload_delivery", "win.vidar", "None", "Vidar", "", "100", "False", "", "Vidar", "0", "HuntYethHounds"
"2026-01-28 06:42:38", "1738016", "4bfb227d9445981d2940fe7d20001ed3", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:38", "1738017", "f4ed428b01841e8731fa3611b9d7a73b", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:37", "1738015", "410a2742a98634af637d498c7cfa04a3", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:37", "1738018", "a41c78d94c70caa49d30fca0b62e15b2", "md5_hash", "payload", "win.bqtlock", "None", "BQTlock", "", "100", "False", "https://github.com/TheRavenFile/Daily-Hunt/blob/main/BQTLock", "bqtlock,ransomware", "0", "TheRavenFile"
"2026-01-28 06:42:36", "1738041", "ultra4ktool.com", "domain", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-28 17:00:18", "100", "False", "None", "c2,c4d41f80ab3b,loader,StealC,stealer", "0", "Bitsight"
"2026-01-28 06:42:36", "1738042", "https://imeta-bypass-check.t3.storage.dev/Verify-to-Continue-ID-JJ-260125.html", "url", "payload_delivery", "unknown", "None", "Unknown malware", "", "90", "False", "https://clickfix.carsonww.com/domains/imeta-bypass-check.t3.storage.dev", "ClickFix", "0", "CarsonWilliams"
"2026-01-28 06:42:34", "1738055", "ferrimania.com", "domain", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-27 20:10:21", "100", "True", "https://infosec.exchange/@monitorsg/115968631896208968", "SmartApeSG", "0", "monitorsg"
"2026-01-28 06:42:34", "1738056", "https://ferrimania.com/user/profile-request.js", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-27 20:10:20", "100", "True", "https://infosec.exchange/@monitorsg/115968631896208968", "SmartApeSG", "0", "monitorsg"
"2026-01-28 06:42:13", "1738054", "https://ferrimania.com/user/profile-controller.php", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-27 20:10:17", "100", "True", "https://infosec.exchange/@monitorsg/115968631896208968", "SmartApeSG", "0", "monitorsg"
"2026-01-28 06:42:12", "1738057", "http://185.81.114.153/loop", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-27 20:10:23", "100", "True", "https://infosec.exchange/@monitorsg/115968631896208968", "SmartApeSG", "0", "monitorsg"
"2026-01-28 06:42:11", "1738058", "https://titanmonsterio.com/loop", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-27 20:10:25", "100", "True", "https://infosec.exchange/@monitorsg/115968631896208968", "SmartApeSG", "0", "monitorsg"
"2026-01-28 06:42:11", "1738059", "https://185.81.114.153/port", "url", "payload_delivery", "js.smartapesg", "HANEYMANEY,ZPHP", "SmartApeSG", "2026-01-27 20:10:27", "100", "True", "https://infosec.exchange/@monitorsg/115968631896208968", "SmartApeSG", "0", "monitorsg"
"2026-01-28 06:42:10", "1738080", "144.31.215.26:9506", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2026-01-28 00:09:01", "100", "False", "None", "Mirai", "0", "elfdigest"
"2026-01-28 06:42:10", "1738108", "167.86.95.233:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-28 02:00:10", "100", "False", "None", "c2,loader,StealC,stealer,w27", "0", "Bitsight"
"2026-01-28 06:42:09", "1738096", "cole.zoomwork.one", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "False", "", "simplehelp", "1", "tanner"
"2026-01-28 06:42:08", "1738333", "138.226.236.148:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-28 04:00:49", "100", "False", "None", "1,c2,loader,StealC,stealer", "0", "Bitsight"
"2026-01-28 06:42:05", "1738374", "gameverse.in.net", "domain", "payload_delivery", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "True", "https://www.virustotal.com/gui/domain/gameverse.in.net", "None", "0", "milley01"
"2026-01-28 06:42:04", "1738375", "trangchuhit.club", "domain", "payload_delivery", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "True", "https://www.virustotal.com/gui/domain/trangchuhit.club", "None", "0", "milley01"
"2026-01-28 06:42:04", "1738376", "hit-club.io", "domain", "payload_delivery", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "True", "https://www.virustotal.com/gui/domain/hit-club.io", "None", "0", "milley01"
"2026-01-28 06:42:03", "1738377", "91.196.33.23:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "2026-01-29 06:00:46", "100", "False", "None", "6733847937,c2,loader,StealC,stealer", "0", "Bitsight"
"2026-01-28 06:32:13", "1738382", "https://cdn.jsdelivr.net/gh/grading-chatter-dock73/sassy-generous-drv9/yard", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-28 06:07:13", "1738381", "http://167.86.95.233", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260128-bcehfsgs6e", "AS51167,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-01-28 06:07:12", "1738380", "http://91.196.33.23", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "https://tria.ge/260128-gen3kacy9f", "AS207957,C2,stealc,stealer,triage", "0", "DonPasci"
"2026-01-28 06:04:41", "1738378", "28.tcp.cpolar.top", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260128-cqe7kshz4g", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-28 06:04:41", "1738379", "penidi8413-47021.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260128-ddq9raat8c", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-28 04:06:00", "1738372", "136.115.44.64:1337", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/136.115.44.64", "AS396982,C2,censys,GOOGLE-CLOUD-PLATFORM,Starkillerc2", "0", "DonPasci"
"2026-01-28 04:05:59", "1738371", "3.132.176.149:80", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "False", "https://search.censys.io/hosts/3.132.176.149", "AMAZON-02,AS16509,C2,censys,PowershellEmpire", "0", "DonPasci"
"2026-01-28 04:05:55", "1738368", "18.101.59.40:46012", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.101.59.40", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:55", "1738369", "18.101.59.40:1962", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.101.59.40", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:55", "1738370", "18.101.59.40:6362", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.101.59.40", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:54", "1738366", "196.75.87.130:2222", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/196.75.87.130", "AS36903,C2,censys,hacktool,MetaSploit,Meterpreter,MT-MPLS", "0", "DonPasci"
"2026-01-28 04:05:54", "1738367", "18.101.59.40:44162", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.101.59.40", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:53", "1738364", "108.137.155.239:45903", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/108.137.155.239", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:53", "1738365", "15.168.37.174:20547", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.168.37.174", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:52", "1738362", "35.183.107.169:6009", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.183.107.169", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:52", "1738363", "108.137.155.239:103", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/108.137.155.239", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:51", "1738360", "158.220.99.53:8080", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/158.220.99.53", "AS51167,C2,censys,CONTABO,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:51", "1738361", "13.60.7.57:502", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/13.60.7.57", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:50", "1738357", "51.96.19.191:789", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.96.19.191", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:50", "1738358", "51.96.19.191:39639", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.96.19.191", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:50", "1738359", "18.60.43.178:315", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.60.43.178", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:49", "1738356", "58.244.41.212:10001", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/58.244.41.212", "AS4837,C2,censys,CHINA169-BACKBONE,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 04:05:42", "1738354", "167.71.195.201:12654", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/167.71.195.201", "AdaptixC2,AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "DonPasci"
"2026-01-28 04:05:42", "1738355", "103.212.186.69:4449", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "", "100", "False", "https://search.censys.io/hosts/103.212.186.69", "AdaptixC2,AS401701,C2,censys,COGNETCLOUD-2", "0", "DonPasci"
"2026-01-28 04:05:21", "1738353", "84.154.187.109:81", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2026-01-29 15:49:40", "100", "False", "https://search.censys.io/hosts/84.154.187.109", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci"
"2026-01-28 04:05:20", "1738351", "138.2.16.164:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 11:00:44", "100", "False", "https://search.censys.io/hosts/138.2.16.164", "AS31898,C2,censys,DcRAT,ORACLE-BMC-31898,RAT", "0", "DonPasci"
"2026-01-28 04:05:20", "1738352", "144.31.198.177:8888", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 11:00:45", "100", "False", "https://search.censys.io/hosts/144.31.198.177", "AS213877,C2,censys,DcRAT,RAT,U1HOST-AS", "0", "DonPasci"
"2026-01-28 04:05:19", "1738348", "132.145.75.68:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 11:00:42", "100", "False", "https://search.censys.io/hosts/132.145.75.68", "AS31898,C2,censys,DcRAT,ORACLE-BMC-31898,RAT", "0", "DonPasci"
"2026-01-28 04:05:19", "1738349", "51.158.54.228:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 11:00:43", "100", "False", "https://search.censys.io/hosts/51.158.54.228", "AS12876,C2,censys,DcRAT,Online,RAT", "0", "DonPasci"
"2026-01-28 04:05:19", "1738350", "140.238.207.208:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 11:00:46", "100", "False", "https://search.censys.io/hosts/140.238.207.208", "AS31898,C2,censys,DcRAT,ORACLE-BMC-31898,RAT", "0", "DonPasci"
"2026-01-28 04:05:18", "1738346", "212.64.210.140:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 11:00:41", "100", "False", "https://search.censys.io/hosts/212.64.210.140", "AS197450,C2,censys,DcRAT,RAT,SUNUCUN", "0", "DonPasci"
"2026-01-28 04:05:18", "1738347", "144.24.139.70:8090", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 11:00:41", "100", "False", "https://search.censys.io/hosts/144.24.139.70", "AS31898,C2,censys,DcRAT,ORACLE-BMC-31898,RAT", "0", "DonPasci"
"2026-01-28 04:05:12", "1738345", "46.101.126.14:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-28 11:00:33", "100", "False", "https://search.censys.io/hosts/46.101.126.14", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci"
"2026-01-28 04:05:05", "1738344", "45.77.176.85:443", "ip:port", "botnet_cc", "win.shadowpad", "POISONPLUG.SHADOW,XShellGhost", "ShadowPad", "", "90", "False", "https://search.censys.io/hosts/45.77.176.85", "AS-VULTR,AS20473,C2,censys,RAT,ShadowPad", "0", "DonPasci"
"2026-01-28 04:04:53", "1738342", "194.156.79.129:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:47:17", "100", "False", "https://search.censys.io/hosts/194.156.79.129", "AS-DESEQUITY,AS399471,C2,censys,RAT,Remcos", "0", "DonPasci"
"2026-01-28 04:04:53", "1738343", "89.149.243.171:8080", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:49:47", "100", "False", "https://search.censys.io/hosts/89.149.243.171", "AS60781,C2,censys,LEASEWEB-NL-AMS-01,RAT,Remcos", "0", "DonPasci"
"2026-01-28 04:04:52", "1738339", "69.61.43.102:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:49:24", "100", "False", "https://search.censys.io/hosts/69.61.43.102", "AS22653,C2,censys,GLOBALCOMPASS,RAT,Remcos", "0", "DonPasci"
"2026-01-28 04:04:52", "1738340", "142.248.231.100:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:44:09", "100", "False", "https://search.censys.io/hosts/142.248.231.100", "AS53388,C2,censys,RAT,Remcos,TEFEXIA", "0", "DonPasci"
"2026-01-28 04:04:52", "1738341", "104.223.84.8:14641", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:43:22", "100", "False", "https://search.censys.io/hosts/104.223.84.8", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci"
"2026-01-28 04:04:34", "1738337", "39.98.51.2:18444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:52:26", "100", "False", "https://search.censys.io/hosts/39.98.51.2", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-01-28 04:04:34", "1738338", "112.124.58.168:10000", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 11:00:18", "100", "False", "https://search.censys.io/hosts/112.124.58.168", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-01-28 04:04:33", "1738336", "39.97.6.128:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 11:00:17", "100", "False", "https://search.censys.io/hosts/39.97.6.128", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-01-28 04:04:30", "1738334", "49.233.250.138:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 11:00:09", "100", "False", "https://search.censys.io/hosts/49.233.250.138", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci"
"2026-01-28 04:04:30", "1738335", "103.106.189.90:4567", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:51:02", "100", "False", "https://search.censys.io/hosts/103.106.189.90", "AS401696,C2,censys,CobaltStrike,COGNETCLOUD,cs-watermark-987654321", "0", "DonPasci"
"2026-01-28 02:49:21", "1738332", "get-musciqq-xqifzpfeed.cn-beijing.fcapp.run", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:50:26", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-28 02:00:51", "1738331", "156.225.19.99:8668", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/65fbe7f58f0ebd08771be05db480cc107d35a764880d4480fe97a551f527d3f2/", "valleyrat_s2", "0", "abuse_ch"
"2026-01-28 01:55:28", "1738330", "178.16.54.152:6104", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/63854ecb06e7ce9f7525e275481b38ed2456d63e975a05fee233be59b4c62191/", "xworm", "0", "abuse_ch"
"2026-01-28 01:55:17", "1738329", "tbt.uk.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7d24b4af7a5b9e599862bf1566c64e6465871cf3d360676346088eb2f176ae07/", "quasar", "0", "abuse_ch"
"2026-01-28 01:55:14", "1738328", "mart.it.com", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "False", "https://bazaar.abuse.ch/sample/7d24b4af7a5b9e599862bf1566c64e6465871cf3d360676346088eb2f176ae07/", "quasar", "0", "abuse_ch"
"2026-01-28 01:45:52", "1738326", "5167338e9391173e6017b1aa8a79bf23093f3673494199d6a92e5b77e0bd4aa2", "sha256_hash", "payload", "win.expiro", "Xpiro", "Expiro", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:52", "1738327", "865c808200ddeb887ead71d25559efa1", "md5_hash", "payload", "win.expiro", "Xpiro", "Expiro", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:51", "1738323", "331d5d2dc0628a3903fb7a302421b431e71cfb73a4d3aeca4be5016f43732ce2", "sha256_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:51", "1738324", "190a8a0aac24fb091701c979cd9c906e", "md5_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:51", "1738325", "cfa3bfe482d4be1640b5f5d335a0ff42b8f8f793", "sha1_hash", "payload", "win.expiro", "Xpiro", "Expiro", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:50", "1738320", "cd4dad081f725dfbfb7a953be2d375e642cb70b31c657855f6acb0b6f1cb0a4f", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:50", "1738321", "29d293c98a51f64f376c9d2366b16441", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:50", "1738322", "e028fd0b76a89bd5a2c2a0a5347145c7cd6c7a3f", "sha1_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:49", "1738317", "ab04fc3cbe5aa5f61e603328969673d027d82a27a5958f669893bb8f3cf66cba", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:49", "1738318", "8e549e04d7bcd12f606924f8108ac449", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:49", "1738319", "28548050ab69171f18b36b44ee4151ab0942d90b", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:48", "1738314", "199f2c306357b2fc3f3631f30bb647a6d5c8001925de6d775d1cae5b7cb0f895", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:48", "1738315", "b3012e48d7bd5a1d974fd4b7b86999c7", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:48", "1738316", "11a844baafbf8b74c9055f0e4137c7f38f488dee", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:47", "1738311", "eacf46a7cedfb90ee1cc76b22309b35b337481e2542610ef417c795b9ca72065", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:47", "1738312", "270791eb98192384fb18dc8539532906", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:47", "1738313", "353b8409b4f1fbe3a233d94571c25c1a88847ef6", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:46", "1738307", "92ed82b559c618c8643ffa43d315e6c279d75d43", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:46", "1738308", "ba793f464cd2de54e4f0262bd425ac42349931e1ad84a4bf5207b13c9c53ac53", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:46", "1738309", "c48ddd28256093dc3273f31dd646d384", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:46", "1738310", "9ee973cedf1bf91e4410d7529173a498b704f8f6", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:45", "1738304", "9588b8ef2094a50cb518e34463197e387b91d743", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:45", "1738305", "8e3afb5fab98dcdc03a589e03df75085ef5987df8c6c1e66e73f0d494df036ce", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:45", "1738306", "2ff588d5fd6b3f60357d18bf98e28bfa", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:44", "1738301", "b5ef0ebd88ffdedfff6df7063f0d9639b7edc7f2", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:44", "1738302", "4350dd67cf0d04f9cc76958e9f7c1d46cbb8285d663688401c9005f45342b195", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:44", "1738303", "1e7158c495a626cf5122cc3ee51e01fd", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:43", "1738298", "eaa2712aad1477ff2db26ea6470d3134805899f7", "sha1_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:43", "1738299", "f3b66645065ba91fb6a9e4b11c9df59787f8220b473039a5b3a4e60595055765", "sha256_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:43", "1738300", "bdd333b44a3737e1d79297e69e14a3c8", "md5_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:42", "1738294", "842860c9e5828bd314a8376869a7ac7b", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:42", "1738295", "94cbf29966aaf8d2fac8dcbea34899d57697362e", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:42", "1738296", "501203a15d1039228c5f48a4fafad87204fdc9dc3bff059dcdd94882271bd887", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:42", "1738297", "46a3703be5c547ab5ab57824b881253a", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:41", "1738292", "567e0f8e534062201b7cf8b195706e353e279cc1", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:41", "1738293", "d527412a9137d480d6c32f9cb013d51975199b1c47dbe3922635e71851a52434", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:40", "1738289", "596cc01cc248c6f7672c66971865c360a3341562", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:40", "1738290", "9926e77942377ae785122efbf7a70007071ab49b8080a89c5f386dd9593247e3", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:40", "1738291", "f2a187c5b4b7a2cc5173bcf2d344c74e", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:39", "1738286", "0d02fb9e5b3d2e7a78c22a9290a93d2c43a0b7b5", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:39", "1738287", "3941de2cb1b90313caf6979cff0ef71b13853bfbf9b5a93473f56ce980511f81", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:39", "1738288", "aa93cfe9a89c10496ebde344498419b2", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:38", "1738284", "c02f8d757dd3b6737450f50cddebc35712ea6f5573e0b5d30dc0de34a4a67910", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:38", "1738285", "c6f1e29bea626f66109701711ad3aea8", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:37", "1738282", "556169877f27797b0466cea2c679b35d", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:37", "1738283", "ac27a90fbfdf498ab133ba0c530b4e354c847220", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:36", "1738279", "2498bdda9b54a4e6cbb5be9a2598094b", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:36", "1738280", "f0a6c0f41b73825404e9c48cec8eb3a2c0a95dff", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:36", "1738281", "f3e4db20699f0f6fd6a2a1293eb7baaf888307fa74879ff013dc171bb09a9bfc", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:35", "1738277", "f88f06099f6f48611ae15308285a0727cb9dcace", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:35", "1738278", "2acdce8e5d9d0f63dd4e6d8fdd50518694b0b3d37d0a3e53078245edc8054150", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:34", "1738274", "4235a2bff38b97fc80261ad0ac90fc7ac1b91181", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:34", "1738275", "5710c98335e7bdd5f0c845afbb3c6db73c4b5d90160ae41509f662a1b687d944", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:34", "1738276", "520739f5bb91e3c908bfb32107757344", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:33", "1738271", "fa2861f7dc1c5b39c86f10930012bdbd8eafb106", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:33", "1738272", "07efbbb43b25b25f23a263476e120ced60bbe863b6409d782046646b2505303a", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:33", "1738273", "25952a9e1fb940d9c18a78958fe68e4d", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:32", "1738268", "6e8b2e013d0933218345da632cf7532acf89a9a8", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:32", "1738269", "65fbe7f58f0ebd08771be05db480cc107d35a764880d4480fe97a551f527d3f2", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:32", "1738270", "e0cab6b63877b90672f30987279a16ab", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:31", "1738265", "5a0fb14444829dd1abb1f71628aface6dafb1ed1", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:31", "1738266", "2d16ac85af419bc08d5623fe9abb4a31bc40c2a2e4d1ef88bde32d8021d22f3b", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:31", "1738267", "b4aeab9c3e89e86cd60b9166cb7ce5b5", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:30", "1738262", "eb1739bf1939dbf1523529d64174be93e5585983", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:30", "1738263", "4b3080c94975e9820724c9245ceab3191faff125391738d5fa2eaf7ee9c03967", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:30", "1738264", "08708a5c1411cdd564ef5cec28fad022", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:29", "1738260", "d5f802bd98ca36573e90c10880da82eac5a29c0b7b5da05215afb25ac470d6c4", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:29", "1738261", "80276be74942a14ded4a1053d81a1a01", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:28", "1738257", "67aea956ead95487a4c133ff90971e05ba93f218ead1ef3bd8d09754f4be83e9", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:28", "1738258", "52dc23bd38dd2aea4ea6c6377541e274", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:28", "1738259", "2ea3cc1e41471bf8221ecfa7b4e08b1a1c93bdc1", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:27", "1738254", "defa6f8927f509c23b547e5eb6c060a4c7ee0dbde06bd90cbd4931399c679223", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:27", "1738255", "293dff798341936a6a9d9c6bb80e2695", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:27", "1738256", "d08e22dd3d4f73e1e6790837bc970e24745a80ad", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:26", "1738251", "440fba62f56b253727f0aef7ffa577940559240f12feb3d9dc29ebf143ecb58a", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:26", "1738252", "731649c76d1e9910798d1ffc92f11033", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:26", "1738253", "9e160731cc82a4319f5f16255670cc2798050c74", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:25", "1738249", "e78632cf69b40bef929e3f28df63397e", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:25", "1738250", "672d1db5b400f19cedc87616e14bb7b85b5d152d", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:24", "1738246", "0597ea6f9d8fdcbb97a7a802a80f3e89", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:24", "1738247", "02e1af8e81b57d86950be970e0456ff2e5ae3e27", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:24", "1738248", "fbe581b915bf8834a40acfa53dc74dc5ac69cca535cbd7a72f9745943de68eb2", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:23", "1738243", "8f221bab1751516816b955914d6e9415", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:23", "1738244", "c821df1100324fa7c47658ab8f4d868596b1fb8a", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:23", "1738245", "83995168d1f08e2f332c48bb83537e7a9dfa1a73c680f3ce3c30f517ec3c2890", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:22", "1738240", "8d2e81bf7e504d9ac8fc993a209e507b", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:22", "1738241", "6ef3af4ad7879314cb1b9034759ac06833d3e608", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:22", "1738242", "d82f2d67e72874d7bf90cf472dd059ef1308b65db7657cac65196b55adaa8c04", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:21", "1738238", "ca8d9df57687b4c16e981e1ab62d960bcf0164a0", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:21", "1738239", "16e8f81696854956079e5fd11e7d85688e6d2da869e4b50fddb8c1ba9dd999ae", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:20", "1738235", "16eb0174503e4500faf78860f21691a54cafd993", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:20", "1738236", "841bd3307cb1a34c5f6a907217bd09c5e4d9e7500e2863a8cd956793014d5f2e", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:20", "1738237", "848d2df9ffd28239721b660752856528", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:19", "1738232", "7cfa1cf891686011ce295eeabace379a91248016", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:19", "1738233", "5a721e420c6fc129a198af6fd7458202c574cff68e0b60b4372a8af5767bd2d9", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:19", "1738234", "73f0f1a64ed8519d8382f0d8dc211981", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:18", "1738230", "7dd1eb0fb7d51e0fe42cf8aebcaadab568f22496d9ea72a3abcbf4cc4bb5f6f4", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:18", "1738231", "b2e4c53d3e5832f1ce25b22ebd1eff34", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:17", "1738227", "dbbb1c1ad17996d18e3e28537e0188b204657e87b8cb495e05bdb36c75cae466", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:17", "1738228", "79cb53f60910c0893ac584e499a7cc8d", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:17", "1738229", "35f4860e6f8e515a4291458b196de790138aac9a", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:16", "1738224", "6bd08db7fc4fa26607d52d0686510da22d4ff87224f52addd0589ba661d30747", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:16", "1738225", "506686dadaff5ef94d1370d8d8c81794", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:16", "1738226", "89edd144814044541217a0c5973e768d5f69052e", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:15", "1738221", "3108e12991421edf2db009520b87ec9827495ffc9d442f574b011b54fb297215", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:15", "1738222", "71665287e453c8f36d3350c54be3abb7", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:15", "1738223", "9c7cd637520c362a12019af4fcc8a887fb23d6e2", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:14", "1738218", "eadedc1029829676460e4a64eabd39a11f3753767c000d48cc55a584a5e5a143", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:14", "1738219", "c7798d0a40dadd9788cbe73cccdffe13", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:14", "1738220", "467355ddaa0e5a66917c216e5cf36c06b8f1e222", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:13", "1738216", "e110a0df8505907058762840e1cb7aab", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:13", "1738217", "9a3f2caadb9428e4f25af2b99e7261b3c6c958ab", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:12", "1738213", "793813ddcc1ea542c98b0c082a025a2a", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:12", "1738214", "8813278f23fd3282e0fd1ebb06b2bcdf2b173018", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:12", "1738215", "b0b03088a13826b27d3d1dc888057a649d4edf07fbff5de71508d08c67bf11b4", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:11", "1738211", "162e4777b60919f8d2747588181135f5664eee20", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:11", "1738212", "0e94ec2e86ad128c1a998e462c3aba2b38fb0714980aa97e4013cb314127d25a", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:10", "1738208", "864473e21fa63bcae0baffbbaeace361661d860b", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:10", "1738209", "256b9eb0b0ef69eeee00712c0e9fab59601934633f2bb6d0a0b10ac04bd5b2ab", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:10", "1738210", "a9c5c2a2ab6289eae0a3320287444bda", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:09", "1738206", "80fe2a8dc81df04af4f88d063fe8b9d7d884456ab2eeb42bb0c45650c711eb55", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:09", "1738207", "2f495a85ce54b3a5b45a57e31f80b301", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:08", "1738203", "7d24b4af7a5b9e599862bf1566c64e6465871cf3d360676346088eb2f176ae07", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:08", "1738204", "e043acd1d973e09631317135f30d0a67", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:08", "1738205", "dbfa482a1aa702842d8d8767c0e6d53dc53273d1", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:07", "1738201", "ba8291a7d062dcfcdf824399b42eef9f", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:07", "1738202", "0de2d33b6092da1226c638653cd2ef3ff74de7a8", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:06", "1738199", "406e6065cac225b47784fb07230962e28abbb6fa", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:06", "1738200", "67e7b0bf057c8c7ef117be16a168833235920d0af16921ff59d0866f0d05e050", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:05", "1738197", "48caa1c5b9a6b41f64e6f01f74a6ed1623459c064235f772d832153274944fe2", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:05", "1738198", "208b59950fe180725d172c46d8272b0a", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:04", "1738195", "4f1e931372fcddf5c4127b6160c795ee", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:04", "1738196", "16498592ff4d57f7c4734cf0f0336bb0f079a31d", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:03", "1738192", "d5c426917290860bebaea865aa7bc434", "md5_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:03", "1738193", "376dfecae09e3f5980b5bb860369461f2a78f581", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:03", "1738194", "22e8d2ada4c9fae8d1a8d1979a377cabfbdf0d0d59e7a4600f4f461303a7a789", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:02", "1738191", "b75b985834dfecca9a88389d1a980e9ef3c2b8648e71df7c901aba0645535e59", "sha256_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:01", "1738190", "52514c7cdd826e40cddb30865ff3b04206fda5c2", "sha1_hash", "payload", "win.remoteadmin", "None", "RemoteAdmin", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:00", "1738187", "726eaefe82c0c415dc34bc6473fc60f335c1fedc", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:00", "1738188", "afd41a672f348abb8dabc8a493a0ffa1199019ead9b0bd92cb327d4bbfe97771", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:45:00", "1738189", "5f1c145a4ecdc81be42ab7302324eea0", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:59", "1738184", "ecd5cdb91b199d6c21920fc911263adda49c4f99", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:59", "1738185", "c08dcea8a617c425eae853beffe21c8b073365e1cd1139a33f5581712775a539", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:59", "1738186", "63ca476610030d2620b1f2833374f69e", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:58", "1738180", "d3352432942dd366696608997f38697f", "md5_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:58", "1738181", "f193864f6b4fd443eba840a3842d2627294dce87", "sha1_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:58", "1738182", "b67b83f78ebcc7db4a94ec331ab4daee3bf9f46cc8116c62f15f087c07685d35", "sha256_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:58", "1738183", "c5c013a2adab4975d53ec472b00b93a8", "md5_hash", "payload", "win.amadey", "None", "Amadey", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:57", "1738177", "f6d39cd70574552b495e95eacbfcebb1", "md5_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:57", "1738178", "0d3ef42b5e5cbbad4b5ab5d20dc2414baf00d6e4", "sha1_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:57", "1738179", "97fcade14a4697704b96d562adf10d1f4ac4a4c2eba03485d6d2ae4a8a27d6af", "sha256_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:56", "1738174", "f8e2d82f3d7840311822f0461d85f068", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:56", "1738175", "ac235ac6c88cec9e6a7fc8c289e9fddc147c85e1", "sha1_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:56", "1738176", "f2c58bfb5a9287de35285b6ddd10c0b1837bd47402ff2a283c3699470e692485", "sha256_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:55", "1738171", "bbdd594b564452ed2c5a88a0a587f1a0", "md5_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:55", "1738172", "c239928ba16aa6e02b8c18baf1dbecb5a5a48a10", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:55", "1738173", "f424bb11bb0e71134361f14d3d698933095f8d464d710eb12c131652bbda5164", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:54", "1738167", "19fb32716d133b84c3cf11a50ee2b66a0ff09727b32961907ff7e90bb194708d", "sha256_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:54", "1738168", "ac7828b2c5cb4f2bb66cc4d083c9bb84", "md5_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:54", "1738169", "932cdd30d33a9c30a7cad1f9f109113daf9814c9", "sha1_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:54", "1738170", "9a8e23b068860e3a643fffdf2164f98b75b63439466cb68feaf61a554df75fe8", "sha256_hash", "payload", "win.gogoogle", "BossiTossi", "GoGoogle", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:53", "1738164", "72967afff75ab7d1701e7342e2f57ce9d7a96e7e88e058bd94592e6834d29886", "sha256_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:53", "1738165", "9c9153a242f5dcba7dcf8ce29bbbd01c", "md5_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:53", "1738166", "a632f58cd1aeab2924cb868fe99ca1403e04f821", "sha1_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:52", "1738161", "0199cf83407463ab7e15c7340e1cd33bd69b7a6a4e4768e0d07bc1fd24e412fa", "sha256_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:52", "1738162", "4bce138970d72c25c7b06d608b7d761a", "md5_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:52", "1738163", "106c1c85e7ee3cbfb9154598babc7469b9a9ecd2", "sha1_hash", "payload", "win.peddlecheap", "None", "PeddleCheap", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:51", "1738158", "0e211c13ea627d3f7ae9023d2d7c1f972f56f8f0c0cd3cf3a52b2565d2e638ca", "sha256_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:51", "1738159", "c2258acf746dd2a2e2647e98d58c9ec0", "md5_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:51", "1738160", "cf4e5a3cf58bce47f21119aa26f963814b9f3634", "sha1_hash", "payload", "win.socks5_systemz", "None", "Socks5 Systemz", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:50", "1738155", "d8f6dad64c78b9767d8c2004c05bce64d30d8d268276dfff4adab45781e6fe1c", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:50", "1738156", "7440e0323df806c324ebcc97306687db", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:50", "1738157", "0a931d5e4ef2bafdc340b5a059d895846344bc18", "sha1_hash", "payload", "win.darktortilla", "None", "DarkTortilla", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:49", "1738152", "d888ec89be375ac3547cc265de51929ca87c78894241110810ea99b91863488f", "sha256_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:49", "1738153", "408258ce7d4136a77b3e871708d56cf0", "md5_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:49", "1738154", "b5b6ca51a18389e8d0fb624bd0d876041b5cdfa9", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:48", "1738148", "3c9b0cdf32d4fcd28fffd844e0a0a95f8ab1cba6", "sha1_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:48", "1738149", "06dc0dc2633650beab0dcf965322f86c7b25bc0509b812ce1cad7af30b653237", "sha256_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:48", "1738150", "faa90497b67d61e5462e5a76c73f8eda", "md5_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:48", "1738151", "cd00de71ec391b8a66a1a73fc85c1beb2f69cb06", "sha1_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:47", "1738147", "e82f218247b54e79b6cc97534ecf01ab", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:46", "1738144", "b0619c107c1226c96eda832aac3c6fd7", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:46", "1738145", "315418670ca4bc1ee3f04602b4812b115c282163", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:46", "1738146", "c5bfd0abb2e443daf2b319726ee97aadc657aacde9f466228efe908e2193e9b3", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:45", "1738142", "b7253b1bdd39e5742336abdb1aba3401afb4e449", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:45", "1738143", "d981c2a5f48e1c8d771a96fdded17e488ae1f5f5e0d182f9a40e7b25c8a7f501", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:44", "1738139", "efbf0204e9e6a6bf2fff5b858bb1332e6526504f", "sha1_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:44", "1738140", "e3681e3420738b53d7c9566335a9b88d11f94369744da726bf41d34305330c3e", "sha256_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:44", "1738141", "40c8e4774806b8a50c0691a0bd991458", "md5_hash", "payload", "win.reverse_rat", "None", "ReverseRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:43", "1738137", "e5cc1cac795755ade9067768ac3a2d037ab18977e4223291d55e636663a3d282", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:43", "1738138", "0c4d428d89e7fe285265133e38280036", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:42", "1738135", "510d8c1ed805b3ab6c99a1db64cfd508", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:42", "1738136", "6fe60b1e283fde4a12942b5d8ee25388e3285d50", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:41", "1738133", "040faaee02ae239c50855853d75e9a2373c4e20e", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:41", "1738134", "a10e2a453eaf617ffed2ec5a5f33248a56bf81426a04a199fa468083ab5f5e34", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:40", "1738130", "0a4689d32ed666af87fb1d150e57a0ab56a92d34", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:40", "1738131", "60cd8949dd366aa94383409dde4e7840d85db4f2cea2eef7f773b9fe2d36bc68", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:40", "1738132", "0893a048d51f7198652a597a10b60fd2", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:39", "1738127", "b5e2f5f42b8b4acb5a5d0be2eee8c9bbe86d9868", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:39", "1738128", "4d60481b15d3c0fe5f925a702fdf67b5efc016dc360407189f3d30429f205c31", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:39", "1738129", "d43b7470c1a35b0bb8438f517260c042", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:38", "1738123", "fb49a77e4cb5e790d05ef3988b056751", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:38", "1738124", "b16a19ee0c5d2af86b30cdaf4c3e9a3988824246", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:38", "1738125", "3f30eb884452a6b86c47244eaaf528b7e517b6ac85a6c85099e57d7c69fd944b", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:38", "1738126", "6b0109b07e37e6908df413622d9ec765", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:37", "1738120", "94f6b55643b1ccec22d5194cc1e06195", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:37", "1738121", "bea8a85d5c73b37d0228da4552883a0cd8e4b20f", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:37", "1738122", "0af6f85cd8c718bcbb27bac01d8147f31fb62a84042fed655233a22edacd09ff", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:36", "1738119", "63101038b04ac1387a6e8849f6a9c7723120c748a57d663491f81e3b88b96f37", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:44:35", "1738118", "113c96ae749635c9417c0ac1c878cd3f87740d1f", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "False", "None", "None", "0", "Grim"
"2026-01-28 01:40:34", "1738117", "158.94.210.127:6991", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "75", "False", "https://bazaar.abuse.ch/sample/8d950928f9492e19a346689b43c077047d1ca80211714ab9adebd300f8bd1c11/", "xworm", "0", "abuse_ch"
"2026-01-28 01:30:42", "1738116", "http://148.135.19.62:8099/ebAU", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "False", "https://bazaar.abuse.ch/sample/63101038b04ac1387a6e8849f6a9c7723120c748a57d663491f81e3b88b96f37/", "cobaltstrike", "0", "abuse_ch"
"2026-01-28 01:30:33", "1738115", "mismilahioluwadoam.duckdns.org", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "False", "https://bazaar.abuse.ch/sample/4f4faefccd62720a0f4febe5da5b1bdba3c6a27325bccfc42d1b5642f10b7c6e/", "remcos", "0", "abuse_ch"
"2026-01-28 01:25:03", "1738114", "148.135.19.62:8099", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "False", "None", "CobaltStrike", "0", "abuse_ch"
"2026-01-28 01:15:55", "1738113", "http://45.93.20.55/xuiobvu/data.php", "url", "botnet_cc", "win.svcstealer", "None", "SVCStealer", "", "75", "False", "https://bazaar.abuse.ch/sample/a10e2a453eaf617ffed2ec5a5f33248a56bf81426a04a199fa468083ab5f5e34/", "svcstealer", "0", "abuse_ch"
"2026-01-28 01:15:51", "1738112", "ytloie.za.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/e5cc1cac795755ade9067768ac3a2d037ab18977e4223291d55e636663a3d282/", "asyncrat", "0", "abuse_ch"
"2026-01-28 01:15:47", "1738111", "wabnewszamanpaper23.ru.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/e5cc1cac795755ade9067768ac3a2d037ab18977e4223291d55e636663a3d282/", "asyncrat", "0", "abuse_ch"
"2026-01-28 01:15:44", "1738110", "ufpi.br.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/e5cc1cac795755ade9067768ac3a2d037ab18977e4223291d55e636663a3d282/", "asyncrat", "0", "abuse_ch"
"2026-01-28 01:15:42", "1738109", "solowheel.uk.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "False", "https://bazaar.abuse.ch/sample/e5cc1cac795755ade9067768ac3a2d037ab18977e4223291d55e636663a3d282/", "asyncrat", "0", "abuse_ch"
"2026-01-28 00:30:11", "1738107", "http://45.93.20.55/49dcd5e318c542c5.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "False", "None", "Steal", "0", "abuse_ch"
"2026-01-28 00:06:03", "1738105", "54.242.169.178:2053", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.242.169.178", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 00:06:03", "1738106", "54.242.169.178:6003", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.242.169.178", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 00:06:02", "1738104", "43.201.50.138:49501", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/43.201.50.138", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 00:06:00", "1738102", "57.180.249.131:5984", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/57.180.249.131", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 00:06:00", "1738103", "18.61.74.177:1433", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.61.74.177", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 00:05:59", "1738101", "15.228.235.185:24206", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/15.228.235.185", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 00:05:58", "1738100", "54.206.83.53:2078", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/54.206.83.53", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 00:05:57", "1738099", "34.228.159.232:4433", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/34.228.159.232", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-28 00:05:23", "1738098", "197.134.122.129:8080", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2026-01-28 11:00:35", "100", "False", "https://search.censys.io/hosts/197.134.122.129", "AS24835,C2,censys,Quasar,RAT,RAYA-AS", "0", "DonPasci"
"2026-01-27 23:40:13", "1738097", "https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl/x8ippjozsethnmp6q9rvwq", "url", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "False", "None", "ClearFake", "0", "threatcat_ch"
"2026-01-27 23:01:04", "1738095", "34.79.18.204:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/34.79.18.204", "AS396982,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-27 23:01:03", "1738094", "52.18.183.143:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/52.18.183.143", "AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-27 23:01:02", "1738092", "152.203.25.225:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/152.203.25.225", "AS3816,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-27 23:01:02", "1738093", "178.156.216.197:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/178.156.216.197", "AS213230,censys,GoPhish,HETZNER-CLOUD2-AS,Phishing", "0", "dyingbreeds_"
"2026-01-27 23:01:01", "1738091", "172.86.116.203:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/172.86.116.203", "AS14956,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-27 23:01:00", "1738089", "209.74.86.229:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/209.74.86.229", "AS22612,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-27 23:01:00", "1738090", "31.97.41.25:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/31.97.41.25", "AS-HOSTINGER,AS47583,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-27 23:00:58", "1738087", "8.163.28.196:23333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/8.163.28.196", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_"
"2026-01-27 23:00:58", "1738088", "116.202.12.202:403", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/116.202.12.202", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_"
"2026-01-27 23:00:50", "1738086", "172.104.228.241:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "False", "https://search.censys.io/hosts/172.104.228.241", "AS63949,censys,Viper", "0", "dyingbreeds_"
"2026-01-27 23:00:30", "1738085", "91.186.197.229:7777", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-28 00:05:29", "100", "False", "https://search.censys.io/hosts/91.186.197.229", "AS9123,C2,censys,RAT,TIMEWEB-AS", "0", "dyingbreeds_"
"2026-01-27 23:00:26", "1738083", "www.proxy1pal.shop", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-28 00:05:26", "100", "False", "https://search.censys.io/hosts/82.23.146.219+www.proxy1pal.shop", "AS212238,C2,CDNEXT,censys", "0", "dyingbreeds_"
"2026-01-27 23:00:26", "1738084", "denjak.store", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2026-01-28 00:05:25", "100", "False", "https://search.censys.io/hosts/79.133.51.186+denjak.store", "AS214036,C2,censys,ULTAHOST-AS", "0", "dyingbreeds_"
"2026-01-27 23:00:23", "1738082", "46.101.126.14:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-29 15:48:46", "100", "False", "https://search.censys.io/hosts/46.101.126.14", "AS14061,C2,censys,Mythic", "0", "dyingbreeds_"
"2026-01-27 23:00:22", "1738081", "47.86.96.217:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-29 15:48:53", "100", "False", "https://search.censys.io/hosts/47.86.96.217", "AS45102,C2,censys,Mythic", "0", "dyingbreeds_"
"2026-01-27 20:49:03", "1738079", "wxblockchain.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-28 13:51:41", "75", "False", "None", "CobaltStrike,drb-ra", "0", "abuse_ch"
"2026-01-27 20:05:55", "1738078", "51.16.244.131:57861", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/51.16.244.131", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:54", "1738076", "16.24.170.12:58603", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.24.170.12", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:54", "1738077", "16.24.170.12:2053", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.24.170.12", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:53", "1738074", "35.180.79.116:13555", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.180.79.116", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:53", "1738075", "35.180.79.116:19855", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/35.180.79.116", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:52", "1738073", "18.144.32.175:44819", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.144.32.175", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:51", "1738071", "34.248.138.190:54523", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/34.248.138.190", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:51", "1738072", "16.171.232.216:45233", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.171.232.216", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:50", "1738070", "52.53.234.11:4839", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/52.53.234.11", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:49", "1738069", "3.141.0.91:9430", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/3.141.0.91", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:48", "1738068", "52.90.222.101:22822", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/52.90.222.101", "AMAZON-AES,AS14618,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:47", "1738066", "18.170.216.3:12322", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/18.170.216.3", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:47", "1738067", "16.51.190.49:29414", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.51.190.49", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:46", "1738065", "16.52.46.184:49502", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "", "100", "False", "https://search.censys.io/hosts/16.52.46.184", "AMAZON-02,AS16509,C2,censys,hacktool,MetaSploit,Meterpreter", "0", "DonPasci"
"2026-01-27 20:05:16", "1738064", "103.85.225.63:8080", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2026-01-27 23:00:31", "100", "False", "https://search.censys.io/hosts/103.85.225.63", "AS401696,C2,censys,COGNETCLOUD,DcRAT,RAT", "0", "DonPasci"
"2026-01-27 20:05:10", "1738063", "102.117.165.71:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2026-01-29 15:43:05", "100", "False", "https://search.censys.io/hosts/102.117.165.71", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci"
"2026-01-27 20:05:05", "1738062", "138.226.246.11:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2026-01-29 15:44:01", "100", "False", "https://search.censys.io/hosts/138.226.246.11", "AS43641,AsyncRAT,C2,censys,RAT,SOLLUTIUM-NL", "0", "DonPasci"
"2026-01-27 20:04:51", "1738061", "144.172.108.11:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2026-01-29 15:44:14", "100", "False", "https://search.censys.io/hosts/144.172.108.11", "AS14956,C2,censys,RAT,Remcos,ROUTERHOSTING", "0", "DonPasci"
"2026-01-27 20:04:32", "1738060", "39.97.6.128:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2026-01-29 15:52:26", "100", "False", "https://search.censys.io/hosts/39.97.6.128", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci"
"2026-01-27 18:47:40", "1738053", "219.153.158.101:4506", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-29 15:47:56", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-01-27 18:45:41", "1738052", "165.227.105.59:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2026-01-29 15:46:17", "75", "False", "None", "BruteRatel,drb-ra", "0", "abuse_ch"
"2026-01-27 18:43:43", "1738051", "13.58.6.113:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2026-01-29 15:43:52", "75", "False", "None", "Deimos,drb-ra", "0", "abuse_ch"
"2026-01-27 18:07:25", "1738050", "yourfearcig.no-ip.biz", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "False", "https://tria.ge/260127-sfkmbacy6d", "C2,domain,njrat,triage", "0", "DonPasci"
"2026-01-27 18:04:35", "1738049", "myleingg.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260127-pyf53aey8e", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-27 18:04:34", "1738047", "22.tcp.cpolar.top", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260127-s8kg1sey3f", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-27 18:04:34", "1738048", "slayieure-62635.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "False", "https://tria.ge/260127-sfkbjscy6b", "C2,domain,triage,xworm", "0", "DonPasci"
"2026-01-27 17:51:52", "1738046", "45.156.87.80:42543", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "False", "https://urlhaus.abuse.ch/host/45.153.34.252/", "Mirai", "0", "NDA0E"
"2026-01-27 17:37:39", "1738045", "193.161.193.99:30188", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://www.virustotal.com/gui/file/3b7504f151dbdc69df5230833103a7d2cc584a3ba6dc1b06070b620d0df58bec", "AS198134,c2,GETWIFI-AS,Quasar,RAT,virustotal", "0", "DonPasci"
"2026-01-27 17:36:19", "1738044", "193.161.193.99:3397", "ip:port", "botnet_cc", "jar.adwind", "AlienSpy,JSocket,Frutas,UNRECOM,JBifrost,Sockrat", "AdWind", "", "100", "False", "https://tria.ge/260127-vlxj6sgz7g", "adwind,AS198134,c2,GETWIFI-AS,triage", "0", "DonPasci"
"2026-01-27 17:34:16", "1738043", "krast-30188.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "False", "https://www.virustotal.com/gui/file/3b7504f151dbdc69df5230833103a7d2cc584a3ba6dc1b06070b620d0df58bec", "c2,domain,quasar,rat,virustotal", "0", "DonPasci"
# Number of entries: 779