################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2024-04-26 03:15:12 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2024-04-26 03:15:12", "1262584", "http://taketa.top/JavascriptPollMultigeneratordatalife.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-26 02:58:05", "1262583", "85.203.42.194:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,ROYALE-AS", "0", "drb_ra" "2024-04-26 02:58:04", "1262582", "http://85.203.42.194/en_US/all.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,ROYALE-AS", "0", "drb_ra" "2024-04-26 02:55:12", "1262581", "http://45.77.223.48/~blog/?ajax=a", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2024-04-26 00:40:12", "1262579", "5.42.92.179:18418", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-26 01:13:09", "100", "None", "RedLineStealer", "0", "abuse_ch" "2024-04-25 22:58:17", "1262578", "http://124.70.154.188/load", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Huawei Cloud Service data center", "0", "drb_ra" "2024-04-25 22:13:27", "1262577", "http://103.116.245.79:808/dot.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,HFTCL-AS-AP High Family Technology Co. Limited", "0", "drb_ra" "2024-04-25 22:13:22", "1262576", "https://175.178.54.48/dot.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 22:13:18", "1262575", "44.194.227.114:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1862346740", "0", "drb_ra" "2024-04-25 22:13:17", "1262573", "https://dct4jph3as9lp.cloudfront.net/ms", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1862346740", "0", "drb_ra" "2024-04-25 22:13:17", "1262574", "dct4jph3as9lp.cloudfront.net", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AMAZON-AES,CobaltStrike,cs-watermark-1862346740", "0", "drb_ra" "2024-04-25 22:13:12", "1262571", "https://85.203.42.194/visit.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,ROYALE-AS", "0", "drb_ra" "2024-04-25 22:13:12", "1262572", "85.203.42.194:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,ROYALE-AS", "0", "drb_ra" "2024-04-25 22:13:00", "1262569", "https://23.94.169.124/loginin.html", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-666666666", "0", "drb_ra" "2024-04-25 22:13:00", "1262570", "23.94.169.124:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-666666666", "0", "drb_ra" "2024-04-25 22:12:56", "1262567", "https://8.134.11.7/pixel.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 22:12:56", "1262568", "8.134.11.7:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 22:07:06", "1262565", "flypadi.com", "domain", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "None", "infostealer,lokibot,stealer", "0", "SarlackLab" "2024-04-25 22:07:04", "1262496", "89.34.237.212:80", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "None", "infostealer,lokibot,stealer", "0", "SarlackLab" "2024-04-25 22:05:13", "1262566", "http://cz24519.tw1.ru/_Defaultwindows.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-25 21:41:09", "1262562", "https://cbg.divineunveil.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:09", "1262563", "https://pgdm.my/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:08", "1262561", "http://tutycholid.com/tangerang/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:07", "1262560", "https://vitrine.izaragency.com/model-2/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:06", "1262559", "https://taifateule.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:05", "1262557", "https://upr.lk/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:05", "1262558", "https://phs124168.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:04", "1262556", "http://phatthanhnghia.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:03", "1262555", "https://quotesparade.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:02", "1262554", "https://ugandainarabic.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:01", "1262553", "https://thayhoicoffee.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:00", "1262551", "https://ideosphere.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:41:00", "1262552", "http://vegasnights.co.za/wp/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:59", "1262550", "https://audio.daiphucminh.vn/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:58", "1262549", "https://seraphyaromatherapy.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:57", "1262548", "https://milkganache.com.br/chocolate/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:56", "1262547", "http://www.websitedesigningindia.biz/projects/visioncrystal/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:55", "1262546", "https://www.pansy-dz.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:54", "1262545", "https://ideanet.co.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:53", "1262544", "https://newsmedia247.site/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:52", "1262543", "https://reyadtours.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:51", "1262542", "https://bissecci.org/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:50", "1262541", "https://devaccrocs.allianceconsultants.net/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:49", "1262540", "https://manbaulhudaasia.aliyy.my/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:48", "1262539", "https://yahyacarpet.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:47", "1262538", "https://vitrine.izaragency.com/Epicure-Traiteur/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:46", "1262537", "https://antvietnam.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:45", "1262536", "https://direitopositivado.com.br/site/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:44", "1262535", "https://i.thietke.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:43", "1262534", "https://divifar.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:42", "1262533", "http://konsaltakuatorial.com/indigo/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:40:41", "1262532", "https://iswpcreator.com/networkconnect/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:30:00", "1262531", "https://grizmotras.com/live", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:29:59", "1262530", "https://pewwhranet.com/live", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:58", "1262529", "https://pgdm.my/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:57", "1262528", "https://cbg.divineunveil.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:56", "1262527", "http://tutycholid.com/tangerang/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:55", "1262526", "https://vitrine.izaragency.com/model-2/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:54", "1262525", "https://taifateule.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:53", "1262523", "https://upr.lk/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:53", "1262524", "https://phs124168.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:52", "1262522", "http://phatthanhnghia.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:51", "1262521", "https://quotesparade.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:50", "1262520", "https://ugandainarabic.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:49", "1262518", "http://vegasnights.co.za/wp/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:49", "1262519", "https://thayhoicoffee.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:48", "1262517", "https://ideosphere.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:47", "1262516", "https://audio.daiphucminh.vn/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:46", "1262514", "https://milkganache.com.br/chocolate/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:46", "1262515", "https://seraphyaromatherapy.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:45", "1262513", "http://www.websitedesigningindia.biz/projects/visioncrystal/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:44", "1262512", "https://www.pansy-dz.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:43", "1262511", "https://ideanet.co.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:42", "1262509", "https://reyadtours.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:42", "1262510", "https://newsmedia247.site/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:41", "1262508", "https://bissecci.org/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:40", "1262507", "https://devaccrocs.allianceconsultants.net/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:39", "1262506", "https://manbaulhudaasia.aliyy.my/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:38", "1262505", "https://yahyacarpet.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:37", "1262504", "https://vitrine.izaragency.com/Epicure-Traiteur/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:36", "1262503", "https://antvietnam.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:35", "1262501", "https://i.thietke.in/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:35", "1262502", "https://direitopositivado.com.br/site/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:34", "1262500", "https://divifar.com/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:33", "1262499", "http://konsaltakuatorial.com/indigo/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:20:32", "1262498", "https://iswpcreator.com/networkconnect/wp-content/plugins/user-private-files/shared/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 21:10:10", "1262497", "https://nlqbgkl5.org/security_check/", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 20:44:07", "1262495", "http://45.95.11.217/ad.msi", "url", "payload_delivery", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 20:43:49", "1262494", "https://wrankaget.site/live/", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "2024-04-25 21:29:58", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 20:43:48", "1262493", "https://jarinamaers.shop/live/", "url", "botnet_cc", "win.unidentified_111", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Unidentified 111 (Latrodectus)", "2024-04-25 21:29:58", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 20:32:31", "1262454", "https://svif-venezuela.com/data.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "base64-encoded-zip,NetSupport", "0", "NDA0N" "2024-04-25 20:32:30", "1262455", "http://svif-venezuela.com/data.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "base64-encoded-zip,NetSupport", "0", "NDA0N" "2024-04-25 20:32:30", "1262456", "http://94.131.101.129/data.php", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "base64-encoded-zip,NetSupport", "0", "NDA0N" "2024-04-25 20:32:30", "1262457", "svif-venezuela.com", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "NetSupport", "0", "NDA0N" "2024-04-25 20:32:29", "1262461", "https://33moneycshlazim33.shop/MmExODA3MDAzZjA5/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 20:32:28", "1262462", "https://moneycsasfasfh.shop/MmExODA3MDAzZjA5/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 20:32:27", "1262460", "trembolone.zapto.org", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-04-25 20:32:27", "1262464", "https://moneycsffhgm7.shop/MmExODA3MDAzZjA5/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 20:32:26", "1262459", "91.92.240.43:43957", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-04-25 20:32:26", "1262463", "https://moneymaskalandd.shop/MmExODA3MDAzZjA5/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 20:32:25", "1262465", "minjuthecutest.com", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://bazaar.abuse.ch/sample/a18106059f5438c0cb46c20aefd36a3cd7cbf4762a3d4ff2daa7312f4cbc7b79/", "None", "0", "NDA0N" "2024-04-25 20:32:24", "1262489", "91.92.240.43:2006", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,condi", "0", "redrabytes" "2024-04-25 20:32:24", "1262490", "91.92.243.102:1990", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2024-04-25 20:32:23", "1262491", "89.185.30.66:2006", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2024-04-25 20:32:23", "1262492", "45.88.90.46:6969", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "redrabytes" "2024-04-25 18:50:11", "1262488", "54.36.113.159:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/54.36.113.159", "Hookbot Pegasus,OVH", "0", "drb_ra" "2024-04-25 18:50:05", "1262487", "185.125.50.198:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/185.125.50.198", "H2NEXUS-AS,Hookbot Pegasus", "0", "drb_ra" "2024-04-25 18:49:48", "1262486", "109.120.177.48:80", "ip:port", "botnet_cc", "win.meduza", "None", "Meduza Stealer", "", "50", "https://search.censys.io/hosts/109.120.177.48", "AEZA-AS,Meduza Stealer", "0", "drb_ra" "2024-04-25 18:49:27", "1262485", "120.46.59.252:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/120.46.59.252", "HWCSNET Huawei Cloud Service data center,Supershell", "0", "drb_ra" "2024-04-25 18:49:07", "1262484", "45.63.124.134:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.63.124.134", "AS-CHOOPA,Supershell", "0", "drb_ra" "2024-04-25 18:49:04", "1262483", "52.26.153.104:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/52.26.153.104", "AMAZON-02,Supershell", "0", "drb_ra" "2024-04-25 18:48:59", "1262482", "43.139.113.158:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/43.139.113.158", "Supershell,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 18:48:35", "1262481", "147.78.103.197:4443", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/147.78.103.197", "DcRat,NETRESEARCH", "0", "drb_ra" "2024-04-25 18:48:28", "1262480", "46.246.80.7:8000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/46.246.80.7", "DcRat,PORTLANE www.portlane.com", "0", "drb_ra" "2024-04-25 18:48:16", "1262479", "193.92.65.11:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/193.92.65.11", "FORTHNET-GR Forthnet,Qakbot", "0", "drb_ra" "2024-04-25 18:48:01", "1262478", "13.126.220.163:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/13.126.220.163", "AMAZON-02,Responder", "0", "drb_ra" "2024-04-25 18:47:56", "1262477", "84.249.120.228:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/84.249.120.228", "Responder,TSF-IP-CORE Telia Finland Oyj", "0", "drb_ra" "2024-04-25 18:47:41", "1262476", "18.253.226.108:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/18.253.226.108", "AMAZON EXPANSION,Havoc", "0", "drb_ra" "2024-04-25 18:47:40", "1262475", "18.253.226.108:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/18.253.226.108", "AMAZON EXPANSION,Havoc", "0", "drb_ra" "2024-04-25 18:47:25", "1262474", "5.42.85.10:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/5.42.85.10", "AEZA-AS,Havoc", "0", "drb_ra" "2024-04-25 18:47:20", "1262473", "18.118.8.124:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/18.118.8.124", "AMAZON-02,Havoc", "0", "drb_ra" "2024-04-25 18:47:13", "1262472", "142.93.142.34:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/142.93.142.34", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-04-25 18:46:21", "1262471", "89.117.172.225:58895", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/89.117.172.225", "Deimos,LIMESTONENETWORKS", "0", "drb_ra" "2024-04-25 18:40:05", "1262470", "http://119.186.205.191:57011/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2024-04-25 18:36:02", "1262469", "45.15.156.9:8081", "ip:port", "botnet_cc", "win.risepro", "None", "RisePro", "2024-04-26 05:12:02", "50", "https://tracker.viriback.com/index.php?q=45.15.156.9", "Risepro,ViriBack", "0", "abuse_ch" "2024-04-25 17:59:48", "1262467", "https://88.214.27.89/preload", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824", "0", "drb_ra" "2024-04-25 17:59:48", "1262468", "88.214.27.89:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824", "0", "drb_ra" "2024-04-25 17:55:20", "1262466", "45.15.156.9:50500", "ip:port", "botnet_cc", "win.risepro", "None", "RisePro", "", "100", "None", "RiseProStealer", "0", "abuse_ch" "2024-04-25 16:13:57", "1262280", "https://138.124.180.84/files/netsupport43.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:57", "1262281", "http://138.124.180.84/files/netsupport43.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:56", "1262282", "https://cdn43.space/files/AdvancedIPScanner.msix", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:56", "1262283", "https://cdn43.space/files/netsupport43.zip", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:56", "1262284", "cdn43.space", "domain", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:55", "1262285", "138.124.180.84:80", "ip:port", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:55", "1262286", "138.124.180.84:443", "ip:port", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:55", "1262287", "http://byvlsa.com", "url", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "", "magecart", "0", "cyberja" "2024-04-25 16:13:54", "1262288", "http://cdn-report.com", "url", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "", "magecart", "0", "cyberja" "2024-04-25 16:13:54", "1262290", "http://woocomnerce.com", "url", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "", "magecart", "0", "cyberja" "2024-04-25 16:13:53", "1262291", "http://hollandtrees.com", "url", "payload_delivery", "js.magecart", "None", "magecart", "", "100", "", "magecart", "0", "cyberja" "2024-04-25 16:13:53", "1262292", "89.185.30.66:43957", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-04-25 16:13:52", "1262279", "http://138.124.180.84/files/AdvancedIPScanner.msix", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 16:13:52", "1262293", "bot.qngxgw.eu.org", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "None", "Moobot", "0", "elfdigest" "2024-04-25 16:13:51", "1262275", "193.222.62.236:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "None", "KeitaroTDS,SocGholish", "0", "threatcat_ch" "2024-04-25 16:13:51", "1262278", "https://138.124.180.84/files/AdvancedIPScanner.msix", "url", "payload_delivery", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "NDA0N" "2024-04-25 15:32:00", "1262453", "94.232.45.77:443", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "60", "None", "None", "0", "Rony" "2024-04-25 15:24:26", "1262451", "212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:26", "1262452", "d41582bde613bd63caffa80f482e692b", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:23", "1262450", "d1ccf0f0f4224e4daa412c868729977cddec079e", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:09", "1262449", "362978ed1c1eec5ff19b744601e082a2", "md5_hash", "payload", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:08", "1262448", "af6a9b7e7aefeb903c76417ed2b8399b73657440ad5f8b48a25cfe5e97ff868f", "sha256_hash", "payload", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:05", "1262447", "9c9e834e1c38a50fc6cb3ceef4963a4a0026d5af", "sha1_hash", "payload", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:04", "1262445", "c84f8c3f58c2d8193d9f78cffb67205037b48b66c1287e06413f11cbe0e16038", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:04", "1262446", "fcc226702f89fb80675c9b20156500f3", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:00", "1262443", "301a50dbf2903823a87860c5fcd8941d", "md5_hash", "payload", "win.fatduke", "None", "FatDuke", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:24:00", "1262444", "0f8b46119867e39e95de3b2f3b1aaa9784c2664d", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:59", "1262442", "b570f694c37aa5184d86a9a6c903bedec10d53f5ae5979ca047a25b43ce62575", "sha256_hash", "payload", "win.fatduke", "None", "FatDuke", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:56", "1262441", "180936e169c0b303d89aef3ee3e01083b8b4219f", "sha1_hash", "payload", "win.fatduke", "None", "FatDuke", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:55", "1262439", "9eef226fdb7d6c554cd552fc3f597ebfd6d77e33b95db53f7a631a75acf0c270", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:55", "1262440", "439f6db2adb770a0f825879c91da9904", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:52", "1262438", "6b997f099e01ba06378a58115f65d515a22f5fb1", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:51", "1262436", "7468b2db67d7df89dc67b64c6a6a487bc67da85c11e03036b26290d8218101a6", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:51", "1262437", "23e189bd0552c1601a8e0f9ba8d15c86", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:48", "1262435", "4094f42d511ab76f00f62dad7d40d42015e87651", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:47", "1262433", "ba1c1884ec9bc5326e183aa6a6f31a7f0f3a78f0ae04a5d13aba1eba1ac3448e", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:47", "1262434", "12d3e11ae0227e8182db020a1f875b67", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:44", "1262431", "b47307545c821c03b617776a41df1741", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:44", "1262432", "ec4525cf7bd7b85e9fbd3101faf7dafaeb83424e", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:43", "1262430", "0f2be1e974ae7ee9be5354fbef333e105cce5c25473648e66a67269d560220f4", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:40", "1262428", "8ddbe91dac2d37f344e4e8dd94dc73ee", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:40", "1262429", "086f735fcd95e8d3608e22494ae3cadd4d9d7acb", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:39", "1262427", "aad1d01aac286d947ba465b0a639add4188cd87aff233946b293f3fd91986438", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:37", "1262425", "4f8fb134c680d0e05861a34827751834", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:37", "1262426", "7928fb3558db9214709fd473597c52bc72f761dc", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:36", "1262424", "9c9ed624eaf441b4637d50fe25d386636c5cb59fb69f5b824afc7cec6dfff7f0", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:34", "1262422", "6ce756cf6ff2be0a373ed026d603ff3a", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:34", "1262423", "5a20d1ff30218dea67d3ff7f61e16e5cc958006f", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:33", "1262421", "88c8961a315e2badff5a30985646c2349a8c115a20a892a52b0888001d2af94a", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:31", "1262419", "19f46c713419f534c1532645b764c7b4", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:31", "1262420", "ad6ed291a7893369188f7da9b93fa544f9400af4", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:30", "1262418", "8b7851ae383ee5e1d106322f99d0a6149044e317ed310ce7464ff7d82afa725c", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:28", "1262417", "f61f07d60704ff3d843596a6068b12f565bbed23", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:27", "1262415", "0b80ebd4dffd54e98c8dd781246d247546f9e47ca86eca4215b07d8631370891", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:27", "1262416", "b0df4f1b7801ed3666e01ee888e4c2af", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:25", "1262414", "d9cdc9cc4b68e351e2b14e42a8adb93210fe64b9", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:24", "1262412", "81f6b674f3bc9a33424293cba5b2f63a9717afcdc1e6619a2a335d0e41546a03", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:24", "1262413", "a517b351592a68de19d643d3702433e6", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:22", "1262411", "e49d9ec67336d00a7c6772aebbbb28e8af82cfd4", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:21", "1262409", "0e40646d6311552a7f6e7a386a06421d97de655f65b099e455cf22db10afd746", "sha256_hash", "payload", "win.teambot", "FINTEAM", "TeamBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:21", "1262410", "106c2cfb1162fc8fe3cef0958474f1c3", "md5_hash", "payload", "win.teambot", "FINTEAM", "TeamBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:19", "1262407", "f207a52477086eaf27141c780530336d", "md5_hash", "payload", "win.pikabot", "None", "Pikabot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:19", "1262408", "c63e3e70248ac3dbd45cd2a6d51a55e9747fd6e4", "sha1_hash", "payload", "win.teambot", "FINTEAM", "TeamBot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:18", "1262406", "ce742b7cc94a5c668116d343b6a9677523dc13b358294bba3cd248fba8b880da", "sha256_hash", "payload", "win.pikabot", "None", "Pikabot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:16", "1262404", "d760dc358592d6717d4d6ca1ca0b4a41", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:16", "1262405", "cb3ea1f333d8b80b5ddda33bb1366a46b22dbeaa", "sha1_hash", "payload", "win.pikabot", "None", "Pikabot", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:15", "1262403", "87c5e257097fbb317f8f64250f0796574dfaf1e132e4819dc9c62d9d59c227dd", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:13", "1262401", "d53e9b9d10affcf90e613abccc702ca2", "md5_hash", "payload", "win.typhon_stealer", "Typhon Reborn V2", "Typhon Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:13", "1262402", "c9cecc6110f3568c4b8d38c95f834b3bf7a7c0d8", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:12", "1262400", "0bcfadb848694ee56bf3fad6c3a9df4fde2d60cd52ce2a16be42b06fda520812", "sha256_hash", "payload", "win.typhon_stealer", "Typhon Reborn V2", "Typhon Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:10", "1262399", "24849b1a515347a75804d53c483ce6dffc78dbcc", "sha1_hash", "payload", "win.typhon_stealer", "Typhon Reborn V2", "Typhon Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:09", "1262397", "fa0e9e5559910365f159a438c5b6ebc401dbdfe0e349a63c85f695d61a904500", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:09", "1262398", "a963ffef0ef9cfcee28853394947cb02", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:07", "1262396", "abc9d7df3e07b029aea7b065e9dbfa257b3e951c", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:06", "1262394", "b06ef71a820a829fc010a3bc33b6c630282b94d831e25f972b7173f0783b76c9", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:06", "1262395", "a94578e1a694ba09dc9ed5dc7df60fcc", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:04", "1262393", "8ea85a39e4e456e79db46abfe00f9be73c8e254e", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:03", "1262391", "915bf5a44dfb26884cc24273094cc0043ba7e76eb7557b5f5f962bb75ec3377f", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:03", "1262392", "3d5b5f606bb9ba67e94039a7a6986e73", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:23:00", "1262390", "2df9bc47d9719d24b3e3a2d06738cc95e5e33aa0", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:59", "1262388", "3708d1bd614bd0a96c34dc96c7ef75bb6386b401b6e81b019293a8964447c90a", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:59", "1262389", "b1048f879fa97d356045037bddc4add3", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:57", "1262386", "b321fbc4a5947b5e623708e11a166692", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:57", "1262387", "5e4a581b9756c930af7f0f07020fa668e1ec7143", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:56", "1262385", "d1396a1ec855bd2cd988d0473161c5fba7ac170ba8e2f31b00d2689b517a0f22", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:54", "1262383", "7b3e62bcbeed62a180220669f6a0c548", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:54", "1262384", "a47346617fe2b1dda2920a23179daf9b36bbb06e", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:53", "1262382", "32cad0a627c9f3bf1172d0fc11a5492b2ff20e3e5509f53e0ac83e87d15f2a5d", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:52", "1262381", "3d12e7bf87ce03fe4c59c5127e225dfd37b7a530", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:51", "1262380", "b3dde3d29de6b58cd247ccd2193e4ced", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:50", "1262379", "c1c4559afcf94b6134fad4507537eced00e44d77000ec17b61352439558c5b43", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:49", "1262378", "2a1b433479743a064c3fb8a46d3b677c1af4a115", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:48", "1262376", "e2798e218dd3dc6dcef7a86a0f143acbbbb6d6b4a3aff594b1186c878fecc91a", "sha256_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:48", "1262377", "b54147f2898416a133000ca23f2f698d", "md5_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:46", "1262375", "481632cb0bc1b7e9073140a882e5412278044533", "sha1_hash", "payload", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:45", "1262373", "43f846c12c24a078ebe33f71e8ea3b4f75107aeb275e2c3cd9dc61617c9757fc", "sha256_hash", "payload", "win.phobos", "None", "Phobos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:45", "1262374", "4e93c194b641d9b849f270531ec14d20", "md5_hash", "payload", "win.phobos", "None", "Phobos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:43", "1262371", "0323dc105421401d34155403f091ecbe", "md5_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:43", "1262372", "8b5a21254a0c10e3ca2570eeba490755197b544e", "sha1_hash", "payload", "win.phobos", "None", "Phobos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:42", "1262370", "a3ebc58cb7aebd21137225e16f6686642708e665fceb1f77e54c2413f6c0e706", "sha256_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:40", "1262368", "50e5dec57451005668704281688ca55d", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:40", "1262369", "f71675f7d669437852c55c308cbf3f25e0e923df", "sha1_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:39", "1262367", "062683257386c9e41a1cd1493f029d817445c37f7c65386d54122fa466419ce1", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:38", "1262366", "67dd4ac7eb8c193b39149b34d3a0d5bc21c3f200", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:37", "1262364", "1ecea8b0bc92378bf2bdd1c14ae1628c573569419b91cc34504d2c3f8bb9f8b2", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:37", "1262365", "b7b4c97132d03eead1fa9a9352dee6c2", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:35", "1262363", "c9eb1bdc528076fa9c91668addf0723294ac1575", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:34", "1262361", "62c2c1f7335ed8b0a2120b1cf42a4c55cae1869a0245bef10d51de037e0d7ddf", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:34", "1262362", "bd129b2710c1f8fa9aa98dcc35c5b6b9", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:32", "1262359", "946a0735432aca25fa370970e97a3dbb", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:32", "1262360", "572034f781967e768d6d9b49de62217561538a45", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:31", "1262358", "7628ace4f2627bc65377a8123ce9e05849e4e4b3fd5b862e03ffcee42274ccfb", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:29", "1262356", "3b5a9930c02e7e42ac52627179137656", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:29", "1262357", "9ffac6be378c7379a8ea11a5a439445a46f6bb5c", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:28", "1262355", "5d6a67ab649ed8610da623191e8925e4804c9d0eb424b8f50be64b20c098a890", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:26", "1262353", "0cddb3e724f9bb0314bf8c50db240cf0", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:26", "1262354", "c7c8753c5ff727097fdf8b02b457d34e6f88ac18", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:25", "1262352", "3ebacca195af8a57792fa7fa13c371bc68078d8c33f0d16220c6b65df1271d3e", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:24", "1262351", "8018274d23411ab33bf16168036de21e2790aa0b", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:23", "1262350", "2ad3527444357f19cd120fa1b8bd2f23", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:22", "1262349", "dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:21", "1262348", "ac986ab9967bc084565ed13aa9434eafcc6d4752", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:20", "1262346", "480b540cb344d74306d03347658b2018a4b8504f4055ad15ba43456953d7b33c", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:20", "1262347", "41de8e3e7412b6e97b60fdbfdd24b0ba", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:18", "1262345", "fa48e5a86b5f2b04b79f6c3459339a16c2db6aaa", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:17", "1262343", "deb91032be610ab0761ed5e1076877458b9adbbbf79ae250672fc1c2f5fc8d0a", "sha256_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:17", "1262344", "34730f3da822589c3b36ec7197ede429", "md5_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:15", "1262341", "11b19b59f657910f0af49721a77bc2dd", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:15", "1262342", "666691e4d03bb9d885184e80d5ec5639ef56a886", "sha1_hash", "payload", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:14", "1262340", "c03858657307a20f2da776ba010c76495276e80306c19b70f44342c8bcaece85", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:12", "1262338", "68dfe1e08b8cc7d19ff72334fdd09db8", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:12", "1262339", "3078779d892bd96e5dfddb76d491f52eefd39a2d", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:11", "1262337", "a5f4363625928d7fb64087212bd9d094972260739b274f44b53bbbd5be6d19b7", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:09", "1262335", "0213307d4a5c33c73fc8763498a054e5", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:09", "1262336", "34fb36f9b553c26b0753f540b6a8af1760bb74dc", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:08", "1262334", "6266398586cea7e8cc4154202bb9f5541b1a6b6b5640f0efdd2f2ef9e82c7ae6", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:06", "1262332", "6acbb1fb58dccd74db667187b22de689", "md5_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:06", "1262333", "2c6978c737ad7b1a9547ed3365fef15996d98137", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:05", "1262331", "c792057cb761da8872421a6c906c4481b260bdb5d27b86378efdd2af39319687", "sha256_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:03", "1262329", "c3783358a70c67db7ba565a68872b2d6", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:03", "1262330", "cf0df5b247b15157cfce47473d1b063705d10b44", "sha1_hash", "payload", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:02", "1262328", "2e546d749c2e13895babd1d2bca41978605c1ba3967ca0b21709646120704760", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:00", "1262326", "254d0303fffb227dde317b5e2bb664ae", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:22:00", "1262327", "e0c97fdd090069d6fb47589643fad0d8365b537a", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:58", "1262325", "78fad406a45c2723861ac043560f4fcbe8ff4df4c5e49e702833944af1220e53", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:57", "1262324", "f538ce2f5b72eaf0ecfb4a0b4a8af43436c0fb46", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:56", "1262323", "cd6222a478ab6d10ad8580a791d311c2", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:55", "1262322", "a74b536fee9f0b123007a407dc96d6f6b5ade2c67532936666dc9ed345cf279c", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:54", "1262321", "0219966f1b45dc289dade12d868b92478c18d120", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:53", "1262319", "3796fdf35ca6c4557746dc1de61e477fe9972bc44a2fb23503e302c27fab4335", "sha256_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:53", "1262320", "46d06b32a50fd0c1a1981695e6504aa5", "md5_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:51", "1262318", "562f1b0f554ab339d851e7c031059d20a1c88af6", "sha1_hash", "payload", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:50", "1262316", "dec445c2434579d456ac0ae1468a60f1bad9f5de6c72b88e52c28f88e6a4f6d0", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:50", "1262317", "2212e086551552532c3da53d857167a4", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:48", "1262314", "717ec46d474a5b5ab7d90ce92ffd3215", "md5_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:48", "1262315", "c3f095ba1a5d96e078fd8665dc807f516b81ef7e", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:47", "1262313", "074591e29714930d84379bbfa55bf142929f2d1116214ac44e4e39820f7e4dfa", "sha256_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:45", "1262311", "74e9f3ba74c619021b87520b083c6a1d", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:45", "1262312", "5d0a886a14774fb73b59533ab90b1bf8439fd402", "sha1_hash", "payload", "win.blackmatter", "None", "BlackMatter", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:44", "1262310", "47307dc63a88e7e1ba5eb0230a0ac39092bd5c284896909d5e9f274f47939483", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:43", "1262309", "72db70927e2be7ce030ecb812b9ea241b46d7ad0", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:42", "1262308", "d3ccea4baebe97ae4b7adf2c95ce4e20", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:41", "1262307", "3ec2af4b5c9bb02513b905dfa7217efdcec08dce2c3d9621bd4792d50e548cf1", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:39", "1262305", "ae88072b3a34f52af18b1f67ebb8a123", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:39", "1262306", "2c2436357a6d2fa47fb895a6ff0a64ed2c6a1af3", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:38", "1262304", "ba0ebdbc3867696b266eed6a797b9ca9d7c7b9ae88e6190dcc62c9ba88d9eb8a", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:36", "1262302", "365526e3609e29a309f253eb2de5fbdc", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:36", "1262303", "44245e20a33f771fa393ed862c134df57700f198", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:35", "1262301", "4add51cd45b7fd60dbbd612c464438ae9a0a80e0f7f40b5b6cc4a00a10b916ea", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:33", "1262300", "4f6a114223790634a249fc7ab3b92c04f17e5f60", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:32", "1262298", "3d4faa1e7f7466857b35c91bda2637ea24783903e14a94ee43508118b56ed17c", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:32", "1262299", "678d5e7b91062c3b4c1ea39343cda69a", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:30", "1262297", "d73be2edfa050ee9ac434b310af55210b64375cf", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:29", "1262296", "acfc823a15fbc0247f1974b9a7dc7cf8", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:28", "1262295", "2b8795c54cc826e2f7c62a5c15088a1d9aa9ff31373abf710caacf4d0a5f1b81", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 15:21:26", "1262294", "3289cb74a353915117e7b1649acbff7449068018", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-25 13:29:41", "1262277", "dcxwq1.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "", "None", "0", "Cryptolaemus1" "2024-04-25 13:15:06", "1262276", "91.92.252.234:3232", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/19317da5733e40de48774b836f81b6edd83a60976ef180b6e796928399cee1c3/", "asyncrat", "0", "abuse_ch" "2024-04-25 11:21:31", "1262274", "http://service-dduj2otc-1303958398.gz.tencentapigw.com.cn/api/x", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-668899,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 11:21:17", "1262273", "http://88.214.26.29:8001/__utm.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Alviva Holding Limited,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 11:21:03", "1262272", "173.211.46.172:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Datacamp Limited", "0", "drb_ra" "2024-04-25 11:21:02", "1262271", "https://173.211.46.172/visit.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Datacamp Limited", "0", "drb_ra" "2024-04-25 11:20:43", "1262270", "http://185.216.117.157/match", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1711276032,Overcasts Limited", "0", "drb_ra" "2024-04-25 11:20:35", "1262269", "80.66.75.43:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Kakharov Orinbassar Maratuly", "0", "drb_ra" "2024-04-25 11:20:20", "1262268", "https://101.201.46.144:8443/vendorReact.dc6a29.chunk.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 11:20:16", "1262267", "http://88.214.27.89:8000/preload", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Alviva Holding Limited,CobaltStrike,cs-watermark-1580103824", "0", "drb_ra" "2024-04-25 11:20:02", "1262266", "http://211.159.172.150:4444/g.pixel", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 11:19:53", "1262265", "http://8.134.80.227/ChromeUpdate/ShellEx/default.php", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 11:19:44", "1262263", "https://service-dduj2otc-1303958398.gz.tencentapigw.com.cn/api/x", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-668899,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 11:19:44", "1262264", "service-dduj2otc-1303958398.gz.tencentapigw.com.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-25 11:21:32", "100", "None", "CobaltStrike,cs-watermark-668899,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-25 11:19:30", "1262260", "https://www.stylejason.com:2096/push", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 11:19:30", "1262261", "www.stylejason.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 10:36:30", "1262219", "https://mopelas.top/ZjM0NjUxNDM5MmVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 10:36:30", "1262220", "https://kambarca.top/ZjM0NjUxNDM5MmVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 10:36:29", "1262221", "https://yedekleregldk.top/ZjM0NjUxNDM5MmVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 10:36:29", "1262222", "https://karaklpak.top/ZjM0NjUxNDM5MmVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-25 10:34:04", "1262259", "http://1.gamithou.cyou/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:52", "1262257", "https://kuramaservices.xyz/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:52", "1262258", "http://78.40.116.170:3000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:51", "1262256", "http://91.92.254.165:7070/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:50", "1262255", "https://158.220.106.37:3000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:49", "1262253", "http://51.38.70.1/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:49", "1262254", "http://89.117.151.8/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:26:48", "1262252", "https://57.129.16.213:3000/login", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "", "Botnet,c2,CnC,Nosviak,Version4", "0", "abus3reports" "2024-04-25 10:15:13", "1262251", "46.246.4.2:7045", "ip:port", "botnet_cc", "win.vjw0rm", "None", "Vjw0rm", "", "100", "None", "Vjw0rm", "0", "abuse_ch" "2024-04-25 10:13:43", "1262250", "185.172.128.6:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1158277545,EVILEMPIRE-AS", "0", "drb_ra" "2024-04-25 10:13:37", "1262248", "qax.gsldedie.sbs", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-25 10:13:37", "1262249", "170.106.169.138:2087", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-25 10:13:36", "1262247", "https://qax.gsldedie.sbs:2087/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-25 10:13:31", "1262246", "185.42.14.185:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "BITWEB-AS,CobaltStrike,cs-watermark-1158277545", "0", "drb_ra" "2024-04-25 10:13:30", "1262245", "dvbtools.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-25 10:13:42", "100", "None", "BITWEB-AS,CobaltStrike,cs-watermark-1158277545", "0", "drb_ra" "2024-04-25 10:13:29", "1262244", "https://dvbtools.com/DocumentId", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "BITWEB-AS,CobaltStrike,cs-watermark-1158277545", "0", "drb_ra" "2024-04-25 10:13:21", "1262243", "https://101.200.197.134/g.pixel", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-25 10:10:38", "1262242", "78.40.116.170:8872", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 10:10:18", "1262241", "youlovemedontyou.bounceme.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 09:47:26", "1262240", "209.14.69.249:666", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 19:51:10", "100", "", "botnet,c2,mirai", "0", "abus3reports" "2024-04-25 09:47:11", "1262239", "nocrynetworking.duckdns.org", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 09:40:12", "1262238", "45.95.169.113:4190", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-25 10:09:54", "100", "None", "NanoCore,RAT", "0", "abuse_ch" "2024-04-25 09:12:10", "1262237", "s.sushiking.world", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262231", "139.59.156.81:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262232", "159.203.9.75:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262233", "159.223.220.220:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262234", "161.35.210.154:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262235", "174.138.51.159:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:07", "1262236", "174.138.51.232:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262223", "64.23.232.47:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262224", "64.23.251.7:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262225", "64.23.251.20:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262226", "64.225.17.60:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262227", "64.226.124.214:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262228", "68.183.48.122:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262229", "138.197.90.26:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 09:04:06", "1262230", "139.59.41.182:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,Mirai", "0", "abus3reports" "2024-04-25 08:52:16", "1262215", "128.199.180.45:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 09:04:06", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 08:52:16", "1262216", "138.68.97.101:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 09:04:06", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 08:52:16", "1262217", "138.68.97.171:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 09:04:06", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 08:52:16", "1262218", "146.190.135.213:9511", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 09:04:07", "100", "", "c2,mirai", "0", "abus3reports" "2024-04-25 08:30:18", "1262214", "http://176.123.168.151/4track/TesttrafficEternal/private3/Secure7db/7private3/WordpressLocal/Windows/cpuvoiddbtraffic/2Base/ProviderExternalpipeJavascriptupdateSqldbasyncTemporary.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-25 08:15:16", "1262213", "http://a0947291.xsph.ru/1606aca9.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-25 08:05:16", "1262212", "45.95.169.113:3190", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "2024-04-25 08:23:02", "100", "None", "NanoCore,RAT", "0", "abuse_ch" "2024-04-25 07:58:24", "1262211", "http://118.31.118.253/j.ad", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 07:57:35", "1262210", "https://118.31.118.253/activity", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 07:40:15", "1262209", "http://45.77.223.48/~blog/?ajax=ee", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2024-04-25 07:28:38", "1262206", "lsagjogu8ztaueghasdjsdigh.cc", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:38", "1262207", "hitler.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:38", "1262208", "kz.hitler.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:08", "1262203", "pve.rebirthltd.com", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:08", "1262204", "rebirthltd.top", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:28:08", "1262205", "scan.rebirthltd.top", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262189", "secure-network-rebirthltd.ru", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262190", "bot.secure-network-rebirthltd.ru", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262191", "rebirthltd.dev", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262192", "scan.rebirthltd.dev", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262193", "secure-cyber-security-rebirthltd.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262194", "sex.secure-cyber-security-rebirthltd.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262195", "rebirth-network.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262196", "security.rebirth-network.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262197", "vps.rebirth-network.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262198", "adolfhitler.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262199", "kz.adolfhitler.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262200", "secure-core-rebirthltd.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262201", "security.secure-core-rebirthltd.su", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:27:38", "1262202", "fuck-niggers.xyz", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "botnetdomain,mirai", "0", "abus3reports" "2024-04-25 07:23:52", "1262188", "45.32.168.59:6363", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-25 06:49:58", "1262187", "91.92.247.254:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/91.92.247.254", "Hookbot Pegasus,LIMENET", "0", "drb_ra" "2024-04-25 06:49:29", "1262186", "45.207.36.45:2088", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/45.207.36.45", "SONDERCLOUDLIMITED-AS-AP SonderCloud Limited,Supershell", "0", "drb_ra" "2024-04-25 06:48:40", "1262185", "46.246.82.21:6000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://search.censys.io/hosts/46.246.82.21", "DcRat,PORTLANE www.portlane.com", "0", "drb_ra" "2024-04-25 06:48:27", "1262184", "41.99.107.210:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/41.99.107.210", "ALGTEL-AS,Qakbot", "0", "drb_ra" "2024-04-25 06:48:22", "1262183", "69.159.0.21:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/69.159.0.21", "BACOM,Qakbot", "0", "drb_ra" "2024-04-25 06:48:18", "1262182", "77.126.168.121:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/77.126.168.121", "PARTNER-AS,Qakbot", "0", "drb_ra" "2024-04-25 06:48:13", "1262181", "154.82.65.35:8443", "ip:port", "botnet_cc", "win.pupy", "Patpoopy", "pupy", "", "50", "https://search.censys.io/hosts/154.82.65.35", "Pupy RAT,TERAEXCH", "0", "drb_ra" "2024-04-25 06:47:59", "1262180", "64.23.159.147:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/64.23.159.147", "DIGITALOCEAN-ASN,Responder", "0", "drb_ra" "2024-04-25 06:47:56", "1262179", "209.151.148.194:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/209.151.148.194", "Responder,UPCLOUDUSA", "0", "drb_ra" "2024-04-25 06:47:46", "1262178", "51.8.90.242:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/51.8.90.242", "Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2024-04-25 06:47:41", "1262177", "3.250.35.163:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/3.250.35.163", "AMAZON-02,Havoc", "0", "drb_ra" "2024-04-25 06:47:40", "1262176", "3.250.35.163:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/3.250.35.163", "AMAZON-02,Havoc", "0", "drb_ra" "2024-04-25 06:47:36", "1262175", "86.60.160.90:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/86.60.160.90", "Havoc,SSPOY-AS", "0", "drb_ra" "2024-04-25 06:47:24", "1262174", "31.42.185.190:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/31.42.185.190", "Havoc,YURTEH-AS", "0", "drb_ra" "2024-04-25 06:47:18", "1262173", "164.92.80.224:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/164.92.80.224", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-04-25 06:47:15", "1262172", "80.87.206.160:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/80.87.206.160", "Havoc,OVH", "0", "drb_ra" "2024-04-25 06:47:12", "1262171", "50.114.37.38:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/50.114.37.38", "Havoc,RELIABLESITE", "0", "drb_ra" "2024-04-25 06:45:58", "1262170", "129.226.154.137:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/129.226.154.137", "Mythic,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-25 06:30:06", "1262169", "91.92.253.249:7707", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9/", "asyncrat", "0", "abuse_ch" "2024-04-25 06:30:05", "1262168", "91.92.253.249:6606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/dedc15a14da607a8c993e869ab600a5be154e1853c45e0493727244e627cb2a9/", "asyncrat", "0", "abuse_ch" "2024-04-25 06:25:16", "1262167", "91.92.253.249:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2024-04-25 05:40:14", "1262166", "172.160.240.225:7654", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "None", "AsyncRAT,RAT", "0", "abuse_ch" "2024-04-25 05:16:17", "1262157", "18.192.31.165:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-25 05:16:15", "1262158", "3.125.223.134:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-25 05:16:13", "1262148", "http://107.172.157.239:8000/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "", "cobaltstrike,supershell,Yakit", "0", "Abodovic" "2024-04-25 05:16:11", "1262162", "91.149.202.222:5667", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "binware,catDDoS,kane", "1", "skidreporter" "2024-04-25 05:16:09", "1262163", "159.253.120.176:5667", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "binware,catDDoS,kane", "1", "skidreporter" "2024-04-25 03:10:15", "1262165", "http://45.77.223.48/~blog/?ajax=posts.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch" "2024-04-25 02:57:00", "1262164", "https://123.57.85.206:4000/fwlink", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-25 01:00:14", "1262161", "41.249.109.159:10000", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-25 01:27:13", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-25 00:20:14", "1262160", "80.66.89.223:38183", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "100", "None", "RedLineStealer", "0", "abuse_ch" "2024-04-24 23:55:13", "1262159", "http://golovkcc.beget.tech/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-24 22:55:17", "1262156", "https://www.fiash.info:2053/api/3", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED", "0", "drb_ra" "2024-04-24 22:45:16", "1262155", "18.158.249.75:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-24 23:03:19", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 22:45:15", "1262154", "3.125.209.94:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 22:45:12", "1262153", "3.125.102.39:12143", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-24 23:03:19", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 22:13:16", "1262152", "45.148.120.189:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,PHANES-NETWORKS", "0", "drb_ra" "2024-04-24 22:13:15", "1262151", "https://45.148.120.189/ptj", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,PHANES-NETWORKS", "0", "drb_ra" "2024-04-24 22:13:11", "1262149", "https://193.32.179.234/c/msdownload/update/others/2016/12/29136388_", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,FORTIS-AS Hosting services", "0", "drb_ra" "2024-04-24 22:13:11", "1262150", "193.32.179.234:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,FORTIS-AS Hosting services", "0", "drb_ra" "2024-04-24 21:05:01", "1262139", "95.169.196.22:118", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2024-04-25 19:45:49", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:05:00", "1262140", "185.196.11.177:45", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:05:00", "1262141", "212.70.149.10:35342", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:58", "1262142", "94.156.79.77:3966", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:56", "1262143", "2.58.95.123:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:56", "1262144", "94.156.79.155:5958", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:55", "1262145", "66.187.4.175:1337", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "bashlite,C2,GafGyt,mirai,QakBot", "0", "redrabytes" "2024-04-24 21:04:54", "1262146", "3.121.139.82:12138", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-24 21:04:51", "1262110", "https://www.briccodeldente.it/wp-content/themes/white-rock-progression/l3h0y5.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:50", "1262137", "82.205.72.17:8080", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-24 21:04:49", "1262138", "aboft7e.ddns.net", "domain", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "75", "None", "njrat,RAT", "0", "SarlackLab" "2024-04-24 21:04:46", "1262109", "https://dreamerz.vn/wp-content/themes/twentytwentyone/0srbuw.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:44", "1262107", "https://www.savetheworldpodcast.com/wp-content/themes/twentytwentyone/msecgc.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:43", "1262108", "https://retrobox.rocks/wp-content/themes/twentytwentyfour/vhpg2j.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:42", "1262106", "https://djibek.com/wp-content/themes/twentytwentyone/sb9ivy.php?id=1", "url", "botnet_cc", "win.wikiloader", "WailingCrab", "WikiLoader", "", "100", "", "Wikiloader", "0", "cyberja" "2024-04-24 21:04:41", "1262105", "wavebysudryez.fr", "domain", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://twitter.com/crep1x/status/1782887599788486787", "WaveStealer", "0", "NDA0N" "2024-04-24 21:04:40", "1262103", "93.123.39.16:1312", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "75", "None", "Mirai", "0", "elfdigest" "2024-04-24 20:38:05", "1262147", "5.230.68.74:443", "ip:port", "botnet_cc", "win.icedid", "BokBot,IceID", "IcedID", "", "75", "None", "None", "0", "Rony" "2024-04-24 18:51:17", "1262135", "45.88.186.159:443", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "https://search.censys.io/hosts/45.88.186.159", "RELIABLESITE,SocGholish", "0", "drb_ra" "2024-04-24 18:51:17", "1262136", "45.88.186.159:80", "ip:port", "botnet_cc", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "50", "https://search.censys.io/hosts/45.88.186.159", "RELIABLESITE,SocGholish", "0", "drb_ra" "2024-04-24 18:50:09", "1262134", "89.208.105.144:80", "ip:port", "botnet_cc", "win.meduza", "None", "Meduza Stealer", "2024-04-26 05:12:02", "50", "https://search.censys.io/hosts/89.208.105.144", "AEZA-AS,Meduza Stealer", "0", "drb_ra" "2024-04-24 18:49:59", "1262133", "20.67.206.46:443", "ip:port", "botnet_cc", "win.pikabot", "None", "Pikabot", "", "50", "https://search.censys.io/hosts/20.67.206.46", "MICROSOFT-CORP-MSN-AS-BLOCK,Pikabot", "0", "drb_ra" "2024-04-24 18:49:42", "1262132", "47.94.88.4:8889", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/47.94.88.4", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell", "0", "drb_ra" "2024-04-24 18:49:41", "1262131", "47.94.88.4:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/47.94.88.4", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,Supershell", "0", "drb_ra" "2024-04-24 18:49:36", "1262130", "104.194.79.234:8044", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/104.194.79.234", "IT7NET,Supershell", "0", "drb_ra" "2024-04-24 18:49:15", "1262129", "8.213.212.170:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/8.213.212.170", "ALIBABA-CN-NET Alibaba US Technology Co. Ltd.,Supershell", "0", "drb_ra" "2024-04-24 18:49:06", "1262128", "43.129.31.59:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/43.129.31.59", "Supershell,TENCENT-NET-AP-CN Tencent Building Kejizhongyi Avenue", "0", "drb_ra" "2024-04-24 18:49:00", "1262127", "18.166.176.116:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/18.166.176.116", "AMAZON-02,Supershell", "0", "drb_ra" "2024-04-24 18:48:25", "1262126", "130.63.213.199:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/130.63.213.199", "Qakbot,YORKU-AS", "0", "drb_ra" "2024-04-24 18:48:11", "1262125", "35.72.161.191:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/35.72.161.191", "AMAZON-02,Responder", "0", "drb_ra" "2024-04-24 18:47:48", "1262124", "103.82.132.120:8443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/103.82.132.120", "CLOUDFLY-VN CLOUDFLY CORPORATION,Havoc", "0", "drb_ra" "2024-04-24 18:47:47", "1262123", "103.82.132.120:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/103.82.132.120", "CLOUDFLY-VN CLOUDFLY CORPORATION,Havoc", "0", "drb_ra" "2024-04-24 18:47:42", "1262122", "143.198.237.101:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/143.198.237.101", "DIGITALOCEAN-ASN,Havoc", "0", "drb_ra" "2024-04-24 18:47:20", "1262121", "195.123.226.83:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "50", "https://search.censys.io/hosts/195.123.226.83", "Havoc,ITL-BG", "0", "drb_ra" "2024-04-24 18:47:07", "1262120", "92.243.64.130:28002", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220eb3668ca29c7282383a6f007feaecb473382c5c0a09815ca110e8faeefb8b25%22", "Bianlian Go Trojan,M247", "0", "drb_ra" "2024-04-24 18:47:04", "1262119", "62.233.57.237:443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225af1418e83a7eff292165b639f1c2757511f9cedadafe808f857736e9d82fd24%22", "Bianlian Go Trojan,GREENFLOID-AS", "0", "drb_ra" "2024-04-24 18:46:21", "1262118", "213.87.44.192:443", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/213.87.44.192", "Deimos,MTSNET Moscow Russia", "0", "drb_ra" "2024-04-24 18:46:14", "1262117", "219.144.98.12:4506", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/219.144.98.12", "CHINANET-IDC-SN China Telecom Group,Deimos", "0", "drb_ra" "2024-04-24 18:46:09", "1262116", "98.98.118.81:4505", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/98.98.118.81", "Deimos,ZEN-ECN", "0", "drb_ra" "2024-04-24 18:45:43", "1262115", "217.237.87.199:3389", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://search.censys.io/hosts/217.237.87.199", "Covenant,DTAG Internet service provider operations", "0", "drb_ra" "2024-04-24 18:10:25", "1262114", "http://a0804818.xsph.ru/providerEternalprotectDbasync.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-04-24 17:51:34", "1262113", "https://43.138.73.164:56701/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-24 17:51:11", "1262112", "https://152.136.100.26:4444/ca", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-24 17:50:39", "1262111", "http://123.57.85.206/cx", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-24 17:00:04", "1262104", "dttao.net", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "domain,mirai", "0", "abus3reports" "2024-04-24 15:26:51", "1262102", "193.233.132.139:80", "ip:port", "botnet_cc", "win.amadey", "None", "Amadey", "", "100", "https://app.any.run/tasks/0b56b793-ed22-4d78-ae02-7ed46294f9cf/", "AS216319,c2,SUNHOST-AS", "0", "DonPasci" "2024-04-24 15:22:17", "1262101", "http://20.106.253.207:8899/api/3", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "drb_ra" "2024-04-24 15:22:01", "1262100", "185.62.58.73:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/185.62.58.73", "AS62370,c2,censys,HAVOC,NL,SNEL", "0", "DonPasci" "2024-04-24 15:17:21", "1262099", "82.153.64.23:9999", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/82.153.64.23", "AS197649,c2,censys,RAT,SERVERSGAME", "0", "DonPasci" "2024-04-24 15:17:09", "1262098", "edd7441051bbf509ef1052d9f2a02c8f", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:17:08", "1262097", "500b51771f03e61f1c46fc29c2a786201c123ae5f0369bd1664992bd7c434a30", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:17:06", "1262095", "88a8d150f1a63302ddc2d5114cfa5df2", "md5_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:17:06", "1262096", "7338ef9ddb0b59228b31c6b7931fae04ace344e8", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:17:05", "1262094", "37fcb2df95b2ba1bc601c6140b1d415ba362ea67834bc13d1eaebbb69a1e5f68", "sha256_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:17:03", "1262092", "2ab2f26ab78dbd53cea3b71c00d568c2", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:17:03", "1262093", "0bf2abb33b7fda9ea7a96b68f784684b975e6b92", "sha1_hash", "payload", "win.netwire", "NetWeird,NetWire,Recam", "NetWire RC", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:17:02", "1262091", "1f204b43acfdf5d1088f37b2159d98d5500bdaeec99cd3f0d6e8ceb77282351b", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:17:00", "1262089", "f8c0512008daff966ef349e7178d1239", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:17:00", "1262090", "53f0a2fdde2f1fe6e1ad44b87b8325624cdeb3fa", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:59", "1262088", "b019a47dc528a7197129adec69ea6813c28e60884c267cd297524296861a9ed6", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:57", "1262086", "60e00124f9d54b2d423f02dc81b57127", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:57", "1262087", "2a74048cf5009ab0f850e3992ffe7a453e3e18a5", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:56", "1262085", "ece58cdda5d85a7fe7d7262313b8041e3c988d814b7dd60f0468dbb7109596ba", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:54", "1262084", "a250651ba1f3eb72bcf0f24a31ff2a66b0a39959", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:53", "1262082", "fd15b9b162dcbe4f16157d4b13f69a6b2ede55fcd5ddb2a19bce8eb68a363e43", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:53", "1262083", "c8eb81dbb47b76334f0ed0a0885cd9a0", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:51", "1262081", "01cfab774e33012674789ad2606266c19f3f416c", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:50", "1262079", "c96565623c3e405a370614f452383a763f5a48baf25e79f91a6311c9a0a8fd3a", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:50", "1262080", "cd3c05ebb9a3fca7aa748f522559b1ea", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:48", "1262078", "43dc8cdf47186a54dc38cd86450aca6f6361a9b4", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:47", "1262076", "5b88fdc4c1564305f8883e5ec48cadea105d082a5a1bae6a17c57c81c01069a7", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:47", "1262077", "2d41e117f7b73d3b0b8804794b4fe9dd", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:45", "1262075", "f0bd15035e0bf67f621c7e87c65b62c007e79fda", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:44", "1262073", "651bf6dc2ce11fbbda045ac186ab58ac3d691f8d28dc811f2b1552fe74b275cc", "sha256_hash", "payload", "win.teambot", "FINTEAM", "TeamBot", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:44", "1262074", "c3804647168d439928c2ca4019d87609", "md5_hash", "payload", "win.teambot", "FINTEAM", "TeamBot", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:42", "1262072", "ceb7a332a4ed40878a2c381fcf76fcd06528df65", "sha1_hash", "payload", "win.teambot", "FINTEAM", "TeamBot", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:41", "1262070", "dc09ed4ade0b108f9774523d064a9a074f46248f1fd42651ba6fb17820e6a417", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:41", "1262071", "c07b805fafcddbc57b6e0b65576661b8", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:39", "1262069", "685de0689697e3c3a1619167201234482a3be5b1", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:38", "1262067", "d7531e4728438f15714cd44a6ed353d5117b4a3b6db1ece8b945ca8eb0b1408d", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:38", "1262068", "be60ea5cc4efb226b78a6a257ff112fd", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:36", "1262066", "1bc68e94bf651242cd3ca51c34f9113992d4f9a7", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:35", "1262065", "8b3133696ef1e7609974f8084f6ca977ab74db7c688fa7b8df83b2e9231f1764", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:33", "1262063", "19bfc45905c5ffc65bc1eb28653c8d5a", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:33", "1262064", "9415e8affeae395c04046a9189414b4787291f14", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:32", "1262062", "ae9f157e9ac6956863d36c82f45f27fa14fa6f78ad98ba73218593b5d32f44c6", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:31", "1262061", "0ffd6ef93cd63cfbf559713b26c3b40f3b205ad4", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:30", "1262060", "189590b2755ed6f134d8fe2c05124926", "md5_hash", "payload", "win.sigloader", "None", "SigLoader", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:29", "1262059", "8987f3cd89bd9f739ef4ee2495ccd81be89cf7d5f52b445c94920cfae3b0fc27", "sha256_hash", "payload", "win.sigloader", "None", "SigLoader", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:28", "1262058", "e492eb975348e50a32c792d26441cc00912987e7", "sha1_hash", "payload", "win.sigloader", "None", "SigLoader", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:27", "1262057", "39c348d66f448c5dfd2ce92756a2af10", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:26", "1262056", "3a9444944c737900563b16dab76e19bcd2c52f1d3b35e258d581b523586ae828", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:25", "1262055", "0e236d48df2f56db7c292c402c48e098c5526639", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:24", "1262054", "81a9abf49104df646db709f0365f8eeb", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:23", "1262053", "a11d36f9f4b69fd1e6c13584455e6270fd906530ad6e034d67927c16cbc76586", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:21", "1262052", "fc69c4c2b1b74b7a9773f1824eb0cce589bdd673", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:20", "1262050", "a6db9168b669e03a0ba63baabd96c00882a9cb6de95e0945993fd720b8cfd391", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:20", "1262051", "7beac55899bd1f7e14a469fc9b0a8275", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:15", "1262047", "5f8e6d5fd79a5a648e42597881ddf5e418be34a81b678b9742fad39d6b74c298", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:15", "1262048", "ff53d6a04ea8618890f7a81e31bd8a22", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:15", "1262049", "34dafd006220d7171e1a309d95a03fea3108a2a4", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:13", "1262046", "d804959bcb8a2ea43278a1f78aac8abede4fa62f", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:12", "1262044", "04d2e21d12836aeb42dea69f39783165668427397987d8ce55c94765effb844b", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:12", "1262045", "47cc3bb8bb0427d4ce5da71c2cf3702f", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:10", "1262043", "cb11ece89c4bb3cb337a32107af9504ed7deb89a", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:09", "1262041", "0766dcf703dbf0243d873fff3b325054eee96ce58a9753ac8aa9891c311b4434", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:09", "1262042", "52e4f8ee79c595a890bc451dfbbbb9f4", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:07", "1262040", "12b24cc207161c893d5c87fc12453c083275d11f", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:06", "1262038", "994b994e9983a7f21d0a106090efe4485b39a23dd4d4f086bba3925208c80d01", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:06", "1262039", "f6234e6192e307fdd2efdd201b56356f", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:03", "1262036", "e7d52516ca8bcf4e8bcaf71a36a88300", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:03", "1262037", "2a353dde9fc1a566d2832dcc1ded619caf3ff950", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:02", "1262035", "8df5ecbc8ea978c98c9c3a0918fe9ee233f169ee9e3d38855b7da8fc96aad8dc", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:16:00", "1262034", "d5a7eaad95ab6d4e492b128db0cf550c34170c90", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:59", "1262032", "7fee503438f90d0206012674566587b5ecef1d040935809ae308b12842dc6196", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:59", "1262033", "189b8ac3c0f8d840f30f4897b2d89773", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:57", "1262031", "e6e6c3bd752cde7cf0677575d9268fc2a2070331", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:56", "1262030", "1d584d84d4965e7a0da615b32ab85f2e", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:55", "1262029", "061087cd835abcfc3411f0ec4b15ccf80516276a356b2eedc4cb444d0dac0187", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:53", "1262027", "4cf8283349d416ede72e0d3775d23972", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:53", "1262028", "bbb9c2211444450bb34a27f1a98d778e3c96b9bb", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:52", "1262026", "15113629d65d474d78089e91ee269220b68fdcff8c4df46ea1da0af21cd559e3", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:50", "1262025", "1a9cf0bbae717aebabea0b6933ce67604ce91733", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:49", "1262023", "e1cecfcc4eed2f4b74af7d971dcf24555534db164ddb0b7cd1e821b2f0402703", "sha256_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:49", "1262024", "da7c2473b5c455f25f420827af596286", "md5_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:46", "1262021", "ae811bd6440b425e6777f0ca001a9743", "md5_hash", "payload", "win.lockbit", "ABCD Ransomware", "LockBit", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:46", "1262022", "101b5f991a26fc9213c4445bd9bfdb87a6a6c5cb", "sha1_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:45", "1262020", "86e17aa882c690ede284f3e445439dfe589d8f36e31cbc09d102305499d5c498", "sha256_hash", "payload", "win.lockbit", "ABCD Ransomware", "LockBit", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:43", "1262019", "70902540ead269971e149eaff568fb17d04156af", "sha1_hash", "payload", "win.lockbit", "ABCD Ransomware", "LockBit", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:42", "1262017", "48ca70c01e870434304ccd508ef88d824b8d3c9588c990402dae450a5e56f73c", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:42", "1262018", "180165361384e56db00389733f0c54f5", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:39", "1262015", "efd7d885536ef4fd62cbc513bbe04d6e", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:39", "1262016", "1d48e601e3ba392fafde82b4a7fc0a39fba0a382", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:38", "1262014", "6c0bd6cae657449a07dcb78940ea732d7e4e24546477b083116bff4c99bd417d", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:36", "1262013", "7e3a86188066eaa404a60c9686624fda1b12ae51", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:35", "1262012", "097b18a8698466754be20ba312481236", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:34", "1262011", "97f689bdc4e9fd3ad22d44f57b2d80f26813b67bddcd816fe4de63a7721be893", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:32", "1262010", "a978a16fa32c80934417ebb4912a5c69b44b4236", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:31", "1262008", "e3e2106835618398ef240b9e3e84026a0019bafda4464f3150756d42c5374f9d", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:31", "1262009", "111af05dd1407b81db746b75b32e8b92", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:28", "1262005", "29f5c71635b9edb6929e77b5f5462136", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:28", "1262006", "46.246.84.12:1994", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "2024-04-24 17:20:32", "100", "None", "NjRAT", "0", "abuse_ch" "2024-04-24 15:15:28", "1262007", "5fd001e0d0d86e5ee6d19e388bef20d31865f45d", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:27", "1262004", "89d7f5ebd276fd6f53eacfef8377c6756a4da4c964da2bb51e059d5f04001b2c", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:24", "1262002", "4534f7a174eae348bbab2b8f825c6789", "md5_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:24", "1262003", "6daa3b1f5cc828e4ab95d2ebb48e11d9e7791cf0", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:23", "1262001", "11cdeed6025daa716961f06ea3b1820270c21a0e5c633c91dc8b547b753c8681", "sha256_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:20", "1261999", "2019322ea56c5b80294770f6018bddc1", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:20", "1262000", "f26853dc188650e619d152e9e6cc4c670a2000c8", "sha1_hash", "payload", "win.metastealer", "None", "MetaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:19", "1261998", "0823c2f58d094e1c096ae9184acf0b930df6dff97d0cd77728dc3ff07f9c0096", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:16", "1261997", "19285ecd68a4d9b957f87502c555dad437cfeb8f", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:15", "1261995", "8afec5473dd48de87edaf7e4fbd34005441fd5214fe562f92f2113796603eb0b", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:15", "1261996", "2cec9bd88860b1b00ab4a75fce864a53", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:09", "1261993", "b35348f4654893767a081b076f7becdf", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:09", "1261994", "983956af45d0f1f97524af9e8c382c3a8afd08be", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:08", "1261992", "8e53393db26258fb917fd570861070420d31148c2826dcdbed52ce326c2d5ff6", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:02", "1261991", "05b4ff88303a5e72ff43d5554c4628cec9e71bf8", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:01", "1261989", "19640f20d067c8ca1ba3e08d34ea493c05b99016c6608dbcbfdf848ca4d60452", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:15:01", "1261990", "192be7ac2833574aafeeea8e0cd52380", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:58", "1261987", "32ff58faa9596522b0062f2692b0d96a", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:58", "1261988", "264298e6ebda222d48c0185c1ad168c51c0dc133", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:57", "1261986", "64da1a2af5fbbd35867312aa68bfedd2dc695cf8bdac16e6974237226ebb8cc0", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:55", "1261985", "6b8206d5554c052e652b67af57b32ede5ceb5bd6", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:54", "1261983", "ec7dd08d03d5d4142c82fc04cea7e948d05641b0a3008a0d8a00b0421b5b04f9", "sha256_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:54", "1261984", "f33c75710d0e0463a2528e619c2ee382", "md5_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:51", "1261981", "03d4cbe07cb7f2229a20cd1400815089", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:51", "1261982", "4d2dd071fe274e6a8696448c21eeeecc0cf07e6d", "sha1_hash", "payload", "win.phorpiex", "Trik,phorphiex", "Phorpiex", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:50", "1261980", "7f92d23e392f6c18a682adfe0b7df82d2972983be07d6844554b1025aa39a503", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:48", "1261978", "384c4da2b75f4c7a1fa5585bc07634e6", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:48", "1261979", "8d10fcea9cc88859920c8b8cfd5000828a47bc78", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:47", "1261977", "8980e6e2628b4103f4e3e0b01365a5e9a7df6e38c067c93633371c94b3d5dd34", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:45", "1261976", "27d368536af080b92d543f9c24af8596cc0edd6d", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:44", "1261974", "7151fdf1eb6797e332cdd21c6084e1b338f84fb6652284599370cf609776a676", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:44", "1261975", "ab696103426e266ed3729c899e11e778", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:42", "1261973", "12aa01403e8f348853598d6da5b304da02cc3d57", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:41", "1261972", "4b2fb93459b4e03686148d0a1d3c1f00", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:40", "1261971", "200690de2b973c6f7a702d5129dea09aec57d548cab07e19f012e5a8e0c6ae64", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:38", "1261969", "7bc30d8e9682aa4832cc11276c802d43", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:38", "1261970", "b16c9e43f7389ba51e1423f676cc61d9ec9d4354", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:37", "1261968", "0f646539e424b78145f10890170c52f952ef950c3530b3b36979ea805d1c3b22", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:35", "1261967", "344101f20049c6c9ebc082a8db3d398006a1a8bb", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:34", "1261965", "945a7283148a1fb1d96ccdd8eb5d69245ed7ddc37c34a709c198e5ad1689f914", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:34", "1261966", "ff4682352ae4961a8ae854c220d9179f", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:30", "1261963", "9d2813c3fe48db6f7cd2450a14ff0f65", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:30", "1261964", "1919b4191ea8da48363e8a72dc407c179fc1e9cd", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:29", "1261962", "f5f93fd662d6d3d55c5c47ead5a931ed8eb8a066d9bd29113903506e7cf56fdb", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:27", "1261961", "f039e86a0b12ce00afbc29d6683325dd4e354c55", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:26", "1261959", "42ac8e7e9df9877af1382f5626fd74e63210d307f6d577cd5b387ffd0c9520bd", "sha256_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:26", "1261960", "2cc30d206669699e58870623365fef82", "md5_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:24", "1261958", "de5e70f094d0b72660aa57b87667edd9d52971fc", "sha1_hash", "payload", "win.dbatloader", "ModiLoader,NatsoLoader", "DBatLoader", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:23", "1261956", "df8c1264b7ae61e5fca5741a1ca4e2800e96f8dc316e2d13d7088ad58aa3229a", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:23", "1261957", "a07998253a3ca569c961450b7c17b34c", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:21", "1261955", "af8dbe956f6177e72352b511133ca8ebc8c416cf", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:20", "1261953", "000bdfb41a0f35b6c7a0db812e0f6a4eae13277789a58f76f978680912d83b80", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:20", "1261954", "78bc09feeb450d1ccc94d154797527e8", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:17", "1261951", "2952ba58fb0bf15850c0478fcd75e236", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:17", "1261952", "9354354cb11661e17a5200ff4dc52858de0a6eda", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:16", "1261950", "d59649332816fca2c74de3d04445fcc521e6d3c26d7b9b753c6a3ad98146d1b6", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:14", "1261949", "3e07dc899850a7d69cbfbf8c04f72ccaa2408939", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:13", "1261947", "444cf71032e7c7be2a79255af4fb38bab0333fb0a060ecc3fe91473d26ebce83", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:13", "1261948", "f4c37292b365c19e6d2feeb6a17c4049", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:11", "1261946", "a7c201719a6c4e58f57baa2a88b110d72f3daefe", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:10", "1261945", "7206084219e20fe7575aec63a3422a5c", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:09", "1261944", "3fb935f3b274dddf25a926967ceb573ad0f990bff966583157849545c60c42e4", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:07", "1261942", "0f0ee25a8b1b5211183bc818ecdf422f", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:07", "1261943", "930508090c6ec226838189c1d6ca32035c2ac0ed", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:06", "1261941", "a9fa586fb62d05caf2175e13fc20c8cb245d4902961bb833c8792befd5e7b0c6", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:04", "1261940", "edf0d85083e1cc9e0053833005d9e3a630955377", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:03", "1261938", "5058d869c59bfb3480d1dc6f8f51d191adb890039c89ff9fd668fe7b481099b8", "sha256_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:03", "1261939", "2a5f4c6d957f37ecea115fffe6d28467", "md5_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:00", "1261936", "683f7f10d3bed4b98eb7c49d08e1529a", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:14:00", "1261937", "9fe8436f8e1f6198b883404f0b59256b4f08bbed", "sha1_hash", "payload", "win.mimikatz", "None", "MimiKatz", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:59", "1261935", "91d1e460f32ef1914084e1cae335c4de321d1b69af18632eb80a55b924fca91d", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:56", "1261933", "11ae7e8293ed1c199cde872ee52d910d", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:56", "1261934", "b0f755e1e567260255f1a2bb62989081357a19e3", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:55", "1261932", "0d28a4525dba00368e0a1a146b0c1e75656215338358a7dbd65ee5ca2508cacf", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:53", "1261930", "ca28053841e7d7e6b42f7b7dd38b0f50", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:53", "1261931", "e8acbfe5d1015b5554237749e5d270bc2efbf0ab", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:52", "1261929", "4ae2e13993a8ef1fbaf538b4da18eca6e0b5ada918cbeb256c8490f6fc3b34fc", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:50", "1261928", "c9569814c98db8abb4aab100ab2eea649eeb9af8", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:49", "1261926", "ee6abaf8f2f79738e67078b4286db1f91df895cef76b5657e847fad9364a5cd6", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:49", "1261927", "4f0a9344a3dce3bc312bc87e3b07fdaf", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:47", "1261925", "65d90c5732d3268448eb6e49a0fb7cd7b5252e5d", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:46", "1261923", "bc07d7fdfb816ef511fe03f6c877150430e3f4c0d1929efd1c71cf81083f1e43", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:46", "1261924", "82ea61b19be235b48122b59e90378c8c", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:44", "1261922", "885331cd15e994a5e57d9ae15142e9075745ed15", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:43", "1261920", "a0a0fb07e86f86daca2883b96c5e33752eb4cbd08778bce91c40285efbc4e92f", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:43", "1261921", "a7719f9298c67b4e4ce91b0004d33b8b", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:41", "1261919", "45e89904dfaef5c5abf9f773ff12a24d3b50aca7", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:40", "1261917", "efa6ac55f8dbc8d81f1d82226090b0e7c84fac9a53bf597cbaa6623aff49310d", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:40", "1261918", "bf86a2ca1461479a33c704c80cef8a6b", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:38", "1261916", "d1e328e1870c5c8b4cf9bf3af2188150c155a637", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:37", "1261914", "c305dc9e2de49fecff28d19facee4e30fc568cbd04594f328c60301b1744387d", "sha256_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:37", "1261915", "92c93c0f3d586d4f26865f78c91c7200", "md5_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:35", "1261913", "acfaf4714bd8dc1f784275a8a513a1e4c1a2de12", "sha1_hash", "payload", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:34", "1261911", "d7603ee9b4ae922bee366a81374ad3234851c93f78a22023cc612dc0e148b816", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:34", "1261912", "e0f2b2303fd1c9e71cee34f2df8f8011", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:32", "1261910", "be89a535c4d9c5d417556cab1537b82050cf6078", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:30", "1261909", "79fc20c78e45d10f5f6d3f12c736b8d5", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:28", "1261908", "5e0a9b8f7175b983c012fa530bb29693cd8aadf2b2feb0f56d1c089fac20edb4", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:27", "1261907", "4a6b50e0cc1aa3c98bcb786311421ebf6815dcd0", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:26", "1261906", "f3ad3e0f90adfd9a28dbeab4bc6196ef", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:25", "1261905", "62623bddab0911eca4cd33135383761dbcf6f22a480eda9761becf638f1c4546", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:23", "1261903", "dcf8679430bc69cfc5eb65f4dabf4f09", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:23", "1261904", "5b699f023304e78d905345b254ebc608a4726721", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:21", "1261902", "53e9bec7369824cc6c1c0823afd428d6c8b3156870527b72916c1cb898e3f43d", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:19", "1261900", "e13d9ab9096dcc3bd309272dea987462", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:19", "1261901", "9710f630423d29c6f3b5896eb47de41a57086275", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:18", "1261899", "5a7b8feb65ff7cfc058c5e7198d5287ed8287ef23f721949bfba41d1cd19467c", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:17", "1261898", "906ae29df0f1e4ac3ed5302b3d5d97decd4f1198", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:16", "1261897", "03cea6f6022a3a08d1ea003091a3e502", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:15", "1261896", "2f48e39c1fa623b569c7580066026dc25e629fcd4a9cdb8a58d22e45c9eb99c2", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:14", "1261895", "643e34573258d1511921c8d97a5b3c26d6c70b62", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:13", "1261894", "091a4086a4393d7450f36fb66fb92d31", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:12", "1261893", "0f4185aed646dcc354f61968b69d25e06fdb3fe3e6bab9b52e2ecce1395f667f", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:11", "1261892", "b75d2ed9f8bdec6d84ce427185ad6d8037eac12e", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:10", "1261891", "a6455a248e43686bfda50622f2bd82d2", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:09", "1261890", "a2b803974fcfb65e21fa1a7690eb2a4822f091a8bdf45786e2085c833871d5a0", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:08", "1261889", "de8544085d7969af9c9eda6cc418f26f9b144786", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:07", "1261888", "0e714431357dd37266fe95d5b2b52f8e", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-25 15:24:39", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:06", "1261887", "36dd06fa770b353aa0716188d181d371300a847b6867878f4cf15c5b6b40d751", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-25 15:24:39", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:04", "1261885", "0244c540d99d3c8507bdc73d5b4646a3", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:36", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:04", "1261886", "c003a2816c6da9857829984bbd8051d60eba5cd1", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-25 15:24:37", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:03", "1261884", "ce8c0c6f213445d5bc40441e171cb112c92bd4192783c06cdd17ba4d851565f8", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:36", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:01", "1261883", "acb63423f9883dc72c3beab21d711d1c5a0eceed", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:33", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:00", "1261881", "f6a6765642f0f8c4b81f45d4e1a9f65505432bbf4c249fa3c96b82d9c712effe", "sha256_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "2024-04-25 15:24:32", "95", "None", "None", "0", "Grim" "2024-04-24 15:13:00", "1261882", "e9ff14a975f084f01373d468c0b91a16", "md5_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "2024-04-25 15:24:33", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:58", "1261880", "302d4b9f88ae7b085b56661774d6805156039924", "sha1_hash", "payload", "win.stop", "KeyPass,Djvu", "STOP", "2024-04-25 15:24:30", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:57", "1261878", "5afafb07f36ae38b071a7f1be9e675f29f15472a2c9cd4963bfa6f01ba728932", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:29", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:57", "1261879", "ce39f5a2f4240d596a4131c1875ef2b7", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:30", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:55", "1261877", "f7f13daecac2ca68f92e910d9a661556cdf58859", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:27", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:54", "1261875", "c2886ea3aee978297806940b8e8c4c9e8be23bb9ff8f039be91c040bdc5f3a62", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:22", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:54", "1261876", "6f5adb2e7998f571b25a6f332207d0de", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:23", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:52", "1261874", "be9eb5b2d4cdcb867568f646a72f6f5e28930199", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:20", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:51", "1261872", "09570f445a9a80479957a36ea2e038800d5a01acf338793274f936c108f21f24", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:19", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:51", "1261873", "19dbb47666f2eb1bb2889c42fc2fd3db", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:19", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:49", "1261871", "0eeeef0203c5e51e07f521ff4d8d29a422319316", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:17", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:48", "1261870", "4ac88ef7fe497d568f8c0256627f4f28", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-25 15:24:16", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:47", "1261869", "034a3732828ad09b79a12c66bf7eee3058427808bdae8b19291fffc828ee1fbf", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-25 15:24:16", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:46", "1261868", "ed66aadb1b165388e5a132f43874f385db546379", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "2024-04-25 15:24:13", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:45", "1261866", "b7abfce92efecdb6b034b4474668dc7cc08aaf7a8b6490fd3eb0fb5506024577", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:12", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:45", "1261867", "caadab8341e6460bf472806fb5f4396d", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:13", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:43", "1261865", "ed3ad1338f98090aba0ef3e9a2f6ea979f1c6565", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-25 15:24:09", "95", "None", "None", "0", "Grim" "2024-04-24 15:12:37", "1261864", "139.162.178.159:2003", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/139.162.178.159", "AKAMAI-LINODE-AP,AS63949,c2,censys,RAT", "0", "DonPasci" "2024-04-24 15:11:00", "1261863", "78.40.117.167:4444", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/78.40.117.167", "ALEXHOST,AS200019,c2,censys,RAT", "0", "DonPasci" "2024-04-24 15:10:05", "1261862", "139.99.133.66:6666", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "75", "https://bazaar.abuse.ch/sample/2f7971748b7db79bdd724861d1b463b0489b790b9e60e733dea409f73abf9539/", "asyncrat", "0", "abuse_ch" "2024-04-24 15:10:04", "1261861", "139.99.133.66:4444", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "75", "https://bazaar.abuse.ch/sample/2f7971748b7db79bdd724861d1b463b0489b790b9e60e733dea409f73abf9539/", "remcos", "0", "abuse_ch" "2024-04-24 15:04:19", "1261860", "146.70.198.22:60129", "ip:port", "botnet_cc", "win.nanocore", "Nancrat,NanoCore", "Nanocore RAT", "", "100", "None", "nanocore,RAT", "0", "SarlackLab" "2024-04-24 15:02:22", "1261859", "187.135.122.191:2022", "ip:port", "botnet_cc", "win.darkcomet", "Breut,Fynloski,klovbot", "DarkComet", "", "100", "https://search.censys.io/hosts/187.135.122.191", "AS8151,c2,censys,DarkComet,UNINET", "0", "DonPasci" "2024-04-24 14:52:33", "1261787", "https://hearthingdirecwi.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "https://tria.ge/240424-nr6xgahd49/behavioral1", "lumma,stealer", "0", "g0njxa" "2024-04-24 14:52:33", "1261856", "https://116.211.228.233:60000/", "url", "botnet_cc", "apk.viper_rat", "None", "Viper RAT", "", "100", "https://urlscan.io/result/95ff05bd-ba45-4047-b63b-a6b80efb585b/#summary", "c2,RAT", "0", "k1r1on" "2024-04-24 14:51:52", "1261858", "http://18.162.61.95/en_US/all.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/18.162.61.95", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-24 14:51:03", "1261857", "18.162.61.95:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/18.162.61.95", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-24 14:48:37", "1261855", "http://3.139.18.182/dpixel", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.139.18.182", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-1236301411", "0", "DonPasci" "2024-04-24 14:47:42", "1261854", "3.139.18.182:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/3.139.18.182", "AMAZON-02,AS16509,c2,censys,CobaltStrike,cs-watermark-1236301411", "0", "DonPasci" "2024-04-24 14:42:51", "1261853", "202.146.220.4:50050", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/202.146.220.4", "AS64050,BCPL-SG,c2,censys,CobaltStrike", "0", "DonPasci" "2024-04-24 14:37:51", "1261852", "123.249.36.186:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.249.36.186", "AS55990,c2,censys,CobaltStrike,cs-watermark-391144938,HWCSNET", "0", "DonPasci" "2024-04-24 14:35:56", "1261851", "http://116.205.188.138/__utm.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/116.205.188.138", "AS55990,c2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2024-04-24 14:35:02", "1261850", "116.205.188.138:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/116.205.188.138", "AS55990,c2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2024-04-24 14:31:39", "1261849", "https://8.130.70.205/ca", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.130.70.205/", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-24 14:30:50", "1261848", "8.130.70.205:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/8.130.70.205", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-24 14:27:51", "1261847", "101.34.87.236:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.34.87.236", "AS45090,c2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2024-04-24 13:08:28", "1261846", "http://45.116.79.9/cm", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Cloudie Limited,CobaltStrike,cs-watermark-6", "0", "drb_ra" "2024-04-24 13:08:20", "1261845", "165.227.108.186:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-970865301,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:08:19", "1261844", "https://167.71.242.213/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-970865301,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:08:18", "1261843", "https://165.227.108.186/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-970865301,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:08:17", "1261842", "https://45.55.199.36/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-970865301,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:07:44", "1261840", "https://47.92.131.203/query/info", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-24 13:07:44", "1261841", "47.92.131.203:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-24 13:07:37", "1261839", "http://1.94.13.86:9090/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,Huawei Cloud Service data center", "0", "drb_ra" "2024-04-24 13:07:10", "1261838", "http://123.57.85.206:8181/push", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-24 13:07:05", "1261837", "http://107.150.47.82/visit.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,Nocix LLC", "0", "drb_ra" "2024-04-24 13:06:51", "1261836", "http://154.3.1.252:8000/en_US/all.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,IPTELECOM Global", "0", "drb_ra" "2024-04-24 13:06:47", "1261835", "http://172.247.44.182/updates.rss", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CNSERVERS LLC,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-24 13:06:42", "1261834", "173.211.46.172:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Datacamp Limited", "0", "drb_ra" "2024-04-24 13:06:41", "1261833", "http://173.211.46.172/MREw", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Datacamp Limited", "0", "drb_ra" "2024-04-24 13:06:30", "1261832", "61.240.29.215:7777", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CHINA UNICOM China169 Backbone,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 13:06:29", "1261831", "http://61.240.29.221:7777/push", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CHINA UNICOM China169 Backbone,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 13:06:25", "1261830", "http://91.92.242.190:82/ca", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Limenet", "0", "drb_ra" "2024-04-24 13:06:03", "1261829", "http://35.221.150.166/ga.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Google LLC", "0", "drb_ra" "2024-04-24 13:05:56", "1261828", "https://65.20.107.130:8443/open/js/jweixin-1.4.0.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,The Constant Company LLC", "0", "drb_ra" "2024-04-24 13:05:24", "1261827", "http://129.204.169.101/push", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-24 13:05:16", "1261826", "service-6qlmfr7s-1312562872.gz.tencentapigw.com.cn", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,HostPapa", "0", "drb_ra" "2024-04-24 13:05:15", "1261825", "http://service-6qlmfr7s-1312562872.gz.tencentapigw.com.cn/api/x", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,HostPapa", "0", "drb_ra" "2024-04-24 13:04:52", "1261824", "http://8.130.30.60/cx", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-24 13:04:38", "1261823", "http://18.166.113.176:7777/milu_image/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Amazon.com Inc.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-24 13:04:22", "1261822", "https://berita-timur.kumbaraan.biz.id/logo.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:04:08", "1261821", "https://49.232.157.82/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-24 13:04:03", "1261820", "http://157.245.12.65:4444/fwlink", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:03:55", "1261819", "156.224.20.92:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Aodao Inc,CobaltStrike,cs-watermark-100000", "0", "drb_ra" "2024-04-24 13:03:54", "1261818", "http://156.224.20.92/en_US/all.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Aodao Inc,CobaltStrike,cs-watermark-100000", "0", "drb_ra" "2024-04-24 13:03:50", "1261817", "http://107.174.254.9:8888/cm", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666,HostPapa", "0", "drb_ra" "2024-04-24 13:03:42", "1261816", "www.alipan.lol", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:03:41", "1261815", "https://www.alipan.lol:8443/api/3", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:03:27", "1261814", "https://107.172.159.139:8443/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,HostPapa", "0", "drb_ra" "2024-04-24 13:03:21", "1261813", "http://20.2.202.15:81/cx", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Microsoft Corporation", "0", "drb_ra" "2024-04-24 13:03:15", "1261812", "https://192.227.155.201:4443/fwlink", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,HostPapa", "0", "drb_ra" "2024-04-24 13:03:09", "1261810", "https://bliblyuvblfds.work.gd:8443/_/scs/mail-static/_/js/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,IT7 Networks Inc", "0", "drb_ra" "2024-04-24 13:03:09", "1261811", "bliblyuvblfds.work.gd", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1234567890,IT7 Networks Inc", "0", "drb_ra" "2024-04-24 13:02:55", "1261809", "https://keolisgroup.azureedge.net/onedrive", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-323058833,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:02:43", "1261808", "http://8.212.71.0:8008/updates.rss", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Alibaba (US) Technology Co. Ltd.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-24 13:02:39", "1261807", "http://60.204.222.75/j.ad", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Huawei Cloud Service data center", "0", "drb_ra" "2024-04-24 13:02:34", "1261806", "http://47.92.131.203/user/profile", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-24 13:02:25", "1261805", "https://139.155.134.117:8443/jquery-3.3.2.N2cQ4mXdZ4nIo9XIhttp.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-24 13:02:17", "1261804", "service-j78tszan-1319584009.sh.apigw.tencentcs.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-24 13:02:16", "1261803", "https://service-j78tszan-1319584009.sh.apigw.tencentcs.com/product", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Hangzhou Alibaba Advertising Co.Ltd.", "0", "drb_ra" "2024-04-24 13:02:00", "1261802", "http://175.178.50.68/g.pixel", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-24 13:01:49", "1261801", "https://129.204.169.101/pixel.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-305419896,Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-24 13:01:41", "1261799", "http://23.102.7.180/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1622004588,Microsoft Corporation", "0", "drb_ra" "2024-04-24 13:01:41", "1261800", "23.102.7.180:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-1622004588,Microsoft Corporation", "0", "drb_ra" "2024-04-24 13:01:36", "1261798", "berita-timur.kumbaraan.biz.id", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-24 13:04:22", "100", "None", "CobaltStrike,cs-watermark-987654321,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:01:35", "1261797", "http://berita-timur.kumbaraan.biz.id/image", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,DigitalOcean LLC", "0", "drb_ra" "2024-04-24 13:01:17", "1261796", "http://192.227.152.217/MicrosoftUpdate/ShellEx/KB242742/default.aspx", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321,HostPapa", "0", "drb_ra" "2024-04-24 13:01:09", "1261794", "https://www.614110.xyz/milu_image/", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Amazon.com Inc.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-24 13:01:09", "1261795", "18.166.113.176:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "Amazon.com Inc.,CobaltStrike,cs-watermark-987654321", "0", "drb_ra" "2024-04-24 13:00:48", "1261793", "154.213.17.138:90", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Hong Kong FireLine Network LTD", "0", "drb_ra" "2024-04-24 13:00:47", "1261792", "http://154.213.17.132:90/dot.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,Hong Kong FireLine Network LTD", "0", "drb_ra" "2024-04-24 12:33:10", "1261791", "www.fiash.info", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2024-04-24 22:55:17", "100", "None", "CobaltStrike,cs-watermark-391144938,UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED", "0", "drb_ra" "2024-04-24 12:33:09", "1261790", "http://www.fiash.info:2052/api/3", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED", "0", "drb_ra" "2024-04-24 12:32:54", "1261789", "http://101.36.111.175:123/api/3", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED", "0", "drb_ra" "2024-04-24 11:50:19", "1261788", "192.144.128.196:1994", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "None", "QuasarRAT,RAT", "0", "abuse_ch" "2024-04-24 10:18:57", "1261786", "http://39.100.109.229:8888/mall_100_100.html", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 10:18:50", "1261785", "https://150.158.141.97/updates.rss", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-100000,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-24 10:18:44", "1261784", "http://107.174.235.118:55501/Complete/pr/H6TCQRWR", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "AS-COLOCROSSING,CobaltStrike,cs-watermark-666666666", "0", "drb_ra" "2024-04-24 10:18:40", "1261783", "120.46.91.175:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,HWCSNET Huawei Cloud Service data center", "0", "drb_ra" "2024-04-24 10:18:39", "1261782", "http://120.46.91.175/updates.rss", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938,HWCSNET Huawei Cloud Service data center", "0", "drb_ra" "2024-04-24 10:18:35", "1261781", "39.100.79.87:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 10:18:34", "1261780", "https://39.100.79.87/ga.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 10:18:24", "1261779", "39.100.109.229:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 10:18:23", "1261777", "https://www.huawei.com/mall_100_100.html", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.Ltd.,CobaltStrike,cs-watermark-391144938", "0", "drb_ra" "2024-04-24 09:18:12", "1261768", "https://karakalanda346.shop/Y2JhNzZhZWRjMzlm/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-24 09:18:11", "1261769", "https://karakafsafndan5.shop/Y2JhNzZhZWRjMzlm/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-24 09:18:10", "1261770", "https://karakalanfgdfg.shop/Y2JhNzZhZWRjMzlm/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-24 09:18:10", "1261771", "https://karakalaasdgtg.shop/Y2JhNzZhZWRjMzlm/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "80", "None", "apk,Coper", "0", "myonium1" "2024-04-24 09:10:17", "1261776", "103.113.70.99:2630", "ip:port", "botnet_cc", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "2024-04-24 10:05:27", "100", "None", "RedLineStealer", "0", "abuse_ch" "2024-04-24 09:09:11", "1261775", "botnet.goelites.cc", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://bazaar.abuse.ch/sample/ad914622f916beefa859533229a609e4cd16aeea0907959d717aa7405eec92b3/", "MooBot", "0", "abuse_ch" "2024-04-24 09:02:11", "1261774", "45.88.90.30:43957", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "75", "https://bazaar.abuse.ch/sample/21f1caac3024e9d7424612573dd8523ad3f877c95674e1562f2171a2b5ce21c1/", "MooBot", "0", "abuse_ch" "2024-04-24 09:00:59", "1261772", "putin.zelenskyj.ru", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://bazaar.abuse.ch/sample/21f1caac3024e9d7424612573dd8523ad3f877c95674e1562f2171a2b5ce21c1/", "MooBot", "0", "abuse_ch" "2024-04-24 09:00:59", "1261773", "zelenskyj.ru", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "https://bazaar.abuse.ch/sample/21f1caac3024e9d7424612573dd8523ad3f877c95674e1562f2171a2b5ce21c1/", "MooBot", "0", "abuse_ch" "2024-04-24 08:02:39", "1261767", "http://115.159.62.32/dpixel", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-426352781,TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited", "0", "drb_ra" "2024-04-24 08:01:21", "1261766", "107.148.1.41:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666,PEG TECH INC", "0", "drb_ra" "2024-04-24 08:01:20", "1261764", "https://firmware-yrs-conflicts-favorites.trycloudflare.com/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666,PEG TECH INC", "0", "drb_ra" "2024-04-24 08:01:20", "1261765", "firmware-yrs-conflicts-favorites.trycloudflare.com", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666,PEG TECH INC", "0", "drb_ra" "2024-04-24 07:48:47", "1261763", "93.123.85.131:1337", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "c2,moobot", "0", "abus3reports" "2024-04-24 07:43:14", "1261760", "net-killer.ooguy.com", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "botnetdomain,moobot", "0", "abus3reports" "2024-04-24 07:43:14", "1261761", "xd.netsyn.online", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "botnetdomain,moobot", "0", "abus3reports" "2024-04-24 07:43:14", "1261762", "xd.nodefunction.vip", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "botnetdomain,moobot", "0", "abus3reports" "2024-04-24 07:31:29", "1261759", "eclp8oz0m8mxouv96hc9p7k2btydt3iv.click", "domain", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "botnetdomain,moobot", "0", "abus3reports" "2024-04-24 07:31:11", "1261755", "45.88.90.30:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-04-24 07:31:11", "1261756", "45.88.90.17:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-04-24 07:31:11", "1261757", "89.169.55.166:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-04-24 07:31:11", "1261758", "91.92.240.43:80", "ip:port", "botnet_cc", "elf.moobot", "None", "MooBot", "", "100", "", "moobot", "0", "abus3reports" "2024-04-24 07:15:20", "1261754", "5.42.66.10:50505", "ip:port", "botnet_cc", "win.risepro", "None", "RisePro", "", "100", "None", "RiseProStealer", "0", "abuse_ch" "2024-04-24 06:49:15", "1261753", "45.150.64.135:80", "ip:port", "botnet_cc", "win.meduza", "None", "Meduza Stealer", "", "50", "https://search.censys.io/hosts/45.150.64.135", "Meduza Stealer,STARK-INDUSTRIES", "0", "drb_ra" "2024-04-24 06:48:05", "1261752", "95.179.190.134:23954", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/95.179.190.134", "AS-CHOOPA,AS20473,c2,censys,CobaltStrike", "0", "DonPasci" "2024-04-24 06:48:00", "1261751", "96.70.92.177:465", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "", "50", "https://search.censys.io/hosts/96.70.92.177", "CMCS,Qakbot", "0", "drb_ra" "2024-04-24 06:47:46", "1261750", "122.100.188.124:445", "ip:port", "botnet_cc", "py.responder", "SpiderLabs Responder", "Responder", "", "50", "https://search.censys.io/hosts/122.100.188.124", "CTM-MO Companhia de Telecomunicacoes de Macau SARL,Responder", "0", "drb_ra" "2024-04-24 06:47:00", "1261749", "158.160.87.195:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "", "50", "https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fddcd93905a11dba9d326552f27b9a9f26d0dd241d7ee5d1353c2064da8b90aa%22", "Bianlian Go Trojan,YANDEXCLOUD", "0", "drb_ra" "2024-04-24 06:46:41", "1261748", "80.82.76.14:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/80.82.76.14", "AS202425,c2,censys,CobaltStrike,cs-watermark-987654321,INT-NETWORK", "0", "DonPasci" "2024-04-24 06:46:20", "1261747", "140.249.32.157:4506", "ip:port", "botnet_cc", "win.deimos", "None", "Deimos", "", "50", "https://search.censys.io/hosts/140.249.32.157", "CHINATELECOM-SHANDONG-QINGDAO-IDC Qingdao266000,Deimos", "0", "drb_ra" "2024-04-24 06:38:33", "1261746", "123.57.183.22:8090", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.57.183.22", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2024-04-24 06:37:15", "1261745", "101.200.197.134:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/101.200.197.134", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2024-04-24 06:36:02", "1261744", "47.116.170.61:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.116.170.61", "ALIBABA-CN-NET,AS37963,c2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" # Number of entries: 835