################################################################ # ThreatFox IOCs: recent URLs - CSV format # # Last updated: 2024-11-21 06:04:16 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2024-11-21 06:04:16", "1346267", "https://89c9bebf541c17a229d921556d14a4ffd4.com/MWZjODg0YjhhMWVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "None", "None", "0", "agesipolis1" "2024-11-21 06:04:14", "1346262", "https://bsfchile.com/work/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2024-11-21 06:04:14", "1346263", "https://bsfchile.com/work/das.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2024-11-21 06:04:14", "1346264", "https://bsfchile.com/work/fix.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2024-11-21 06:04:13", "1346254", "http://38.180.147.18:80/palofd", "url", "payload_delivery", "win.spectre", "None", "Spectre Rat", "", "75", "", "PA,palo alto,Spectre", "0", "stopransom" "2024-11-21 06:04:06", "1346268", "http://67.207.85.215:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS14061,DigitalOcean LLC,supershell", "0", "antiphishorg" "2024-11-20 15:41:13", "1346252", "https://nyciot.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113516006827293965", "KongTuke", "0", "monitorsg" "2024-11-20 15:41:10", "1346250", "https://nyciot.com/je5vl.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113516006827293965", "KongTuke", "0", "monitorsg" "2024-11-20 15:41:08", "1346226", "https://segurofinalizar.shop/work/fix2.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113515584195173024", "SmartApeSG", "0", "monitorsg" "2024-11-20 15:41:07", "1346227", "https://segurofinalizar.shop/work/xxx.zip", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113515584195173024", "SmartApeSG", "0", "monitorsg" "2024-11-20 15:41:05", "1346225", "https://segurofinalizar.shop/work/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113515584195173024", "SmartApeSG", "0", "monitorsg" "2024-11-20 15:41:04", "1346223", "https://segurofinalizar.shop/work/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113515584195173024", "SmartApeSG", "0", "monitorsg" "2024-11-20 15:41:03", "1346203", "https://jaipurraj.com/work/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2024-11-20 15:41:02", "1346204", "https://jaipurraj.com/work/das.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2024-11-20 15:41:01", "1346205", "https://jaipurraj.com/work/fix.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "SmartApeSG", "0", "HuntYethHounds" "2024-11-20 15:41:00", "1346206", "http://94.156.177.41/simple/five/PvqDq929BSx_A_D_M1n_a.php", "url", "botnet_cc", "apk.lokibot", "None", "LokiBot", "", "100", "None", "AS214943,lokibot,Railnet LLC", "0", "antiphishorg" "2024-11-20 15:40:13", "1346253", "http://31.177.109.184/8331a12a495c21b2.php", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "None", "Stealc", "0", "abuse_ch" "2024-11-20 12:40:05", "1346220", "http://101.133.156.69:7001/fwlink", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/fe3848b53bf6701306cb0fa9618527dbad319a882d2d1307f8693f005c61c772/", "cobaltstrike", "0", "abuse_ch" "2024-11-20 10:34:18", "1346216", "http://179.60.149.194:8080/vxhxrqnb", "url", "botnet_cc", "win.darkgate", "Meh,MehCrypter", "DarkGate", "", "100", "", "AS395839,c2,darkgate,drk2,HOSTKEY-USA,payload", "0", "DonPasci" "2024-11-20 10:34:17", "1346215", "http://91.243.50.68:8080/rdullfph", "url", "botnet_cc", "win.darkgate", "Meh,MehCrypter", "DarkGate", "", "100", "", "AS34665,c2,darkgate,jma755,payload,PINDC-AS", "0", "DonPasci" "2024-11-20 10:34:16", "1346214", "http://91.243.50.68:8080/eqvukhda", "url", "botnet_cc", "win.darkgate", "Meh,MehCrypter", "DarkGate", "", "100", "", "AS34665,c2,darkgate,jma755,payload,PINDC-AS", "0", "DonPasci" "2024-11-20 09:52:40", "1346208", "https://bestmarsgood.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "None", "0", "Cryptolaemus1" "2024-11-20 09:52:38", "1346207", "https://cerwintifed.com/test/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "100", "", "None", "0", "Cryptolaemus1" "2024-11-20 06:55:10", "1346202", "http://94.156.177.41/simple/five/fre.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "https://bazaar.abuse.ch/sample/f942a3046520f7838e33a1116faf8b9a6615756f044551651207f53b755a024d/", "lokibot", "0", "abuse_ch" "2024-11-20 06:23:32", "1346194", "http://121.127.253.28:8888/supershell/login/", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS152194,CTG Server Limited,supershell", "0", "antiphishorg" "2024-11-20 05:51:01", "1346065", "https://2pxsdtxngssu3vqqujdfgu4bsmlkp3d2ytctawznlhhez6tq57wzpzqd.onion:55314/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:45", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:51:01", "1346066", "https://3bh22ezbxub3dopbqja7jjymdussvwgl3eu4xzlsdyagtnhzxy3tr3id.onion:3367/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:46", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:51:00", "1346069", "https://4rnzfvzybry65auecpi3n67c6ynuunvs77qpk45svyhhsj6oisibk3qd.onion:39567/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:47", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:50:59", "1346068", "https://4jtsmu3u4yrbehjf4rzfwsswhpc7ohs4nrfnlfu3xebteeaf4uv3okyd.onion:37151/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:46", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:50:58", "1346067", "https://3zs4zdszo3lesutdbuenzvlspuh6wljj6eyntv73dxxig3bk2wcskrad.onion:15842/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:46", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:50:56", "1346070", "https://5bqxmurmtkqlzis65uu22aspcuhivb6vpzpcpma5wfl5ngz2ha6oxzqd.onion:18231/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:47", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:50:55", "1346071", "https://64iahnunyhf6ph6qvakjp22a3j6wlvl4sdmbh6elwri6up5gpnm7xkyd.onion:33960/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:48", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:50:55", "1346072", "https://6agzykvu3rjnwpdnky777ffxb5dj4fiemftho4tsoeakp2xa542pj7id.onion:34024/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:48", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:50:54", "1346073", "https://6kykjg6h7sjqru5puc57mb2nhd2bwhtewdswnsg4rlr3rw6t4iqrpgyd.onion:13392/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:48", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:50:53", "1346074", "https://6praos6qyi3b5kcurfqe4kyh5ihu4k3z6mjbggkixnfyhbpomy5szoad.onion:4123/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:49", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:50:52", "1346075", "https://6s75xlg3auzdnccos4re4hrmcxyg6fivxsqm3cldv2gowl2engljtqyd.onion:58212/", "url", "botnet_cc", "win.smokeloader", "Dofoil,Sharik,Smoke,Smoke Loader", "SmokeLoader", "2024-11-19 21:55:49", "49", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "None", "0", "johannes" "2024-11-20 05:50:51", "1346187", "https://c9bebf541c17a229d921556d14a4ffd4.com/MWZjODg0YjhhMWVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "None", "None", "0", "agesipolis1" "2024-11-20 05:50:51", "1346188", "https://64b6c9bebf541c17a229d921556d14a4ffd4.com/MWZjODg0YjhhMWVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "None", "None", "0", "agesipolis1" "2024-11-20 05:50:50", "1346189", "https://74b6c9bebf541c17a229d921556d14a4ffd4.com/MWZjODg0YjhhMWVi/", "url", "botnet_cc", "apk.coper", "ExobotCompact,Octo", "Coper", "", "100", "None", "None", "0", "agesipolis1" "2024-11-20 05:50:49", "1346191", "http://95.163.152.15/pages/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AEZA INTERNATIONAL LTD,AS210644,unam", "0", "antiphishorg" "2024-11-19 21:56:40", "1346126", "https://yebmhucezgghpzwvgqi5y2djfufgtrwcbbta547oaxw5kzi6sa2hopad.onion:3054/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:39", "1346125", "https://xbeopilgchtzd5u7yu36jlsp5cfgaqeuxkaon7yjle7lrtb3abi476id.onion:29454/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:38", "1346124", "https://wwbshp6hgnvtqwtbychvrchldbwifnf7djlpnuvf45dgn5up7w4xqqqd.onion:43728/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:37", "1346123", "https://wdmr4ow76xfig5rgffnufdu7o4abkowc7keqeaiq7fkrxofwsue5wtyd.onion:60499/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:36", "1346122", "https://vwmnexb2eiaencaw64hcrvv7tucksas6qbms5acpa222m2c5wigq3syd.onion:22567/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:35", "1346121", "https://vt6r47ek7oi2svzj2s4pguogzwumlulju4zkdf6nh7xnkugylxuy7tad.onion:23133/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:34", "1346120", "https://vor57f3yvqw3ddq4o3gkzkqdvczenmf5isiyb7vp7tc7xiokrjxxzcqd.onion:30408/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:33", "1346119", "https://vkz4q4hufi2ekksnwo2op4e5dgj7vatip2nvwmo2vsodmuau46yxmyyd.onion:37379/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:32", "1346117", "https://vbtzr7t7y7pxduueznc4mntv2zgrt66m4zvore5jahma2s7do7kguead.onion:14099/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:32", "1346118", "https://vf4ucetbu7qcy3p3d7ayntpzhjo3fzlaszu3y4wzhq642hdw2ptxn7yd.onion:20898/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:31", "1346116", "https://uup6i2g2uhsmsts6t4h5s652hficknfnpzs662x2q3iym5ddninyemad.onion:38869/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:30", "1346115", "https://twlittqpz6hslkwrwaczn6b55jb4iz46erykvrnzhlyfssnk5uwwlmyd.onion:44045/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:29", "1346114", "https://tnpiydtimuugdaixsyuew4nofzggjdsyyo3ctw2uzi4drll4axm3diyd.onion:38584/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:28", "1346113", "https://srssvp2lk3vnwttncfxogitwrdo5y7nljcj6razz3ghjqdpxp4x2m2yd.onion:16259/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:26", "1346112", "https://sj5ud3jiqkp47zza57xvrpno5tw6nrvxbxzvgn4k2fmyzzprhf6jxxid.onion:46597/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:25", "1346111", "https://sj3jle6rfggaumbex4fqhb63vj7so5sy6e7wlgrlmayk3pmhtmgtwfid.onion:48986/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:24", "1346110", "https://s626jyykfd2vpeel7rswnlmwsjcumjgwsw2hdo3shphtih64ayu7n6yd.onion:57739/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:23", "1346109", "https://s26a7zwwxapsmm3hi3awsz7cd5mjwxhl3gd6bplhiwvekm4hys2u32qd.onion:10429/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:22", "1346108", "https://rucaoeomop3yeepq5iyawcxjjt6x3tah5flbai2fewotjwomf6xqvxqd.onion:8314/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:21", "1346107", "https://rabwadnfs35sjfmrvka7vras7hj3s22aixx72da5x3zbsnk3cxxo77qd.onion:48151/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:20", "1346106", "https://qryejmh3imdjrvns2rbncl3gfw5a2etzwktm2uplavp7jn4stw3lbwqd.onion:26196/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:19", "1346104", "https://odvrlneiow77fspjz4lrj425jo7fmd5cv4q3iasjcqwe35ybei7wabyd.onion:43303/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:19", "1346105", "https://purcdflu3cqzjfc3rwzr2jxz2e6yiaiks4ej2sn4t4hux2lnksfe3dqd.onion:17141/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:18", "1346103", "https://nxwhpmhofmoglbaq66de3bl3hp5x5y6d7cnwhldjzdex4dokchzeqlad.onion:25785/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:17", "1346102", "https://nuco75srh4vta5zglxcp4ziabljitvr5yfeqcnwzdauufkzo3hd2w3qd.onion:35495/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:16", "1346101", "https://l234audkv4np4z7ifp2apoven7hzbyjrfvteoh6fvjarc6cd6vxfe4ad.onion:48212/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:15", "1346100", "https://kvlrfiowwiwft7od7mlbdcxouuozm56dqv4uyhfcdbabqydv3htolvid.onion:26783/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:14", "1346099", "https://kqt3ukq3rrodfxd7ce75rboussy6slxdprzcierd65oq26ddgpelyqid.onion:14927/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:13", "1346098", "https://kohtbl3ucs6xvqosbxd7dnfh5y3ag6tjix3bdflz4p5dw4g3g62oygid.onion:55616/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:12", "1346097", "https://knrkrkipiff7vxymch6t54b2n2wnizt6baqsbp24zyfmaggstjwpb6id.onion:11844/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:11", "1346096", "https://j6ra6hqk7cssp5fazkwlltqdfbgl3azhktccc2hefoco46p4qhvgcgid.onion:35543/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:10", "1346095", "https://j62wwivnsntjporvag3u3xc3rfrqio25a7lhxamgfnjd7kdnhpnu7eqd.onion:26622/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:09", "1346094", "https://gqqw74q2ig2vfnrwhm6ulxe2ipzieckpiozjufvhhsxoidy5wjq2bmqd.onion:23899/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:07", "1346092", "https://fnnkuvyleutbgw65bedvueiflhytyds5fu6vxeg56ihr5qu6getug7ad.onion:18678/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:07", "1346093", "https://fthappkft575kd4snugjnqg7nbk5noxd7jnyvprulecbadzjkpszclyd.onion:52134/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:06", "1346091", "https://exmd723nzabqwzd2iq3yjcqsavz6o65vxyl465vedfiiaefdjv3oiwyd.onion:44004/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:04", "1346090", "https://e6f6ex6jdvwjv5453eeakpxa5l3fz255zmfpgtw7oxynepfm334725id.onion:15328/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:03", "1346089", "https://dy4upangcmvzpx56we77keuhvtta2734w2upg3nuloqyxlhmipt63fid.onion:49716/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:02", "1346088", "https://dqgpc53vh2rzagqolhyesfwhtnivr7l7gl745vy3wzzdpzca4epoy6qd.onion:55452/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:01", "1346087", "https://cr5rnanscwakq3amo5nvdl4kdkhgbxv37aaqbqmmtjt6ufkwtke7suid.onion:35724/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:56:00", "1346086", "https://cpxqqmy3xerxafsupnj2ucccgxnbbjujf5rfrvxdlkqxczidfz5rloyd.onion:36428/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:55:59", "1346085", "https://bcxed2rymdhu7s2tec2xjtscfaqdvdyqxtasif6ym5epuyxddcrjncid.onion:42332/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:55:58", "1346084", "https://b5z6wlu5427v5dyw3ax3agclku7gmtmnwiepjif3w6styzifcnl6vfqd.onion:13811/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:55:57", "1346083", "https://ayah2jmok6u7eo6rtksfaxo6zcz6cgjpwnxtdo66jolz26ymaq6ssfid.onion:44844/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:55:56", "1346082", "https://aonw5ldru6t4xwwl4ifzonaggkm7gcpegiyaccryzh64yzks3fkabiyd.onion:47210/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:55:55", "1346081", "https://7oqgixcydaoxc3ayv6raiufxmwpd22oeo56rbitbyv7ndmjqhsl5m7qd.onion:22408/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:55:53", "1346080", "https://7bbkpvrpatpzrreu36bzemj7fejgglqqzwdn4avgvpf67zwqpzc44vqd.onion:55965/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:55:52", "1346079", "https://6x6k5kgzgtajkimxkto4m6eqcxfhcxirlwwtfsjd3ilwqfp5ovnyu2id.onion:36112/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 21:55:51", "1346078", "https://6uhcvcp6hm2rvajmsrqhi6q5kgel2vwencjvnxouwv7a7erbwydjx6id.onion:4615/", "url", "botnet_cc", "win.raspberry_robin", "RaspberryRobin,QNAP-Worm,LINK_MSIEXEC", "Raspberry Robin", "", "75", "https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and", "RaspberryRobin", "1", "NDA0E" "2024-11-19 18:48:25", "1345846", "https://213.159.75.95", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "sample,vidar", "0", "Lars" "2024-11-19 18:44:23", "1346060", "https://tickerwell.com/web.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113511093384603631", "KongTuke", "0", "monitorsg" "2024-11-19 18:44:22", "1346062", "https://tickerwell.com/js.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113511093384603631", "KongTuke", "0", "monitorsg" "2024-11-19 18:44:21", "1346063", "http://faybzuy3byz2v.top/1.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113511093384603631", "KongTuke", "0", "monitorsg" "2024-11-19 18:40:04", "1346059", "http://115.48.10.59:38294/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf" "2024-11-19 17:55:05", "1346057", "http://87.120.113.235/18/pin.php", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "https://bazaar.abuse.ch/sample/a4e13d5ddfed2748925ccf8cb2a08cf03f992de943e195aa73411e1fd2efab80/", "lokibot", "0", "abuse_ch" "2024-11-19 17:50:08", "1346056", "http://38.180.228.120/cpu/Default4/externalrequestlinuxPoll/Track2image/BetterTest_linux/TrafficLocallowlongpoll/AsyncProvider/Uploads/providerpipepythonserverAsyncGeneratortrackdatalifeDlecdn.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch" "2024-11-19 15:27:15", "1345842", "https://safigdata.com/wp.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "Kongtuke,LandUpdate808", "0", "rmceoin" "2024-11-19 15:01:12", "1345836", "https://viralnavigator.com/work/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113510157946516256", "SmartApeSG", "0", "monitorsg" "2024-11-19 15:01:11", "1345837", "https://viralnavigator.com/work/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113510157946516256", "SmartApeSG", "0", "monitorsg" "2024-11-19 15:01:10", "1345838", "https://viralnavigator.com/work/fix2.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113510157946516256", "SmartApeSG", "0", "monitorsg" "2024-11-19 15:01:09", "1345839", "https://viralnavigator.com/work/xxx.zip", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113510157946516256", "SmartApeSG", "0", "monitorsg" "2024-11-19 14:10:16", "1345835", "https://appr0dress.cyou/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/23506c79b6112f7a234c35b838faa9b51286df3bba27f27b7731aa0f23364139/", "lumma", "0", "abuse_ch" "2024-11-19 13:51:56", "1345832", "https://eegqzvxd.shop/work/index.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113509902540539525", "SmartApeSG", "0", "monitorsg" "2024-11-19 13:51:56", "1345834", "https://eegqzvxd.shop/work/xxx.zip", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113509902540539525", "SmartApeSG", "0", "monitorsg" "2024-11-19 13:51:55", "1345833", "https://eegqzvxd.shop/work/fix2.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113509902540539525", "SmartApeSG", "0", "monitorsg" "2024-11-19 13:51:54", "1345830", "https://eegqzvxd.shop/work/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/113509902540539525", "SmartApeSG", "0", "monitorsg" "2024-11-19 12:01:05", "1345821", "http://94.156.177.41/maxzi/five/PvqDq929BSx_A_D_M1n_a.php", "url", "botnet_cc", "apk.lokibot", "None", "LokiBot", "", "100", "None", "AS214943,lokibot,Railnet LLC", "0", "antiphishorg" # Number of entries: 107