################################################################
# ThreatFox IOCs: recent URLs - CSV format                     #
# Last updated: 2024-07-26 21:35:10 UTC                        #
#                                                              #
# Terms Of Use: https://threatfox.abuse.ch/faq/#tos            #
# For questions please contact threatfox [at] abuse.ch         #
################################################################
#
# "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter"
"2024-07-26 21:35:10", "1303950", "http://660256cm.nyashka.top/javascriptsecurelowWindows.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-07-26 18:40:13", "1303941", "https://weaknessmznxo.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/17aad4db38649728ef0e666755351794d4de41d82a36608226d8656ea54233cb/", "lumma", "0", "abuse_ch"
"2024-07-26 18:40:12", "1303940", "https://stimultaionsppzv.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/17aad4db38649728ef0e666755351794d4de41d82a36608226d8656ea54233cb/", "lumma", "0", "abuse_ch"
"2024-07-26 18:40:11", "1303939", "https://shellfyyousdjz.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/17aad4db38649728ef0e666755351794d4de41d82a36608226d8656ea54233cb/", "lumma", "0", "abuse_ch"
"2024-07-26 18:40:10", "1303938", "https://parntorpkxzlp.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/17aad4db38649728ef0e666755351794d4de41d82a36608226d8656ea54233cb/", "lumma", "0", "abuse_ch"
"2024-07-26 18:40:09", "1303937", "https://kaminiasbbefow.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/f9544eee0a9c3a07cd8b5a912cdbc5c75252cd951709e409b53027310b3a969e/", "lumma", "0", "abuse_ch"
"2024-07-26 18:40:09", "1303936", "https://horizonvxjis.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/17aad4db38649728ef0e666755351794d4de41d82a36608226d8656ea54233cb/", "lumma", "0", "abuse_ch"
"2024-07-26 18:40:08", "1303935", "https://grassytaisol.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/17aad4db38649728ef0e666755351794d4de41d82a36608226d8656ea54233cb/", "lumma", "0", "abuse_ch"
"2024-07-26 18:40:07", "1303934", "https://effectivedoxzj.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/17aad4db38649728ef0e666755351794d4de41d82a36608226d8656ea54233cb/", "lumma", "0", "abuse_ch"
"2024-07-26 18:40:06", "1303933", "https://broccoltisop.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/17aad4db38649728ef0e666755351794d4de41d82a36608226d8656ea54233cb/", "lumma", "0", "abuse_ch"
"2024-07-26 18:40:05", "1303932", "https://bravedreacisopm.shop/api", "url", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "75", "https://bazaar.abuse.ch/sample/17aad4db38649728ef0e666755351794d4de41d82a36608226d8656ea54233cb/", "lumma", "0", "abuse_ch"
"2024-07-26 14:38:00", "1303922", "https://canroura.com/cdn-vs/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112852996552741075", "SmartApeSG", "0", "monitorsg"
"2024-07-26 14:37:59", "1303924", "https://canroura.com/cdn-vs/main.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112852996552741075", "SmartApeSG", "0", "monitorsg"
"2024-07-26 14:37:58", "1303925", "http://canroura.com/cdn-vs/22per.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112852996552741075", "SmartApeSG", "0", "monitorsg"
"2024-07-26 12:40:05", "1303921", "http://27.217.175.226:42733/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf"
"2024-07-26 12:30:09", "1303920", "http://fqq121.beget.tech/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-07-26 12:25:07", "1303919", "http://a1008296.xsph.ru/2259cd8f.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-07-26 12:10:16", "1303914", "https://megasena777.top/cdn-vs/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112852516884354593", "SmartApeSG", "0", "monitorsg"
"2024-07-26 12:10:15", "1303917", "http://megasena777.top/cdn-vs/22per.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112852516884354593", "SmartApeSG", "0", "monitorsg"
"2024-07-26 12:10:15", "1303916", "https://megasena777.top/cdn-vs/main.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112852516884354593", "SmartApeSG", "0", "monitorsg"
"2024-07-26 11:30:06", "1303918", "http://47.243.165.127:8888/pixel.gif", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/2c37f2a3fdc18b7da0ba9de124a54570abbbe106cfbb44ac6465c30478cfe141/", "cobaltstrike", "0", "abuse_ch"
"2024-07-26 11:02:56", "1303913", "http://109.120.176.203/api/firecom.php", "url", "botnet_cc", "win.privateloader", "None", "PrivateLoader", "", "100", "None", "None", "0", "Bitsight"
"2024-07-26 06:40:05", "1303906", "http://118.240.211.157:59638/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf"
"2024-07-26 05:47:47", "1303867", "http://185.215.113.19/Vi9leo/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2024-07-26 04:13:51", "100", "None", "None", "0", "Bitsight"
"2024-07-26 05:47:47", "1303865", "http://185.215.113.16/Jo89Ku7d/index.php", "url", "botnet_cc", "win.amadey", "None", "Amadey", "2024-07-26 05:44:11", "100", "None", "None", "0", "Bitsight"
"2024-07-26 05:47:46", "1303873", "http://109.120.176.203/api/firepro.php", "url", "botnet_cc", "win.privateloader", "None", "PrivateLoader", "2024-07-26 23:51:40", "100", "None", "None", "0", "Bitsight"
"2024-07-26 05:47:43", "1303633", "http://109.120.176.203/api/flash.php", "url", "botnet_cc", "win.privateloader", "None", "PrivateLoader", "2024-07-27 00:07:20", "100", "None", "None", "0", "Bitsight"
"2024-07-25 18:40:05", "1303856", "http://221.15.198.201:33519/Mozi.m", "url", "payload_delivery", "elf.mozi", "None", "Mozi", "", "50", "None", "None", "0", "sicehicetf"
"2024-07-25 16:50:18", "1303634", "http://45.61.136.20/index.php/jlbcyg0q595vs4hef0", "url", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "100", "None", "Loki", "0", "abuse_ch"
"2024-07-25 16:29:03", "1303632", "https://packedbrick.com/vfRg2L1ej33bleY00JdN9pxuSvOX2mNI-nTw9UpUoPg", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "", "KeitaroTDS,SocGholish", "0", "rmceoin"
"2024-07-25 16:29:02", "1303629", "http://109.120.176.203/api/twofish.php", "url", "botnet_cc", "win.privateloader", "None", "PrivateLoader", "2024-07-27 01:31:04", "100", "None", "None", "0", "Bitsight"
"2024-07-25 14:26:12", "1303620", "https://imc1.top/cdn-vs/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112847330018291986", "SmartApeSG", "0", "monitorsg"
"2024-07-25 14:26:11", "1303622", "https://imc1.top/cdn-vs/main.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112847330018291986", "SmartApeSG", "0", "monitorsg"
"2024-07-25 14:26:10", "1303623", "http://imc1.top/cdn-vs/22per.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112847330018291986", "SmartApeSG", "0", "monitorsg"
"2024-07-25 14:26:09", "1303624", "http://hhic.top/data.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112847330018291986", "SmartApeSG", "0", "monitorsg"
"2024-07-25 14:26:08", "1303625", "https://novidadesfresquinhas.online/cdn-vs/original.js", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112847584114238337", "SmartApeSG", "0", "monitorsg"
"2024-07-25 14:26:07", "1303627", "https://novidadesfresquinhas.online/cdn-vs/main.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112847584114238337", "SmartApeSG", "0", "monitorsg"
"2024-07-25 14:26:06", "1303628", "http://novidadesfresquinhas.online/cdn-vs/22per.php", "url", "payload_delivery", "js.fakeupdates", "FakeUpdate,SocGholish", "FAKEUPDATES", "", "100", "https://infosec.exchange/@monitorsg/112847584114238337", "SmartApeSG", "0", "monitorsg"
"2024-07-25 08:45:09", "1303619", "http://104.131.159.100:80/load", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/47c4ed11dd0f2ff4d2a65b428a96e14ac5549b43f2d67b2298f5a18b17161a39/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 05:20:18", "1303592", "http://cz41806.tw1.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-07-25 04:05:14", "1303588", "http://722659cl.nyashtop.top/VmhttpTempdownloads.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-07-25 02:05:13", "1303586", "http://a1008315.xsph.ru/L1nc0In.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat", "0", "abuse_ch"
"2024-07-25 02:00:20", "1303585", "http://192.168.0.131:80/MtXD", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/47336e3f06eb8cae1d4d9e5b93e36587c6a6434583b69e8f04ecb37335783054/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:55:05", "1303580", "http://10.211.55.8:23462/g.pixel", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/c1cc2912bf692be2fbe5255231a1e44e1b1b833b944d45e3937b3191a00fb570/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:50:28", "1303578", "http://service-1kx1l5oj-1305976706.bj.tencentapigw.com.cn:80/bootstrap-2.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/c97119be1f838f352f9fe25ded24b3c2fc0dd99496d508f45d1e540b3be6131c/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:50:21", "1303577", "http://5.34.205.152:80/SlDZ", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/d0ea156b9079bcc3598f5ec8dfec6d579c9a625606154e1be4a1b1ce570bfbf6/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:50:20", "1303576", "http://38.12.0.151:8888/dhNC", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/87a54f63e0318610126ec4df990c7aef55caca7a2547d45dd842fea30c31b1d6/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:50:18", "1303575", "http://192.168.50.141:8088/jw2J", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/2d1ebdca169932f877c5e88c794eb97e220002c8bb531e7587ac06dff129fc32/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:50:15", "1303574", "http://172.18.0.1:80/4qJn", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/ae4dcd24be60dbdaa920b2e11a78a01b38ee59f4500030f8156e2d1ffac8cf38/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:50:12", "1303573", "http://120.48.5.80:7421/rN4i", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/276c5328f1cbf6e24c50cc3ddac299b4ea8b569d8e91c3ae4c6f61362236d46b/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:45:41", "1303572", "http://www.orcasvip.com:8443/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/7b3b5343f46cec4dcec1588fa5e182988fd922d5adfa613d9e763ea78d33dfc3/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:45:37", "1303571", "http://ns2.icbc-com-cn.com:53/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/4ae113138120fbf090ef2fe8f7e54e51969b2cf2f0a4f4aa6ca0da2441402299/", "cobaltstrike", "0", "abuse_ch"
"2024-07-25 01:45:36", "1303570", "http://ns1.icbc-com-cn.com:53/jquery-3.3.1.min.js", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/4ae113138120fbf090ef2fe8f7e54e51969b2cf2f0a4f4aa6ca0da2441402299/", "cobaltstrike", "0", "abuse_ch"
# Number of entries: 53