{ "1802589": [ { "ioc_value": "158.94.211.33:7017", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.xworm", "malware_alias": null, "malware_printable": "XWorm", "first_seen_utc": "2026-04-30 07:16:12", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/939b247d1cf5a8b674ff632365af9982256363d6ae390876d0d3d9cbc07d163b/", "tags": "xworm", "anonymous": "0", "reporter": "abuse_ch" } ], "1802552": [ { "ioc_value": "31.97.61.212:8521", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "unknown_stealer", "malware_alias": null, "malware_printable": "Unknown Stealer", "first_seen_utc": "2026-04-30 06:26:35", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/f86352ecaf34773e85d979220b9825f6c1ec45b5c93d5ecca9998dc2b49cf3a8/", "tags": "RemusStealer", "anonymous": "0", "reporter": "abuse_ch" } ], "1802553": [ { "ioc_value": "103.30.145.217:8768", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "unknown_stealer", "malware_alias": null, "malware_printable": "Unknown Stealer", "first_seen_utc": "2026-04-30 06:26:35", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/f86352ecaf34773e85d979220b9825f6c1ec45b5c93d5ecca9998dc2b49cf3a8/", "tags": "RemusStealer", "anonymous": "0", "reporter": "abuse_ch" } ], "1802536": [ { "ioc_value": "83.217.208.78:3011", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "unknown", "malware_alias": null, "malware_printable": "Unknown malware", "first_seen_utc": "2026-04-30 06:03:58", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/8bbd5525d11b0aeecd5d9bc385c080cf2fd1b4a6aba76caf62b16426a0840ba2/", "tags": null, "anonymous": "0", "reporter": "abuse_ch" } ], "1802297": [ { "ioc_value": "103.211.219.238:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:53", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802298": [ { "ioc_value": "195.19.194.107:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:52", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802299": [ { "ioc_value": "62.72.32.156:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:51", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802300": [ { "ioc_value": "76.13.17.11:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:50", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802301": [ { "ioc_value": "85.31.234.218:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:49", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802302": [ { "ioc_value": "31.97.61.212:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:48", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802303": [ { "ioc_value": "72.61.25.108:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:47", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802305": [ { "ioc_value": "194.164.72.136:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:45", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802307": [ { "ioc_value": "65.21.104.235:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:43", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802306": [ { "ioc_value": "168.231.114.49:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:41", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802308": [ { "ioc_value": "95.217.206.239:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:40", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802309": [ { "ioc_value": "178.104.90.74:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:39", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802310": [ { "ioc_value": "5.189.165.117:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:38", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802312": [ { "ioc_value": "37.77.150.108:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:50:37", "last_seen_utc": "2026-04-29 21:25:51", "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802311": [ { "ioc_value": "45.85.147.53:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:48", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802313": [ { "ioc_value": "137.184.153.47:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:45", "last_seen_utc": "2026-04-29 21:25:51", "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802314": [ { "ioc_value": "68.183.161.221:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:44", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802315": [ { "ioc_value": "67.205.186.254:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:43", "last_seen_utc": "2026-04-29 21:25:51", "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802316": [ { "ioc_value": "78.111.111.236:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:42", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802317": [ { "ioc_value": "94.231.205.229:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:42", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802318": [ { "ioc_value": "15.235.192.42:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:41", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802319": [ { "ioc_value": "147.135.84.14:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:40", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802320": [ { "ioc_value": "89.58.10.69:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:39", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802321": [ { "ioc_value": "5.231.25.31:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:38", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802322": [ { "ioc_value": "5.45.184.254:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:37", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802323": [ { "ioc_value": "185.53.179.128:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:37", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802324": [ { "ioc_value": "79.111.111.236:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:36", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802325": [ { "ioc_value": "68.183.61.221:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remus", "malware_alias": null, "malware_printable": "Remus", "first_seen_utc": "2026-04-30 05:49:34", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://intelinsights.substack.com/p/c2-in-the-ether", "tags": "Remus", "anonymous": "0", "reporter": "orlof_v" } ], "1802390": [ { "ioc_value": "89.124.79.20:9000", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.sectop_rat", "malware_alias": "1xxbot,ArechClient", "malware_printable": "SectopRAT", "first_seen_utc": "2026-04-30 05:48:35", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "1xxbot,ArechClient,SectopRAT", "anonymous": "0", "reporter": "whoamix302" } ], "1802391": [ { "ioc_value": "149.12.67.100:139", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.extreme_rat", "malware_alias": "ExtRat", "malware_printable": "Xtreme RAT", "first_seen_utc": "2026-04-30 05:48:34", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "ExtRat,Xtreme RAT", "anonymous": "0", "reporter": "whoamix302" } ], "1802392": [ { "ioc_value": "158.101.97.20:10001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.extreme_rat", "malware_alias": "ExtRat", "malware_printable": "Xtreme RAT", "first_seen_utc": "2026-04-30 05:48:33", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "ExtRat,Xtreme RAT", "anonymous": "0", "reporter": "whoamix302" } ], "1802338": [ { "ioc_value": "5.252.177.183:443", "ioc_type": "ip:port", "threat_type": "payload_delivery", "malware": "unknown", "malware_alias": null, "malware_printable": "Unknown malware", "first_seen_utc": "2026-04-30 05:46:28", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": null, "tags": "clickfix,iex,mivocloud,powershell", "anonymous": "0", "reporter": "Lenny_3BO" } ], "1802492": [ { "ioc_value": "117.50.71.2:9999", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.valley_rat", "malware_alias": "Winos", "malware_printable": "ValleyRAT", "first_seen_utc": "2026-04-30 03:50:59", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/2d719453907952864e2ea1d8f294eb8c19a12b5bffbab84ba9eda8b069d72f05/", "tags": "valleyrat_s2", "anonymous": "0", "reporter": "abuse_ch" } ], "1802489": [ { "ioc_value": "94.156.250.190:7781", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.raton_rat", "malware_alias": null, "malware_printable": "RatonRAT", "first_seen_utc": "2026-04-30 03:45:31", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "RatonRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802487": [ { "ioc_value": "129.151.142.36:3229", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.njrat", "malware_alias": "Bladabindi,Lime-Worm", "malware_printable": "NjRAT", "first_seen_utc": "2026-04-30 03:45:19", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NjRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802486": [ { "ioc_value": "129.151.142.36:2232", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.njrat", "malware_alias": "Bladabindi,Lime-Worm", "malware_printable": "NjRAT", "first_seen_utc": "2026-04-30 03:45:17", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NjRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802480": [ { "ioc_value": "172.67.164.185:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.nanocore", "malware_alias": "Nancrat,NanoCore", "malware_printable": "Nanocore RAT", "first_seen_utc": "2026-04-30 03:35:24", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NanoCore,RAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802479": [ { "ioc_value": "104.21.50.178:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.nanocore", "malware_alias": "Nancrat,NanoCore", "malware_printable": "Nanocore RAT", "first_seen_utc": "2026-04-30 03:35:21", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NanoCore,RAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802478": [ { "ioc_value": "104.21.27.243:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.nanocore", "malware_alias": "Nancrat,NanoCore", "malware_printable": "Nanocore RAT", "first_seen_utc": "2026-04-30 03:35:19", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NanoCore,RAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802477": [ { "ioc_value": "172.67.169.216:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.nanocore", "malware_alias": "Nancrat,NanoCore", "malware_printable": "Nanocore RAT", "first_seen_utc": "2026-04-30 03:35:16", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NanoCore,RAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802476": [ { "ioc_value": "172.67.213.117:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.nanocore", "malware_alias": "Nancrat,NanoCore", "malware_printable": "Nanocore RAT", "first_seen_utc": "2026-04-30 03:35:15", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NanoCore,RAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802475": [ { "ioc_value": "104.21.37.211:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.nanocore", "malware_alias": "Nancrat,NanoCore", "malware_printable": "Nanocore RAT", "first_seen_utc": "2026-04-30 03:35:11", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NanoCore,RAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802271": [ { "ioc_value": "104.168.70.158:2404", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remcos", "malware_alias": "RemcosRAT,Remvio,Socmer", "malware_printable": "Remcos", "first_seen_utc": "2026-04-29 20:35:57", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/5b1bd3011b219c36b686b2623016baaf36a078ad413201a5ccb18227d1a75815/", "tags": "remcos", "anonymous": "0", "reporter": "abuse_ch" } ], "1802272": [ { "ioc_value": "104.168.70.158:5000", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remcos", "malware_alias": "RemcosRAT,Remvio,Socmer", "malware_printable": "Remcos", "first_seen_utc": "2026-04-29 20:35:57", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/5b1bd3011b219c36b686b2623016baaf36a078ad413201a5ccb18227d1a75815/", "tags": "remcos", "anonymous": "0", "reporter": "abuse_ch" } ], "1802153": [ { "ioc_value": "103.140.238.45:31337", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.sliver", "malware_alias": null, "malware_printable": "Sliver", "first_seen_utc": "2026-04-29 15:18:41", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "Sliver", "anonymous": "0", "reporter": "whoamix302" } ], "1802154": [ { "ioc_value": "152.53.103.201:31337", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.sliver", "malware_alias": null, "malware_printable": "Sliver", "first_seen_utc": "2026-04-29 15:18:40", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "Sliver", "anonymous": "0", "reporter": "whoamix302" } ], "1802144": [ { "ioc_value": "45.9.168.219:2404", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remcos", "malware_alias": "RemcosRAT,Remvio,Socmer", "malware_printable": "Remcos", "first_seen_utc": "2026-04-29 14:50:55", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/d448f06355d7484df4c27108b0f9c4ef313c34cafee87eb3d85eec012094300f/", "tags": "remcos", "anonymous": "0", "reporter": "abuse_ch" } ], "1802141": [ { "ioc_value": "82.156.62.131:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 14:43:42", "last_seen_utc": "2026-04-30 07:43:55", "confidence_level": 75, "is_compromised": false, "reference": null, "tags": "CobaltStrike,drb-ra", "anonymous": "0", "reporter": "abuse_ch" } ], "1802140": [ { "ioc_value": "46.137.196.122:8000", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 14:43:33", "last_seen_utc": "2026-04-30 07:43:44", "confidence_level": 75, "is_compromised": false, "reference": null, "tags": "CobaltStrike,drb-ra", "anonymous": "0", "reporter": "abuse_ch" } ], "1802139": [ { "ioc_value": "217.154.212.25:8081", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 14:43:28", "last_seen_utc": "2026-04-30 07:43:38", "confidence_level": 75, "is_compromised": false, "reference": null, "tags": "CobaltStrike,drb-ra", "anonymous": "0", "reporter": "abuse_ch" } ], "1802138": [ { "ioc_value": "156.245.147.98:9010", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 14:43:24", "last_seen_utc": "2026-04-30 07:43:33", "confidence_level": 75, "is_compromised": false, "reference": null, "tags": "CobaltStrike,drb-ra", "anonymous": "0", "reporter": "abuse_ch" } ], "1802137": [ { "ioc_value": "100.113.210.8:8081", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 14:43:11", "last_seen_utc": "2026-04-30 07:43:13", "confidence_level": 75, "is_compromised": false, "reference": null, "tags": "CobaltStrike,drb-ra", "anonymous": "0", "reporter": "abuse_ch" } ], "1802134": [ { "ioc_value": "117.50.71.2:6666", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.valley_rat", "malware_alias": "Winos", "malware_printable": "ValleyRAT", "first_seen_utc": "2026-04-29 14:34:06", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "RAT,ValleyRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1802063": [ { "ioc_value": "47.109.20.107:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 10:43:33", "last_seen_utc": "2026-04-30 07:43:45", "confidence_level": 75, "is_compromised": false, "reference": null, "tags": "CobaltStrike,drb-ra", "anonymous": "0", "reporter": "abuse_ch" } ], "1802020": [ { "ioc_value": "79.124.59.142:80", "ioc_type": "ip:port", "threat_type": "payload_delivery", "malware": "win.lumma", "malware_alias": "LummaC2 Stealer", "malware_printable": "Lumma Stealer", "first_seen_utc": "2026-04-29 10:20:40", "last_seen_utc": null, "confidence_level": 100, "is_compromised": true, "reference": "https://tria.ge/260429-lgwyead16q/behavioral1", "tags": "campaign1777454698,lumma,lummac2,renengine", "anonymous": "1", "reporter": "anonsec2" } ], "1801997": [ { "ioc_value": "47.122.147.35:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 07:57:00", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "CobaltStrike,cs-watermark-987654321", "anonymous": "0", "reporter": "abuse_ch" } ], "1801996": [ { "ioc_value": "8.136.155.237:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 07:56:52", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "CobaltStrike", "anonymous": "0", "reporter": "abuse_ch" } ], "1801786": [ { "ioc_value": "70.34.205.43:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "unknown", "malware_alias": null, "malware_printable": "Unknown malware", "first_seen_utc": "2026-04-29 07:50:00", "last_seen_utc": null, "confidence_level": 80, "is_compromised": false, "reference": null, "tags": "chopi,clickfix,ixwebsocket,ocx,webdav", "anonymous": "0", "reporter": "Lenny_3BO" } ], "1801828": [ { "ioc_value": "172.235.163.133:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:43", "last_seen_utc": "2026-04-28 21:19:34", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801831": [ { "ioc_value": "172.235.163.98:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:43", "last_seen_utc": "2026-04-28 21:25:01", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801830": [ { "ioc_value": "172.235.163.86:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:42", "last_seen_utc": "2026-04-28 21:14:14", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801833": [ { "ioc_value": "172.235.163.113:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:41", "last_seen_utc": "2026-04-28 21:31:08", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801834": [ { "ioc_value": "172.235.163.71:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:41", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801835": [ { "ioc_value": "172.235.163.127:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:40", "last_seen_utc": "2026-04-28 21:03:40", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801837": [ { "ioc_value": "172.235.163.114:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:40", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801839": [ { "ioc_value": "172.235.163.83:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:39", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801841": [ { "ioc_value": "172.235.163.122:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:39", "last_seen_utc": "2026-04-28 21:08:54", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801843": [ { "ioc_value": "172.235.163.102:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:38", "last_seen_utc": "2026-04-28 21:36:59", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801862": [ { "ioc_value": "176.65.139.152:7716", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "elf.mirai", "malware_alias": "Katana", "malware_printable": "Mirai", "first_seen_utc": "2026-04-29 07:49:35", "last_seen_utc": null, "confidence_level": 80, "is_compromised": false, "reference": null, "tags": "mirai", "anonymous": "0", "reporter": "seckle" } ], "1801894": [ { "ioc_value": "104.248.85.23:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:30", "last_seen_utc": "2026-04-30 08:02:59", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801895": [ { "ioc_value": "142.93.143.216:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:30", "last_seen_utc": "2026-04-30 08:26:03", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801896": [ { "ioc_value": "64.225.66.108:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-29 07:49:29", "last_seen_utc": "2026-04-30 08:20:48", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801916": [ { "ioc_value": "91.92.243.111:8041", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remoteadmin", "malware_alias": null, "malware_printable": "RemoteAdmin", "first_seen_utc": "2026-04-29 07:49:20", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://any.run/report/8d2e7a0ef5bd863c2052108bfb8ff0b289be633f8d2f5cf8ba12c23389117869/2fe0c237-8042-45bc-9ff5-3f228131f17a", "tags": "connectwise,fiscal-lure,flyservers,port-8041,rat,rmm-abuse,screenconnect", "anonymous": "0", "reporter": "SamTheRuby" } ], "1801943": [ { "ioc_value": "176.65.139.59:3000", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "elf.mirai", "malware_alias": "Katana", "malware_printable": "Mirai", "first_seen_utc": "2026-04-29 07:49:10", "last_seen_utc": null, "confidence_level": 80, "is_compromised": false, "reference": null, "tags": "mirai", "anonymous": "0", "reporter": "seckle" } ], "1801959": [ { "ioc_value": "86.54.24.26:4433", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 07:49:07", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "anonymous": "0", "reporter": "whoamix302" } ], "1801960": [ { "ioc_value": "156.245.147.101:9010", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 07:49:06", "last_seen_utc": "2026-04-30 07:43:33", "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "anonymous": "0", "reporter": "whoamix302" } ], "1801961": [ { "ioc_value": "46.137.196.122:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.cobalt_strike", "malware_alias": "Agentemis,BEACON,CobaltStrike,cobeacon", "malware_printable": "Cobalt Strike", "first_seen_utc": "2026-04-29 07:49:06", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "Agentemis,BEACON,Cobalt Strike,CobaltStrike,cobeacon", "anonymous": "0", "reporter": "whoamix302" } ], "1801963": [ { "ioc_value": "170.75.170.59:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "unknown", "malware_alias": null, "malware_printable": "Unknown malware", "first_seen_utc": "2026-04-29 07:49:05", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "BotManager", "anonymous": "0", "reporter": "whoamix302" } ], "1801964": [ { "ioc_value": "170.75.162.74:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "unknown", "malware_alias": null, "malware_printable": "Unknown malware", "first_seen_utc": "2026-04-29 07:49:05", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "BotManager", "anonymous": "0", "reporter": "whoamix302" } ], "1801966": [ { "ioc_value": "206.166.251.249:1604", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.darkcomet", "malware_alias": "Breut,Fynloski,klovbot", "malware_printable": "DarkComet", "first_seen_utc": "2026-04-29 07:49:05", "last_seen_utc": null, "confidence_level": 50, "is_compromised": false, "reference": "", "tags": "Breut,DarkComet,Fynloski,klovbot", "anonymous": "0", "reporter": "whoamix302" } ], "1801971": [ { "ioc_value": "94.156.155.42:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.stealc", "malware_alias": null, "malware_printable": "Stealc", "first_seen_utc": "2026-04-29 07:49:04", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "Stealc", "anonymous": "0", "reporter": "whoamix302" } ], "1801973": [ { "ioc_value": "151.246.238.186:9000", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.sectop_rat", "malware_alias": "1xxbot,ArechClient", "malware_printable": "SectopRAT", "first_seen_utc": "2026-04-29 07:49:04", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "1xxbot,ArechClient,SectopRAT", "anonymous": "0", "reporter": "whoamix302" } ], "1801974": [ { "ioc_value": "185.158.250.188:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.socks5_systemz", "malware_alias": "ProxyBox", "malware_printable": "Socks5 Systemz", "first_seen_utc": "2026-04-29 07:49:04", "last_seen_utc": null, "confidence_level": 50, "is_compromised": false, "reference": "", "tags": "ProxyBox,Socks5 Systemz", "anonymous": "0", "reporter": "whoamix302" } ], "1801976": [ { "ioc_value": "31.56.209.119:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remcos", "malware_alias": "RemcosRAT,Remvio,Socmer", "malware_printable": "Remcos", "first_seen_utc": "2026-04-29 07:49:03", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "Remcos,RemcosRAT,Remvio,Socmer", "anonymous": "0", "reporter": "whoamix302" } ], "1801975": [ { "ioc_value": "31.57.38.106:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remcos", "malware_alias": "RemcosRAT,Remvio,Socmer", "malware_printable": "Remcos", "first_seen_utc": "2026-04-29 07:49:01", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "Remcos,RemcosRAT,Remvio,Socmer", "anonymous": "0", "reporter": "whoamix302" } ], "1801977": [ { "ioc_value": "154.41.194.67:6379", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.extreme_rat", "malware_alias": "ExtRat", "malware_printable": "Xtreme RAT", "first_seen_utc": "2026-04-29 07:49:01", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "", "tags": "ExtRat,Xtreme RAT", "anonymous": "0", "reporter": "whoamix302" } ], "1801992": [ { "ioc_value": "193.181.46.11:8000", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.vjw0rm", "malware_alias": null, "malware_printable": "Vjw0rm", "first_seen_utc": "2026-04-29 07:45:34", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "Vjw0rm", "anonymous": "0", "reporter": "abuse_ch" } ], "1801988": [ { "ioc_value": "48.220.32.238:1177", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.njrat", "malware_alias": "Bladabindi,Lime-Worm", "malware_printable": "NjRAT", "first_seen_utc": "2026-04-29 07:45:21", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NjRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801754": [ { "ioc_value": "64.190.113.73:80", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "js.mints_loader", "malware_alias": null, "malware_printable": "MintsLoader", "first_seen_utc": "2026-04-28 17:02:19", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/eebc648bb20b752b74fc2d6e2577a1e7b6c940e6a410a880934f9773a1331fe9/", "tags": "dropped-by-KongTuke,MintsLoader", "anonymous": "0", "reporter": "abuse_ch" } ], "1801747": [ { "ioc_value": "23.95.62.25:7070", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remcos", "malware_alias": "RemcosRAT,Remvio,Socmer", "malware_printable": "Remcos", "first_seen_utc": "2026-04-28 16:50:40", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/0f0b92a937983eb9d9d622978d7192bb6c94d4923adebd162305bdff00367190/", "tags": "remcos", "anonymous": "0", "reporter": "abuse_ch" } ], "1801717": [ { "ioc_value": "154.240.183.11:4433", "ioc_type": "ip:port", "threat_type": "payload_delivery", "malware": "unknown", "malware_alias": null, "malware_printable": "Unknown malware", "first_seen_utc": "2026-04-28 16:42:42", "last_seen_utc": null, "confidence_level": 85, "is_compromised": false, "reference": null, "tags": "AppDomainManager,bounceme-net,commodity-rev-shell,JscLoader", "anonymous": "0", "reporter": "Lenny_3BO" } ], "1801721": [ { "ioc_value": "154.240.183.11:53", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "unknown", "malware_alias": null, "malware_printable": "Unknown malware", "first_seen_utc": "2026-04-28 16:42:39", "last_seen_utc": null, "confidence_level": 90, "is_compromised": false, "reference": null, "tags": "AppDomainManager,bounceme-net,commodity-rev-shell,JscLoader", "anonymous": "0", "reporter": "Lenny_3BO" } ], "1801722": [ { "ioc_value": "154.240.183.11:8080", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "unknown", "malware_alias": null, "malware_printable": "Unknown malware", "first_seen_utc": "2026-04-28 16:42:38", "last_seen_utc": null, "confidence_level": 80, "is_compromised": false, "reference": null, "tags": "AppDomainManager,bounceme-net,commodity-rev-shell,JscLoader", "anonymous": "0", "reporter": "Lenny_3BO" } ], "1801572": [ { "ioc_value": "104.105.69.73:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:18", "last_seen_utc": "2026-04-28 14:55:43", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801574": [ { "ioc_value": "104.105.69.51:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:18", "last_seen_utc": "2026-04-28 14:03:26", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801575": [ { "ioc_value": "104.105.69.37:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:17", "last_seen_utc": "2026-04-28 14:38:58", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801577": [ { "ioc_value": "104.105.69.71:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:16", "last_seen_utc": "2026-04-28 14:22:44", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801584": [ { "ioc_value": "104.105.69.76:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:09", "last_seen_utc": "2026-04-28 14:17:17", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801587": [ { "ioc_value": "104.105.69.50:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:08", "last_seen_utc": "2026-04-28 15:00:57", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801590": [ { "ioc_value": "104.105.69.40:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:07", "last_seen_utc": "2026-04-28 13:47:42", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801593": [ { "ioc_value": "104.105.69.22:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:04", "last_seen_utc": "2026-04-28 14:44:54", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801599": [ { "ioc_value": "104.105.69.19:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:02", "last_seen_utc": "2026-04-28 14:50:16", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801601": [ { "ioc_value": "104.105.69.24:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 16:42:00", "last_seen_utc": "2026-04-28 14:33:36", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801684": [ { "ioc_value": "192.253.248.10:8099", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "unknown", "malware_alias": null, "malware_printable": "Unknown malware", "first_seen_utc": "2026-04-28 16:41:31", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "AS213790,Limited Network LTD,unam", "anonymous": "0", "reporter": "antiphishorg" } ], "1801616": [ { "ioc_value": "8.222.225.32:7777", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.valley_rat", "malware_alias": "Winos", "malware_printable": "ValleyRAT", "first_seen_utc": "2026-04-28 14:05:28", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "RAT,ValleyRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801615": [ { "ioc_value": "137.220.134.149:7799", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.valley_rat", "malware_alias": "Winos", "malware_printable": "ValleyRAT", "first_seen_utc": "2026-04-28 14:05:27", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "RAT,ValleyRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801614": [ { "ioc_value": "47.237.95.113:6523", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.valley_rat", "malware_alias": "Winos", "malware_printable": "ValleyRAT", "first_seen_utc": "2026-04-28 14:05:24", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "RAT,ValleyRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801612": [ { "ioc_value": "172.111.232.230:29810", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remcos", "malware_alias": "RemcosRAT,Remvio,Socmer", "malware_printable": "Remcos", "first_seen_utc": "2026-04-28 14:05:16", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "RAT,RemcosRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801611": [ { "ioc_value": "129.151.142.36:5725", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.njrat", "malware_alias": "Bladabindi,Lime-Worm", "malware_printable": "NjRAT", "first_seen_utc": "2026-04-28 14:05:13", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "NjRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801610": [ { "ioc_value": "64.188.64.38:6001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.asyncrat", "malware_alias": null, "malware_printable": "AsyncRAT", "first_seen_utc": "2026-04-28 14:05:09", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "AsyncRAT,RAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801588": [ { "ioc_value": "13.233.224.203:3001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.quasar_rat", "malware_alias": "CinaRAT,QuasarRAT,Yggdrasil", "malware_printable": "Quasar RAT", "first_seen_utc": "2026-04-28 13:20:42", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/9703a4c17ec31daea75aed1039caab89444337a645968c181c738c49595c868f/", "tags": "quasar", "anonymous": "0", "reporter": "abuse_ch" } ], "1801539": [ { "ioc_value": "138.199.246.59:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.vidar", "malware_alias": null, "malware_printable": "Vidar", "first_seen_utc": "2026-04-28 11:50:00", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "Vidar", "anonymous": "0", "reporter": "crep1x" } ], "1801540": [ { "ioc_value": "162.55.89.244:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.vidar", "malware_alias": null, "malware_printable": "Vidar", "first_seen_utc": "2026-04-28 11:50:00", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "Vidar", "anonymous": "0", "reporter": "crep1x" } ], "1801541": [ { "ioc_value": "136.243.169.148:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.vidar", "malware_alias": null, "malware_printable": "Vidar", "first_seen_utc": "2026-04-28 11:50:00", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "Vidar", "anonymous": "0", "reporter": "crep1x" } ], "1801542": [ { "ioc_value": "136.243.116.27:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.vidar", "malware_alias": null, "malware_printable": "Vidar", "first_seen_utc": "2026-04-28 11:50:00", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "Vidar", "anonymous": "0", "reporter": "crep1x" } ], "1801543": [ { "ioc_value": "136.243.87.142:443", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.vidar", "malware_alias": null, "malware_printable": "Vidar", "first_seen_utc": "2026-04-28 11:50:00", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "", "tags": "Vidar", "anonymous": "0", "reporter": "crep1x" } ], "1801498": [ { "ioc_value": "104.248.198.130:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 10:16:07", "last_seen_utc": "2026-04-29 09:17:51", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801503": [ { "ioc_value": "134.209.93.191:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 10:16:06", "last_seen_utc": "2026-04-28 12:37:00", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801502": [ { "ioc_value": "31.56.209.120:4764", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.remcos", "malware_alias": "RemcosRAT,Remvio,Socmer", "malware_printable": "Remcos", "first_seen_utc": "2026-04-28 09:22:27", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": "https://www.virustotal.com/gui/ip-address/31.56.209.120/community", "tags": "Remcos", "anonymous": "0", "reporter": "TomU" } ], "1801483": [ { "ioc_value": "206.189.11.23:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 09:01:11", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801490": [ { "ioc_value": "64.225.78.190:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 09:01:09", "last_seen_utc": null, "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801496": [ { "ioc_value": "174.138.9.203:25001", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "apk.kimwolf", "malware_alias": null, "malware_printable": "Kimwolf", "first_seen_utc": "2026-04-28 09:01:09", "last_seen_utc": "2026-04-29 09:07:55", "confidence_level": 100, "is_compromised": false, "reference": null, "tags": "c2,Kimwolf", "anonymous": "0", "reporter": "Bitsight" } ], "1801495": [ { "ioc_value": "18.162.186.253:8880", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.valley_rat", "malware_alias": "Winos", "malware_printable": "ValleyRAT", "first_seen_utc": "2026-04-28 08:55:30", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/f5d060371b578b82b64d4c97dc921ac39bfd40813e09cdaf8fc60822c2bfe707/", "tags": "RAT,ValleyRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801481": [ { "ioc_value": "95.40.189.27:886", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.valley_rat", "malware_alias": "Winos", "malware_printable": "ValleyRAT", "first_seen_utc": "2026-04-28 08:39:16", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/e44b255a40a4f93eaee602df44bfbc37f87c3c9e8114b581158ce035bce11f22/", "tags": "RAT,ValleyRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801480": [ { "ioc_value": "43.248.172.30:56310", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.valley_rat", "malware_alias": "Winos", "malware_printable": "ValleyRAT", "first_seen_utc": "2026-04-28 08:37:53", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/bf35bfdb2f4fce37e932d42eee556b89c1799c86d2f1f9ebaeedbea18c38237b/", "tags": "RAT,ValleyRAT", "anonymous": "0", "reporter": "abuse_ch" } ], "1801477": [ { "ioc_value": "156.247.51.70:56310", "ioc_type": "ip:port", "threat_type": "botnet_cc", "malware": "win.valley_rat", "malware_alias": "Winos", "malware_printable": "ValleyRAT", "first_seen_utc": "2026-04-28 08:35:19", "last_seen_utc": null, "confidence_level": 75, "is_compromised": false, "reference": "https://bazaar.abuse.ch/sample/5af6b3b7d269d548c6e750424c45c6e9e34495b750a7e889bded7f0842efde12/", "tags": "RAT,ValleyRAT", "anonymous": "0", "reporter": "abuse_ch" } ] }