ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://github.com/charlie-60/R/raw/refs/heads/main/MasonRootkit.exe.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1779136
IOC: https://github.com/charlie-60/R/raw/refs/heads/main/MasonRootkit.exe
IOC Type :url
Threat Type :payload_delivery
Malware: Unknown RAT
Confidence Level : Confidence level is high (100%)
Is compromised? : False
ASN:AS36459 GITHUB
Country:- US
First seen:2026-03-30 16:50:00 UTC
Last seen:never
UUID:7f8d5cf8-2c55-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:Github MasonRAT NeptuneRAT
Reference: https://www.virustotal.com/gui/file/201c7138b7860449c1fe05701a3f15dfe2339d595e33f9df7d63a80d57d3e39d

Avatar
Lenny_3BO
NeptuneRAT V2 MasonRAT payload URLs. (1) Steganography PNG with .NET assembly in R-channel pixels (76bh account deleted). (2) MasonRootkit stage 2 (charlie-60 account deleted). (3) Defender disable bat (ninhpn1337, still live).