################################################################ # ThreatFox IOCs: recent additions - CSV format # # Last updated: 2025-09-27 21:10:06 UTC # # # # Terms Of Use: https://threatfox.abuse.ch/faq/#tos # # For questions please contact threatfox [at] abuse.ch # ################################################################ # # "first_seen_utc","ioc_id","ioc_value","ioc_type","threat_type","fk_malware","malware_alias","malware_printable","last_seen_utc","confidence_level","reference","tags","anonymous","reporter" "2025-09-27 21:10:06", "1602890", "w4.e-72t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 20:30:04", "1602880", "http://a1164989.xsph.ru/46a6a560.php", "url", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "None", "DCRat,RAT", "0", "abuse_ch" "2025-09-27 20:16:35", "1602877", "d.e-72t.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 20:02:12", "1602875", "69.164.203.46:80", "ip:port", "botnet_cc", "win.empire_downloader", "None", "Empire Downloader", "", "100", "https://search.censys.io/hosts/69.164.203.46", "AKAMAI-LINODE-AP,AS63949,C2,censys,PowershellEmpire", "0", "DonPasci" "2025-09-27 20:01:36", "1602873", "95.182.98.119:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "", "100", "https://search.censys.io/hosts/95.182.98.119", "AS56971,C2,censys,Hookbot", "0", "DonPasci" "2025-09-27 20:01:36", "1602874", "188.132.197.209:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-27 21:00:03", "100", "https://search.censys.io/hosts/188.132.197.209", "AS212219,C2,censys,Hookbot,HOSTINGDUNYAM", "0", "DonPasci" "2025-09-27 20:01:28", "1602872", "43.156.58.35:8888", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/43.156.58.35", "AS132203,C2,censys,Supershell,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-09-27 20:01:15", "1602870", "212.83.139.101:443", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/212.83.139.101", "AS12876,C2,censys,Online,RAT,Remcos", "0", "DonPasci" "2025-09-27 20:01:15", "1602871", "107.172.135.31:14647", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/107.172.135.31", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-09-27 20:01:14", "1602869", "192.159.99.232:1000", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://search.censys.io/hosts/192.159.99.232", "AS210558,C2,censys,RAT,Remcos,SERVICES-1337-GMBH", "0", "DonPasci" "2025-09-27 20:00:55", "1602868", "38.54.85.195:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/38.54.85.195", "AS138915,C2,censys,CobaltStrike,cs-watermark-426352781,KAOPU-HK", "0", "DonPasci" "2025-09-27 20:00:51", "1602867", "47.122.63.148:45981", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.122.63.148", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-27 20:00:50", "1602865", "47.122.144.211:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/47.122.144.211", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-27 20:00:50", "1602866", "106.55.249.36:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/106.55.249.36", "AS45090,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP", "0", "DonPasci" "2025-09-27 19:51:21", "1602862", "t1.u-97w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 20:01:40", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 19:47:14", "1602860", "at.hmvu4.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 21:10:24", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 19:45:08", "1602858", "45.74.34.32:2025", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "100", "None", "PureLogsStealer", "0", "abuse_ch" "2025-09-27 19:37:18", "1602857", "qz9.u-97w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 19:46:32", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 18:56:20", "1602854", "v2.u-97w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 18:59:58", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 18:47:57", "1602852", "70.27.138.170:2222", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-27 21:47:29", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-09-27 18:47:14", "1602851", "45.150.128.160:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:46:46", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-09-27 18:45:09", "1602849", "173.212.202.8:8329", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-09-27 21:44:54", "75", "None", "AdaptixC2,drb-ra", "0", "abuse_ch" "2025-09-27 18:44:21", "1602848", "144.124.234.178:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2025-09-27 21:44:12", "75", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-09-27 18:35:41", "1602847", "k.u-97w.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 18:47:13", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 18:17:21", "1602844", "t1.a-311.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 18:22:03", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 18:05:05", "1602842", "46.173.214.102:42873", "ip:port", "botnet_cc", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "100", "None", "AurotunStealer", "0", "abuse_ch" "2025-09-27 18:02:03", "1602841", "conference-plate.gl.at.ply.gg", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "https://tria.ge/250927-wb67aswycz", "C2,domain,neptunerat,rat,triage", "0", "DonPasci" "2025-09-27 18:00:58", "1602839", "kingstare-54289.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250927-r4xfcatsfx", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-27 18:00:58", "1602840", "insurance-scuba.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250927-pzznsscm21", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-27 17:58:21", "1602837", "qz9.a-311.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 17:35:58", "1602835", "am.dgzy1.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 19:37:41", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 17:00:41", "1602834", "v2.a-311.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 16:50:07", "1602831", "31.57.97.59:505", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-27 16:40:04", "1602830", "193.161.193.99:30380", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-09-27 16:35:43", "1602829", "185.93.89.99:4782", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "75", "https://bazaar.abuse.ch/sample/185d92e8ee31230a74abe140ba20b40269531c3cb6de4aa297e2f4aa5ca96393/", "quasar", "0", "abuse_ch" "2025-09-27 16:35:09", "1602828", "k.a-311.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 16:19:13", "1602823", "g4.a-144.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 16:22:47", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 16:02:33", "1602819", "83.136.255.114:8000", "ip:port", "botnet_cc", "win.mimikatz", "None", "MimiKatz", "", "100", "https://search.censys.io/hosts/83.136.255.114", "AS202053,C2,censys,hacktool,Mimikatz,open-dir,UPCLOUD", "0", "DonPasci" "2025-09-27 16:02:13", "1602818", "84.27.86.226:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-27 21:47:46", "100", "https://search.censys.io/hosts/84.27.86.226", "AS33915,C2,censys,Netsupport,RAT,TNF-AS", "0", "DonPasci" "2025-09-27 16:02:12", "1602817", "56.124.56.70:48950", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-27 21:47:17", "100", "https://search.censys.io/hosts/56.124.56.70", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-09-27 16:02:09", "1602816", "179.111.199.50:7000", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/179.111.199.50", "AS27699,C2,censys,RAT,TELEFONICA,Venom", "0", "DonPasci" "2025-09-27 16:02:08", "1602813", "23.227.199.67:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.199.67", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-09-27 16:02:08", "1602814", "23.227.199.58:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "", "100", "https://search.censys.io/hosts/23.227.199.58", "AS29802,C2,censys,Havoc,HVC-AS", "0", "DonPasci" "2025-09-27 16:02:08", "1602815", "157.245.109.89:8081", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:44:26", "100", "https://search.censys.io/hosts/157.245.109.89", "AS14061,C2,censys,DIGITALOCEAN-ASN,Havoc", "0", "DonPasci" "2025-09-27 16:02:04", "1602812", "37.97.133.245:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-27 21:46:31", "100", "https://search.censys.io/hosts/37.97.133.245", "AS20857,C2,censys,Mythic,TRANSIP-AS", "0", "DonPasci" "2025-09-27 16:01:44", "1602810", "196.57.129.61:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:45:49", "100", "https://search.censys.io/hosts/196.57.129.61", "AS58065,C2,censys,PACKETEXCHANGE,RAT,Remcos", "0", "DonPasci" "2025-09-27 16:01:44", "1602811", "196.57.129.62:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:45:49", "100", "https://search.censys.io/hosts/196.57.129.62", "AS58065,C2,censys,PACKETEXCHANGE,RAT,Remcos", "0", "DonPasci" "2025-09-27 16:01:40", "1602809", "143.92.37.160:443", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://search.censys.io/hosts/143.92.37.160", "AS152194,C2,censys,CTGSERVERLIMITED-AS-AP,Gh0st,RAT", "0", "DonPasci" "2025-09-27 16:01:09", "1602808", "pm7.a-144.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 15:34:16", "1602805", "k4.a-144.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 15:38:53", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 15:18:08", "1602803", "y.a-144.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 14:58:56", "1602800", "z3.u-251.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 15:02:13", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 14:54:13", "1602791", "jo.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:12", "1602789", "g.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 13:30:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:11", "1602792", "bx.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:11", "1602793", "jn.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 14:21:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:10", "1602795", "ak.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 14:37:55", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:54:10", "1602797", "er.qekz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 14:50:50", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 14:50:50", "1602798", "qm9.u-251.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 14:37:55", "1602796", "u1.u-251.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 14:21:44", "1602794", "h.u-251.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 13:30:15", "1602790", "r2.o-096.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 13:20:03", "1602787", "n.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 13:19:29", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 13:19:29", "1602788", "wq9.o-096.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 13:07:16", "1602786", "c7.o-096.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 13:04:42", "1602785", "wz.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 13:07:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 13:00:05", "1602783", "144.31.193.106:443", "ip:port", "payload_delivery", "js.fakeupdates", "FakeUpdate,GhoLoader,SocGholish", "FAKEUPDATES", "", "100", "None", "SocGholish", "0", "threatcat_ch" "2025-09-27 13:00:05", "1602784", "sc.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:51:28", "1602782", "43.240.239.142:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:41", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-27 12:51:13", "1602781", "3.99.181.67:443", "ip:port", "botnet_cc", "win.meterpreter", "None", "Meterpreter", "2025-09-27 21:49:30", "75", "None", "drb-ra,Metasploit,Meterpreter", "0", "abuse_ch" "2025-09-27 12:50:50", "1602780", "156.234.36.252:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:13", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-27 12:50:49", "1602778", "156.234.214.178:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:13", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-27 12:50:49", "1602779", "156.234.214.180:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:13", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-27 12:46:48", "1602770", "wl.xabz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 12:19:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:45:46", "1602777", "wzlive.support", "domain", "botnet_cc", "unknown_rat", "None", "Unknown RAT", "", "100", "", "ConnectWise,ScreenConnect", "0", "abuse_ch" "2025-09-27 12:45:08", "1602776", "91.92.240.130:6000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-27 12:40:03", "1602775", "193.23.3.29:8590", "ip:port", "botnet_cc", "win.njrat", "Bladabindi,Lime-Worm", "NjRAT", "", "100", "None", "NjRAT", "0", "abuse_ch" "2025-09-27 12:24:48", "1602774", "koadbzmlqiyr.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "", "RAT,ValleyRAT", "0", "abuse_ch" "2025-09-27 12:24:31", "1602773", "18.180.69.63:670", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "75", "https://bazaar.abuse.ch/sample/bd637efb8b5d0d620e4dc9bcd3d596b8da685116dcd9ab122bedd369fb912a94/", "RAT,ValleyRAT", "0", "abuse_ch" "2025-09-27 12:24:09", "1602772", "hdwyebwfvjs.cn", "domain", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "2025-09-27 12:24:48", "100", "https://bazaar.abuse.ch/sample/bd637efb8b5d0d620e4dc9bcd3d596b8da685116dcd9ab122bedd369fb912a94/", "RAT,ValleyRAT", "0", "abuse_ch" "2025-09-27 12:19:57", "1602771", "n.o-096.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 12:07:42", "1602769", "m7.e-783.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 12:06:35", "1602685", "0b.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 07:10:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:34", "1602694", "gz.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 08:48:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:34", "1602705", "xq.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 08:58:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:34", "1602707", "pc.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:04:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:33", "1602708", "bm.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:30:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:33", "1602710", "4j.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:45:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:32", "1602714", "dn.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 10:40:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:32", "1602718", "16.mynq.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 10:44:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:31", "1602721", "ts.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:00:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:30", "1602723", "8f.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:09:59", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:30", "1602747", "vl.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:53:21", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:29", "1602745", "5q.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:42:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:06:29", "1602764", "b5.lexz.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 12:07:42", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 12:01:48", "1602762", "118.190.204.245:81", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250927-hb3l8afl7t", "AS37963,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-27 12:01:48", "1602763", "118.190.204.245:91", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250927-hb3l8afl7t", "AS37963,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-27 12:01:47", "1602761", "118.190.204.245:71", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250927-hb3l8afl7t", "AS37963,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-27 12:01:29", "1602760", "http://91.92.240.18", "url", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://tria.ge/250927-lv6prsyrt2", "C2,stealc,stealer,triage", "0", "DonPasci" "2025-09-27 12:01:28", "1602759", "139.28.36.95:8080", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://search.censys.io/hosts/139.28.36.95", "AS47987,C2,censys,DELTAHOST-KYIV,open-dir,Xworm", "0", "DonPasci" "2025-09-27 12:01:05", "1602758", "maps-scoop.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250927-ha6x9afl2z", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-27 12:01:04", "1602757", "38.54.12.47:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:46:34", "100", "https://search.censys.io/hosts/38.54.12.47", "AS138915,C2,censys,Havoc,KAOPU-HK", "0", "DonPasci" "2025-09-27 12:01:02", "1602756", "181.162.150.192:8080", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://search.censys.io/hosts/181.162.150.192", "AS7418,C2,censys,Quasar,RAT,TELEFONICA", "0", "DonPasci" "2025-09-27 12:00:55", "1602755", "157.230.173.109:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-27 21:44:26", "100", "https://search.censys.io/hosts/157.230.173.109", "AS14061,AsyncRAT,C2,censys,DIGITALOCEAN-ASN,RAT", "0", "DonPasci" "2025-09-27 12:00:54", "1602754", "196.251.114.28:2004", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-27 21:45:43", "100", "https://search.censys.io/hosts/196.251.114.28", "AS401116,AsyncRAT,C2,censys,NYBULA,RAT", "0", "DonPasci" "2025-09-27 12:00:42", "1602753", "107.172.44.179:14645", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:43:45", "100", "https://search.censys.io/hosts/107.172.44.179", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-09-27 12:00:41", "1602752", "91.193.7.162:6513", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:47:53", "100", "https://search.censys.io/hosts/91.193.7.162", "AS9009,C2,censys,M247,RAT,Remcos", "0", "DonPasci" "2025-09-27 12:00:38", "1602751", "103.86.47.130:80", "ip:port", "botnet_cc", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "100", "https://search.censys.io/hosts/103.86.47.130", "AS138195,C2,censys,Gh0st,MOACKCOLTD-AS-AP,RAT", "0", "DonPasci" "2025-09-27 12:00:20", "1602750", "43.156.63.124:65535", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/43.156.63.124", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-09-27 12:00:19", "1602749", "123.249.112.71:8080", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/123.249.112.71", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-09-27 12:00:18", "1602748", "113.44.168.133:58626", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/113.44.168.133", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-09-27 11:42:00", "1602746", "tq1.e-783.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 11:53:21", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 11:10:42", "1602740", "hyduwkvd.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:42", "1602741", "ydobniudivan.ru", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:42", "1602742", "hatsalnm.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:42", "1602743", "ebuinwgs.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:42", "1602744", "synrxvtd.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602733", "assalafuz.lat", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602734", "unshyqov.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602735", "inchapxe.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602736", "bloodydi.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602737", "aegiqlfb.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602738", "paleatgh.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:41", "1602739", "ligmfbx.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:40", "1602730", "secrequ.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:40", "1602731", "delazvf.forum", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:40", "1602732", "orinacg.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:39", "1602729", "builie.top", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:37", "1602726", "gregmhy.lol", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:37", "1602727", "sacrakyf.xin", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:37", "1602728", "actmwtn.my", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:10:36", "1602725", "neighll.click", "domain", "botnet_cc", "win.lumma", "LummaC2 Stealer", "Lumma Stealer", "", "100", "", "c2,domain,lumma,stealer", "0", "DonPasci" "2025-09-27 11:09:59", "1602724", "b2.e-783.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 11:00:09", "1602722", "x.e-783.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 10:41:43", "1602720", "136.0.141.91:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.vmray.com/analyses/_vt/a57de014a0d1/report/overview.html", "AS149440,c2,EVOXTENTERPRISE-AS-AP,Rhadamanthys,stealer,vmray", "0", "DonPasci" "2025-09-27 10:40:47", "1602719", "e1.u-989.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 10:44:19", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 10:39:13", "1602717", "136.0.141.245:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1785137/0/html", "AS149440,c2,EVOXTENTERPRISE-AS-AP,joesandbox,Rhadamanthys,stealer", "0", "DonPasci" "2025-09-27 10:36:14", "1602716", "bigstepix.shop", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "", "c2,domain,Rhadamanthys,stealer", "0", "DonPasci" "2025-09-27 10:31:34", "1602715", "151.243.18.194:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1784308/0/html", "AS207043,c2,DEDIK-IO,joesandbox,Rhadamanthys", "0", "DonPasci" "2025-09-27 10:29:01", "1602713", "lgbtmeme.shop", "domain", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1784034/0/html", "c2,domain,joesandbox,Rhadamanthys,stealer", "0", "DonPasci" "2025-09-27 10:28:13", "1602712", "64.188.91.173:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.joesandbox.com/analysis/1784034/0/html", "AS215730,c2,H2NEXUS-AS,joesandbox,Rhadamanthys,stealer", "0", "DonPasci" "2025-09-27 10:23:34", "1602711", "193.84.71.81:443", "ip:port", "botnet_cc", "win.rhadamanthys", "None", "Rhadamanthys", "", "100", "https://www.vmray.com/analyses/_vt/64ec658ea161/report/overview.html", "AS48753,AVAHOHST,c2,Rhadamanthys,stealer,vmray", "0", "DonPasci" "2025-09-27 09:30:43", "1602709", "qk2.u-989.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:45:19", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 08:58:28", "1602706", "u5.u-989.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 09:04:17", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 08:48:42", "1602704", "99.83.215.169:8126", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-09-27 21:48:05", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-09-27 08:48:27", "1602703", "r.u-989.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 08:47:52", "1602702", "60.204.225.69:40056", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:47:19", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-09-27 08:47:24", "1602700", "45.66.249.68:443", "ip:port", "botnet_cc", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "2025-09-27 21:46:49", "75", "None", "Broomstick,drb-ra,Oyster", "0", "abuse_ch" "2025-09-27 08:47:24", "1602701", "45.66.249.68:80", "ip:port", "botnet_cc", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "2025-09-27 21:46:49", "75", "None", "Broomstick,drb-ra,Oyster", "0", "abuse_ch" "2025-09-27 08:46:55", "1602699", "34.202.169.107:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-09-27 21:46:25", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-09-27 08:45:20", "1602698", "178.16.55.52:443", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-09-27 21:44:59", "75", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2025-09-27 08:44:37", "1602697", "154.214.45.42:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-09-27 21:44:24", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-09-27 08:44:25", "1602696", "146.103.116.153:443", "ip:port", "botnet_cc", "win.eye_pyramid", "None", "Eye Pyramid", "2025-09-27 21:44:13", "75", "None", "drb-ra,EyePyramid", "0", "abuse_ch" "2025-09-27 08:44:18", "1602695", "139.84.133.84:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:44:07", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-09-27 08:02:08", "1602692", "147.45.45.130:3232", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "100", "https://search.censys.io/hosts/147.45.45.130", "AS215826,C2,censys,DcRAT,PARTNER-HOSTING-LTD,RAT", "0", "DonPasci" "2025-09-27 08:02:08", "1602693", "104.194.154.161:7000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-27 21:43:29", "100", "https://search.censys.io/hosts/104.194.154.161", "AS14956,C2,censys,DcRAT,RAT,ROUTERHOSTING", "0", "DonPasci" "2025-09-27 08:01:29", "1602691", "141.255.162.250:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/141.255.162.250", "AS51852,C2,censys,PLI-AS,RAT,Sectop", "0", "DonPasci" "2025-09-27 08:01:12", "1602689", "166.88.117.240:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:44:40", "100", "https://search.censys.io/hosts/166.88.117.240", "AS149440,C2,censys,EVOXTENTERPRISE-AS-AP,RAT,Remcos", "0", "DonPasci" "2025-09-27 08:01:12", "1602690", "18.222.233.217:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:45:09", "100", "https://search.censys.io/hosts/18.222.233.217", "AMAZON-02,AS16509,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-09-27 08:00:18", "1602688", "109.205.213.121:4444", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:48:36", "100", "https://search.censys.io/hosts/109.205.213.121", "AS19318,C2,censys,CobaltStrike,cs-watermark-987654321,IS-AS-1", "0", "DonPasci" "2025-09-27 08:00:17", "1602687", "124.70.6.252:2222", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "https://search.censys.io/hosts/124.70.6.252", "AS55990,C2,censys,CobaltStrike,cs-watermark-987654321,HWCSNET", "0", "DonPasci" "2025-09-27 07:10:57", "1602686", "k7.u-885.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 06:02:40", "1602682", "45.192.219.19:8520", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250927-gmn3jas1e1", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-27 06:02:40", "1602683", "45.192.219.19:8521", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250927-gmn3jas1e1", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-27 06:02:40", "1602684", "45.192.219.19:8522", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250927-gmn3jas1e1", "AS138995,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-27 06:02:39", "1602681", "103.176.197.131:90", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250927-fbc1fscm31", "AS152156,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-27 06:00:35", "1602680", "91.226.72.245:7000", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250927-ec6hqazthy", "AS44709,C2,triage,xworm", "0", "DonPasci" "2025-09-27 05:47:02", "1602331", "media-kg.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-vpt88acp3z/behavioral1", "None", "0", "burger" "2025-09-27 05:47:02", "1602354", "62.164.177.249:443", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "100", "", "None", "0", "tanner" "2025-09-27 05:47:01", "1602613", "91.235.116.149:34241", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "Mirai", "0", "elfdigest" "2025-09-27 05:47:01", "1602622", "205.185.125.97:1999", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-09-27 12:20:10", "100", "None", "Mirai", "0", "elfdigest" "2025-09-27 05:44:59", "1602678", "111.231.168.28:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-27 05:44:59", "1602679", "43.166.246.26:8001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 20:00:55", "100", "None", "CobaltStrike,cs-watermark-426352781", "0", "abuse_ch" "2025-09-27 05:44:33", "1602677", "39.100.91.204:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-666666666", "0", "abuse_ch" "2025-09-27 05:44:32", "1602676", "8.133.198.27:8888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-09-27 05:30:14", "1602675", "aa9.u-885.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 05:29:52", "1602674", "0.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 05:30:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 05:20:11", "1602673", "g.u-885.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 04:53:35", "1602672", "o.nybk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 05:20:11", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 04:40:02", "1602671", "103.176.197.131:53", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "None", "RAT,ValleyRAT", "0", "abuse_ch" "2025-09-27 04:38:47", "1602670", "t1.i-215.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 04:37:15", "1602669", "3.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 04:38:47", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 04:10:04", "1602668", "158.94.208.167:2830", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-27 04:02:20", "1602667", "200.91.114.156:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-27 21:45:56", "100", "https://search.censys.io/hosts/200.91.114.156", "AS11830,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:02:11", "1602666", "66.111.113.34:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/66.111.113.34", "AS36728,censys,EMERYTELCOM,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-27 04:02:10", "1602665", "13.235.243.108:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/13.235.243.108", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-27 04:02:09", "1602663", "82.97.247.192:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/82.97.247.192", "AS9123,censys,GoPhish,Phishing,TIMEWEB-AS", "0", "dyingbreeds_" "2025-09-27 04:02:09", "1602664", "79.110.49.101:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/79.110.49.101", "AS399486,censys,GoPhish,Phishing,VIRTUO", "0", "dyingbreeds_" "2025-09-27 04:02:08", "1602661", "134.209.116.82:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/134.209.116.82", "AS14061,censys,DIGITALOCEAN-ASN,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-27 04:02:08", "1602662", "38.60.227.149:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/38.60.227.149", "AS138915,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-27 04:02:07", "1602657", "216.238.83.248:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/216.238.83.248", "AS-VULTR,AS20473,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-27 04:02:07", "1602658", "49.12.70.16:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/49.12.70.16", "AS24940,censys,GoPhish,HETZNER-AS,Phishing", "0", "dyingbreeds_" "2025-09-27 04:02:07", "1602659", "94.74.91.97:80", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/94.74.91.97", "AS136907,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-27 04:02:07", "1602660", "18.207.151.246:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.207.151.246", "AMAZON-AES,AS14618,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-27 04:02:06", "1602655", "101.200.73.39:5555", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/101.200.73.39", "AS37963,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-27 04:02:06", "1602656", "194.135.16.156:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.135.16.156", "AS212278,censys,GoPhish,KRAUD-AS,Phishing", "0", "dyingbreeds_" "2025-09-27 04:01:17", "1602653", "194.103.16.93:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/194.103.16.93", "AS57630,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:17", "1602654", "121.138.241.187:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/121.138.241.187", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:16", "1602649", "205.151.118.84:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/205.151.118.84", "AS22639,Botnet,byob,C2,censys,COOPTEL-AS-01", "0", "dyingbreeds_" "2025-09-27 04:01:16", "1602650", "211.48.115.218:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/211.48.115.218", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:16", "1602651", "108.170.164.187:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/108.170.164.187", "AS40788,Botnet,byob,C2,censys,MULTIB-40788", "0", "dyingbreeds_" "2025-09-27 04:01:16", "1602652", "59.31.224.135:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/59.31.224.135", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:15", "1602645", "85.134.22.191:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/85.134.22.191", "AS24751,Botnet,byob,C2,censys,MULTIFI-AS", "0", "dyingbreeds_" "2025-09-27 04:01:15", "1602646", "104.158.99.66:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/104.158.99.66", "AS54198,Botnet,byob,C2,censys,VIANET", "0", "dyingbreeds_" "2025-09-27 04:01:15", "1602647", "223.122.253.227:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/223.122.253.227", "AS137872,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:15", "1602648", "161.97.245.42:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/161.97.245.42", "AS393552,Botnet,byob,C2,censys,COL-LPC", "0", "dyingbreeds_" "2025-09-27 04:01:14", "1602641", "1.174.116.5:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/1.174.116.5", "AS3462,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:14", "1602642", "213.157.164.209:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/213.157.164.209", "AS8708,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:14", "1602643", "64.5.73.221:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/64.5.73.221", "AS32867,Botnet,byob,C2,censys,LLI-BLK1", "0", "dyingbreeds_" "2025-09-27 04:01:14", "1602644", "213.50.26.192:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/213.50.26.192", "AS1257,Botnet,byob,C2,censys,TELE2", "0", "dyingbreeds_" "2025-09-27 04:01:13", "1602637", "59.22.119.248:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/59.22.119.248", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:13", "1602638", "211.218.253.112:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/211.218.253.112", "AS4766,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:13", "1602639", "89.253.80.180:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/89.253.80.180", "AS33885,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-27 04:01:13", "1602640", "24.200.62.236:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/24.200.62.236", "AS5769,Botnet,byob,C2,censys,VIDEOTRON", "0", "dyingbreeds_" "2025-09-27 04:01:12", "1602636", "162.255.177.239:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/162.255.177.239", "AS22060,Botnet,byob,C2,censys,NETSPECTRUM", "0", "dyingbreeds_" "2025-09-27 04:01:11", "1602635", "185.123.102.33:29852", "ip:port", "botnet_cc", "win.ares", "None", "Ares", "", "90", "https://search.censys.io/hosts/185.123.102.33", "AS59711,C2,censys,HZ-EU-AS,RAT", "0", "dyingbreeds_" "2025-09-27 04:00:57", "1602634", "85.192.48.217:9812", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-09-27 04:01:01", "100", "https://search.censys.io/hosts/85.192.48.217", "AS215730,C2,censys,H2NEXUS-AS,Quasar,RAT", "0", "DonPasci" "2025-09-27 04:00:51", "1602633", "213.176.18.51:9999", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-27 21:46:06", "100", "https://search.censys.io/hosts/213.176.18.51", "AS215540,AsyncRAT,C2,censys,GCS-AS,RAT", "0", "DonPasci" "2025-09-27 04:00:42", "1602632", "20.162.118.231:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-27 21:45:54", "100", "https://search.censys.io/hosts/20.162.118.231", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,Sliver", "0", "DonPasci" "2025-09-27 04:00:37", "1602629", "196.251.81.162:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:45:46", "100", "https://search.censys.io/hosts/196.251.81.162", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-09-27 04:00:37", "1602630", "84.19.175.184:56470", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:47:45", "100", "https://search.censys.io/hosts/84.19.175.184", "AS31103,C2,censys,KEYWEB-AS,RAT,Remcos", "0", "DonPasci" "2025-09-27 04:00:37", "1602631", "4.228.216.14:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:46:35", "100", "https://search.censys.io/hosts/4.228.216.14", "AS8075,C2,censys,MICROSOFT-CORP-MSN-AS-BLOCK,RAT,Remcos", "0", "DonPasci" "2025-09-27 04:00:36", "1602626", "104.168.7.200:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:43:28", "100", "https://search.censys.io/hosts/104.168.7.200", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-09-27 04:00:36", "1602627", "62.60.131.168:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:47:21", "100", "https://search.censys.io/hosts/62.60.131.168", "AS208137,C2,censys,FPS12,RAT,Remcos", "0", "DonPasci" "2025-09-27 04:00:36", "1602628", "147.124.217.204:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:44:16", "100", "https://search.censys.io/hosts/147.124.217.204", "AS396073,C2,censys,MAJESTIC-HOSTING-01,RAT,Remcos", "0", "DonPasci" "2025-09-27 03:52:46", "1602625", "5u.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 03:54:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 03:38:44", "1602624", "gj.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 03:40:17", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 03:35:47", "1602623", "http://47.122.63.148:45981/a3Zo", "url", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "75", "https://bazaar.abuse.ch/sample/ed8f995184e5d9e36f6ed292aa08f28a361aaf906a0346f0325be7d29556708f/", "cobaltstrike", "0", "abuse_ch" "2025-09-27 03:16:14", "1602621", "4f.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 03:16:58", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 02:48:08", "1602620", "clearate.cloud", "domain", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:48:08", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-27 02:35:24", "1602619", "q3n.i-215.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 03:54:13", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 02:34:46", "1602618", "8a.tiqk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 02:35:24", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 02:13:47", "1602617", "6v.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 02:14:28", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 01:58:23", "1602616", "u0.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 01:59:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 01:53:09", "1602615", "m8.i-215.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 02:14:27", "100", "None", "clearfake", "1", "ttakvam" "2025-09-27 01:52:41", "1602614", "eq.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 01:53:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 00:09:33", "1602612", "0m.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 00:10:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-27 00:01:34", "1602611", "164.90.202.243:4321", "ip:port", "botnet_cc", "win.adaptix_c2", "None", "AdaptixC2", "2025-09-27 21:44:37", "100", "https://search.censys.io/hosts/164.90.202.243", "AdaptixC2,AS14061,C2,censys,DIGITALOCEAN-ASN", "0", "DonPasci" "2025-09-27 00:01:11", "1602610", "16.171.55.6:443", "ip:port", "botnet_cc", "win.poshc2", "None", "PoshC2", "2025-09-27 04:01:07", "100", "https://search.censys.io/hosts/16.171.55.6", "AMAZON-02,AS16509,C2,censys,Posh", "0", "DonPasci" "2025-09-27 00:01:07", "1602609", "185.94.29.137:2222", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "", "100", "https://search.censys.io/hosts/185.94.29.137", "AS58212,C2,censys,DATAFOREST,RAT,Venom", "0", "DonPasci" "2025-09-27 00:00:57", "1602608", "176.202.9.84:81", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-27 00:00:42", "1602607", "186.169.33.26:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:45:28", "100", "https://search.censys.io/hosts/186.169.33.26", "AS3816,C2,censys,COLOMBIA,RAT,Remcos", "0", "DonPasci" "2025-09-27 00:00:41", "1602606", "92.61.71.38:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:47:56", "100", "https://search.censys.io/hosts/92.61.71.38", "AS62212,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-09-27 00:00:25", "1602605", "91.92.242.96:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-09-27 00:04:37", "100", "https://search.censys.io/hosts/91.92.242.96", "AS209800,C2,censys,Latrodectus,METASPINNER-ASN", "0", "DonPasci" "2025-09-27 00:00:20", "1602604", "117.72.209.44:7001", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 04:00:09", "100", "https://search.censys.io/hosts/117.72.209.44", "AS141679,C2,censys,CHINATELECOM-IDC-BTHBD-AP,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-09-27 00:00:19", "1602603", "62.192.173.249:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 04:00:08", "100", "https://search.censys.io/hosts/62.192.173.249", "AS25693,C2,censys,CobaltStrike,cs-watermark-666666666,VIRMACH", "0", "DonPasci" "2025-09-27 00:00:16", "1602602", "144.172.108.70:4433", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:48:54", "100", "https://search.censys.io/hosts/144.172.108.70", "AS14956,C2,censys,CobaltStrike,cs-watermark-987654321,ROUTERHOSTING", "0", "DonPasci" "2025-09-26 23:36:19", "1602601", "y2.jagc.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 23:46:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 23:30:50", "1602600", "3d52078b10a5b3217be92c21d06b3923", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:49", "1602597", "8b1bbbbac27e285bff9ddeb2773e4859", "md5_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:49", "1602598", "cdc483c023f1f918f975216ef9648c262be9d87a", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:49", "1602599", "aae142810c653716d5acd0c128bd05ed96c30861188a09541ed16099e17de005", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:48", "1602594", "42f28fac2390c91f803fbac891b0dbfa", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:48", "1602595", "e7b966889f5d100e16f691f3a5268d4058629514", "sha1_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:48", "1602596", "7109c74b24a883dbd37cf5d23a11642ed056d876e5120102ab860da498550e33", "sha256_hash", "payload", "win.hijackloader", "DOILoader,GHOSTPULSE,IDAT Loader,SHADOWLADDER", "HijackLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:47", "1602592", "5abb51b942a4002288f7af03e580dfc67b478876", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:47", "1602593", "eb76458c04eee2af88d94ecdccc212573abbcb011ebab6287b683bb21dc03e36", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:41", "1602591", "2e00774b055bb4dac7de33b0bcd1bd65", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:40", "1602588", "3359a50481f5645286a18a3430634079", "md5_hash", "payload", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:40", "1602589", "9a36ab984b819ef93499f69af9e68e56861bfe96", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:40", "1602590", "ca603e0fb3203b252a1f4e866ff739f3799df8052aab5e36d501532b6a1c7e49", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:39", "1602585", "c8077bfe8e217eb160a34f3aa7d86d1d", "md5_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:39", "1602586", "f9dd21a8ae41757a50c8edbcfe1896fe0020ab5e", "sha1_hash", "payload", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:39", "1602587", "917e92ceb2da1d60284d87721cc3de0efec208d20f66f4a536aabfe5eb5ff61e", "sha256_hash", "payload", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:38", "1602582", "bbcd4d282f1326ed3b2acb2fc05de8cb", "md5_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:38", "1602583", "2e4bd050715ef0aa8a62bebbdc427c41263792bb", "sha1_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:38", "1602584", "54470471f8c6a425d973a9b80b1b1a8cbe4708393429cfbf02fc6ef00f09a468", "sha256_hash", "payload", "win.gcleaner", "None", "GCleaner", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:37", "1602579", "9e5ef29b20d6d3d5cf4e35b12d60b172", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:37", "1602580", "8ec080ef009c12d93cfc31f492c40f3c78b97e56", "sha1_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:37", "1602581", "6adbf96480b47f1a9fc3a3705ee8e3663e76dfd06b3ae9f96820f456044a20ba", "sha256_hash", "payload", "win.ghost_rat", "Farfli,Gh0st RAT,PCRat", "Ghost RAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:36", "1602576", "e928cda8eb5465fbe86c25dcf32d3a7c", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:36", "1602577", "b2393d3f91b42c83d8ff9cb36a04aebe5c0078dd", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:36", "1602578", "cd9df8af108c7e01beedac8e4047d4972fd18d1ce29cc4fa0296fabb22179828", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:35", "1602573", "17e1479708535b21cb8150b484653e68", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:35", "1602574", "1a636b6b6ed2094ca30ec6e72738518c9b3fb774", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:35", "1602575", "c9cc39c46a8d4cb82f41757da922d5f2428e77f655c8f052a4ef3dd596715be7", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:34", "1602570", "84c1b837882e018491d8d09f474c8e1e", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:34", "1602571", "c0aefa041c67852846020f5f853de707f2e8737c", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:34", "1602572", "6a7396d49126f2c310c0a47f0e6c85890d7e609f382ff3309f79da2b1562398c", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:33", "1602568", "25cd350fb0b6dd06e79b62e526777d5e18979126", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:33", "1602569", "a154a53ea4cfd0dce680f963dde9d875362441e57960b669b05767bc99633d96", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:32", "1602565", "5b4cf34abf6d6c67d63e56f157f42f88470d86e5", "sha1_hash", "payload", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:32", "1602566", "2c00668e0dda59c11b8d54c89e0d8544678ee5304ec1471ff7f26751e781e351", "sha256_hash", "payload", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:32", "1602567", "715e7dd3c707f270cdcf253987f841b9", "md5_hash", "payload", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:31", "1602562", "591bfff9014ce3c6722c723e875dee12f6c87190", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:31", "1602563", "d383abce3a04f57dfd3a3e706dae6aa2aa5d3af7d4c51e3b2b26df3fc4487f0e", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:31", "1602564", "c18614012f47dc3bbe2b62db87808aac", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:30", "1602559", "41a4ec4a2bc5558eff67e9c0bb61d23522980ccf", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:30", "1602560", "64ec658ea1614f0c2f5cd4ac65f072df89e0a88ab600e807dc7b0d799666dd0a", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:30", "1602561", "fbf63b20a9cf385713171b2883b85e07", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:29", "1602556", "964eaf0d389c8c05533e1f5bd6b8cab7e23e7b40", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:29", "1602557", "e27e05c7be1115f5ead1b7c72c5ef3bd123f87d4cac75cd9e14462ff4845e074", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:29", "1602558", "e74a1c7981521ba8fee11f596f8fa626", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:28", "1602553", "006039a7f7cd19c8f0cdde6d00f22715cdb8bc08", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:28", "1602554", "95ac5479c696bc409cd11dbc92e57708590c1f8b8aff47d9c04edcfe4332ea70", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:28", "1602555", "a643bcfd5f40f8b07df5ceb38acc1b8a", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:27", "1602550", "01244c78a618384d0ef2d6d0b39ffe4144a0ee00", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:27", "1602551", "15b963e6213360317164b419e7192cdf5c4145f54a5acc0a41fe7dfa9075fb3f", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:27", "1602552", "23898d6777cd7fc0e96956e296c0f87c", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:26", "1602548", "52003895b637d50bb99d8f810d0666b5868e77d832510035e5b8828ef641edf9", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:26", "1602549", "fd774fe3436bf9bb7135699461a34aef", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:25", "1602545", "13a69916594902b88284e3b603f7e396d89767ffeafa8a3b619a2be3e9ad07fb", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:25", "1602546", "71d635bfd642b1b9fbb6ceb86a3ef77d", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:25", "1602547", "084f7fc4a9a788d58b7d7e3799ac02cc77f10a26", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:24", "1602542", "fa3b9f050519f8106a424f92aab6a7714fefe36ca3b859acb099ae1467d8c0ae", "sha256_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:24", "1602543", "a27262e393d5bb1a922b4979d3c6ee7b", "md5_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:24", "1602544", "e09829447605fbf79cd95908117afba672ea1c6b", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:23", "1602539", "c04f64f0b5cbd336ad8b5dcf40727f50dba7534d66df1998110f38af533b45b3", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:23", "1602540", "f3e7911858dda7a6ecf97af313841223", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:23", "1602541", "8ca332d8378275f299d5206e1191456614af2802", "sha1_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:22", "1602536", "0c26d498ccd4d7aea16e4b6e7e647fe4e16b89f67e18a8eacb4b0965fce2f381", "sha256_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:22", "1602537", "e6d632d9d8f14c4d7e71c01dffe63a9d", "md5_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:22", "1602538", "3eabf3cca0b728c3c2ef2cdf98daffe2ae11071c", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:21", "1602533", "eccf6b8a45f044951712b08013fcb020bff95e7c784164464afcf5e6adba1fdb", "sha256_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:21", "1602534", "20112e421939007414b399ac72e87fbe", "md5_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:21", "1602535", "276baede88d4bf28faf2b4c76c13aa0b19fae0d7", "sha1_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:20", "1602530", "5731851703e6ca1dd31c4ba3455a4e961621aab904d53ff5d747f811d3dee1b0", "sha256_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:20", "1602531", "d79c06c34d41c8132c674898a509031c", "md5_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:20", "1602532", "ff642f5d1f407bd89c2c95ee9f489df881c34872", "sha1_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:19", "1602528", "a188f2c429734fb193fcd29eadfd69f9", "md5_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:19", "1602529", "09652cdf8de49ccaa1321934642e9f1b9da5dac3", "sha1_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:18", "1602526", "c7fdc8720d2ca344ea987c963d56c4d7", "md5_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:18", "1602527", "611c9cd7e30cb8710ee9ba3f718b31a452d83894", "sha1_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:17", "1602523", "3411fb6f74583251ac0f556d10d80fba", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:17", "1602524", "bcc3235dcceac6165b71a75a9a8eedb206721b0e", "sha1_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:17", "1602525", "e4cbf31ac0aacb712219b080af8ccbc11899cc1e7a695077b61df5317ffc3a1d", "sha256_hash", "payload", "win.riseloader", "None", "RiseLoader", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:16", "1602520", "dd3135292600448019bc1282049a58c3", "md5_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:16", "1602521", "87a1f01f1a44eaa39401f1d4e82b5dc6206d728f", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:16", "1602522", "e715ca77bca80baec611ba2f5982ce26a52211523f2db2115165e593b65ff6ef", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:15", "1602517", "0e381afc008186ad18cf2b9eda451008", "md5_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:15", "1602518", "9ef07882a5504328507687b61d919b5853df4cdc", "sha1_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:15", "1602519", "a3b7ad3ac10b437dbe004aa6ec90b480a14304f2d5c59b77cb8559e96e1a6841", "sha256_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:14", "1602515", "63063f55715825aa9eb9bd51015842f7d7808f1d", "sha1_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:14", "1602516", "74b34fd58b8927a025dbba176442e079637049fe9b66fa80beed989e8939015e", "sha256_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:13", "1602512", "b5710067c36447759b82593200f7374760d71571", "sha1_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:13", "1602513", "be5bcdfc0dbe204001b071e8270bd6856ce6841c43338d8db914e045147b0e77", "sha256_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:13", "1602514", "fd817202314d4067c2dc9c51d98f0268", "md5_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:12", "1602509", "1ede9e7c88734d40a3f097f69a1d42b6c5a7ab7d", "sha1_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:12", "1602510", "1374081c549ed143f2110a1b81ea617e323a3476f188923684a9f696e6ce087c", "sha256_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:12", "1602511", "121bb22209964b7d4af9242134ae594c", "md5_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:11", "1602507", "34aadd5d6e50aa780d96028140cb71de1d15204c76126a54b98d3dfb5f9445e0", "sha256_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:11", "1602508", "ddd256fb71e5219a0aadde0a2d0d273c", "md5_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:10", "1602504", "dcdbcba9c56a123c2a494e23521ef80eb6cd69ba3b53d10f06b04cdc9477e2ed", "sha256_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:10", "1602505", "aa7af6e9c17ab8eaada64d232c14853f", "md5_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:10", "1602506", "56baf984035999d1db570b89227f52234c2458b2", "sha1_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:09", "1602502", "589796c940aac07e9389b60fbf3f7523", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:09", "1602503", "968806000282f224d9a6b29e0e927cfdd98bb72e", "sha1_hash", "payload", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:08", "1602499", "bbdb6987daa7635e764c134b580d28a4", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:08", "1602500", "f63fc6d67b15144fb8a4dd7d9e044bb5cdd9c06d", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:08", "1602501", "c131ae97938e782d3beb56c4a00ca9ddad3812364c3f0492aacdb0458f659b1c", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:07", "1602497", "b87f71b4a4bc3bbfb41be0ab6626831583ce8a42", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:07", "1602498", "818ed536a50e205f6ef036a109c847869ff78100e87ceae800f5c43d62bb26bd", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:06", "1602495", "4c65ac4c3af63c0c71c5b0e1b6b6db1c71f08778efc1a47524fef18d6ee91312", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:06", "1602496", "b78add2b21a1fb324fc492c196458c09", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:05", "1602492", "2afe0dfb8d2809e16356446428e83659c16d093cd6ce1a5418efe8e16b3f567c", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:05", "1602493", "e9152fa33c5a23f1d15235049bf45a77", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:05", "1602494", "b9af0fabd5e1edc607c14e3b3d09def366934296", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:04", "1602490", "eef01da8c18de3fc7869717f93721038", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:04", "1602491", "00328b2651f6d411346f7a9a9ad5baab368ac179", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:03", "1602488", "0368f5868e786fb4f1622116165684e35d6c23b5", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:03", "1602489", "46ebf0713b673f18360202e297685e3031456bf7d44a4ec97bbdc6187c716bc8", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:02", "1602487", "f9b958386d28f258867e0b92be151e09", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:01", "1602485", "3804f21eb9ab6983b314946af23a64f9a95178f9", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:01", "1602486", "b9404b68730c9f6c3f7aa156bec2374f76e64d1526512d87ff5451f823da8185", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:00", "1602482", "844969a2baa8ea04d832998c2169efca41dacdb5", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:00", "1602483", "4f9df0124b362959024305dead04b4637ff379d2cc1b94962fddc9acd039bad4", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:30:00", "1602484", "60de389f7de9d3dc7489f9413a3fb69c", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:59", "1602479", "71577083e5367f73ab799ce5735aee644151d43f", "sha1_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:59", "1602480", "1a9dedcdb3fa783b8211f36d2eeb9791e78df7dfedcecd4b08608484aea3c1bf", "sha256_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:59", "1602481", "4084e3f2ebf7a4b1618eb9c57416fe6b", "md5_hash", "payload", "win.vipkeylogger", "None", "VIP Keylogger", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:58", "1602476", "83d09d7576330ad2f4f9301845d1a4e6b5687656", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:58", "1602477", "0ae6570d9e659ffd5efc1e3f9faca696bd12b66b8d125b1159aee9e5251a4d79", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:58", "1602478", "89ff15bae1bc050ba6e57fd659e764c2", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:57", "1602473", "9fac1392cd2033dfd185b27ec30f30af658f27d2", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:57", "1602474", "1519c35519813943ccd719d66d625a356627b5cfd9e5b21314dafc5c0d6d29c8", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:57", "1602475", "ca5d5c31c3ebd26d1d8ddbe68e41cc2b", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:56", "1602470", "7e4b782e3caa8f501970e74e19ea827aa1945e20", "sha1_hash", "payload", "win.xenorat", "None", "XenoRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:56", "1602471", "459238815cef12916912d15825351651b6222161e9229e7ae66dbf40f733b589", "sha256_hash", "payload", "win.xenorat", "None", "XenoRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:56", "1602472", "064e9a4c9c67f25501dc43834c44d5a5", "md5_hash", "payload", "win.xenorat", "None", "XenoRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:55", "1602467", "76b04d6e7ea803ed4aec907d0edc7145bf89089d", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:55", "1602468", "c374f2998fc7dcbc0c3e559a1dfcdf4b2729a12ea1783ead0624a1553a8bacf1", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:55", "1602469", "709c5b5d53f5ef3eccb8dc4329ba9d2c", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:54", "1602464", "d3232bc255400bf418a42abb50b75a344bce253f", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:54", "1602465", "ccdf673390e032a11978be52ef503088dde4018bcf938522f848fee747715153", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:54", "1602466", "1036d6b51f3684aa656eca637debc828", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:53", "1602461", "1cd4088ebcdb8ee082f84eeb999dc8efd23d45b8", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:53", "1602462", "79b413ce2cecbe5cdb5ee6d8a29ab4da5e96a86870a393c264e997eebce7bcac", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:53", "1602463", "01239e83b8d41459d5fa6ebf0f1dcf8f", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:52", "1602458", "393bc8fb60438b153744b972332ba7cec7292831", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:52", "1602459", "eb5fd87c0a5f2ca99cf846fd6148f4c1084e14c6f9e79a8b5635dbd3c6d1036d", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:52", "1602460", "04351d5139488559740d6218f9c4b866", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:51", "1602455", "269a63c352efb43e71f1cc1d24739e0af4281995", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:51", "1602456", "31ad3cdc1ccc501f7d7ac1d15c4092e834fe9dd9f62d26c076cd4bf86ceeb444", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:51", "1602457", "e88e85a581edead861fcc4971768572d", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:50", "1602452", "37e506235234c5e396c784cdbf6e09fedab02630", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:50", "1602453", "fe4a2ca725dbd1fe619d5c621751774d86fed32f112acf38f3b7c48fbe23d31a", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:50", "1602454", "1fabfe9a9dd908094b136392335f62a5", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:49", "1602449", "54e5a942dfbb92ba77dfe505aedddb1543a03ff3", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:49", "1602450", "3b34d7190c6169983a9acbe191c1aef937600c3818f0fd8be3a63bd96b3bbebf", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:49", "1602451", "6aac2e3bc489cff895916cfc1ea83242", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:48", "1602446", "c52457cf9bbb53841abc1b291d7dbf01a70d58d9", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:48", "1602447", "5f9b01b88c7faf63239a79405c1f7c5521b9cfd1934c659a8c56345ad1549d17", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:48", "1602448", "763f68a401d716378a6a55afef4b85c4", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:47", "1602443", "3261d73e9df352bf1999029013543302b4ad10a6", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:47", "1602444", "6f0918d85cc9f27d09b3100b357e115a4cd35a492cc901f95d9a9cd07e1d4f9f", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:47", "1602445", "b3e1780b8689a4eb78f60dc8df092d8d", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:46", "1602440", "f25d995fb0e31f74f981b049229600e3df92f92c", "sha1_hash", "payload", "win.catchamas", "None", "Catchamas", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:46", "1602441", "c905f0495ede4de681a29cf21a8915df1bb844328924b3c2c207630d7e33067b", "sha256_hash", "payload", "win.catchamas", "None", "Catchamas", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:46", "1602442", "37db8c3cb65ff828a913a7241870f866", "md5_hash", "payload", "win.catchamas", "None", "Catchamas", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:45", "1602437", "247099d63dee8ac8c4b4a14407b4d4b29f9ee580", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:45", "1602438", "c8fad764fa9fc2f8cc58809ef2be38c40e5560729019ff709614829cfbeb3111", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:45", "1602439", "c343a325cf03540783ae8b0993a19dd1", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:44", "1602435", "f4097951bcf8213b24354a923e92bc7b7aed1ae3954e800ed4838f0d6dba8cd5", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:44", "1602436", "5cec1a673a56672290a4441f1ced1d1c", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:43", "1602432", "8989c105f6a548982cbf744de60417d0d3137e2559335e43ba0ea1355b93b163", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:43", "1602433", "052b967fdd2a0e8ff6290800d2c59d93", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:43", "1602434", "65ec0d6a5ac822d7befb23c92e5e49cc554aa315", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:42", "1602429", "d9be31a6b588d4b0946ce181d3f1d7312a6f3e2682958e60dbe8ef4e7d2bd177", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:42", "1602430", "d1ce0a314b019d9d1695350b740f7630", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:42", "1602431", "d30a9e0d610880ec540633ff910eec0299091b45", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:41", "1602426", "d970b4cd5467e48b6b0b8f99066f33110fc2b506e9ae90379e6792070f39e176", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:41", "1602427", "46c74b5220accd634126f908b2172d1f", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:41", "1602428", "27123f5e91b0426db9715161954eca3db17ded29", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:40", "1602423", "eb4355541f47bbace15054fada7c76ef673eb119342df68787a25e60dccc0d96", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:40", "1602424", "6bd109e087910300bdafa55154df2831", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:40", "1602425", "b90e45a4e04144e4a3a0dac3673c3bb969dc8f71", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:39", "1602420", "18726d40d598feb037efa36fd4419e3a06410a7c8339d8c2459c322acc17d0e9", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:39", "1602421", "eb3f16e236545da03c58202e6003d70b", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:39", "1602422", "9612ff0e6aea42f49cfed8af957d15c5f08e7fab", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:38", "1602417", "e953fbb29aaf02c7f43fe27fede1cab32fddfc1ca1ac7d56e9e75417d72607fa", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:38", "1602418", "ea79195fe9790fdeef5e3e8d33b2cded", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:38", "1602419", "2bdbf301d7c474dc9c7a32d36b2570734781e68f", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:37", "1602415", "e1961dcbe3664231d9affd0ddc5cabd2", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:37", "1602416", "d8830dd2fbcd257f2fc912d6ea22deaee012a003", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:36", "1602413", "1783c3314c859cc369ba0875375ee4f95a85291c", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:29:36", "1602414", "57365350234375cd60d16cba2aefbff8d0dc048ae37669fc40bb9c42cab64037", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-26 23:26:02", "1602412", "zs.kunb.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 23:26:40", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 22:47:14", "1602411", "wq9.a-156.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 00:10:52", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 22:44:39", "1602410", "3i.kunb.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 22:47:14", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 22:16:01", "1602409", "2.kunb.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 22:17:38", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 21:17:21", "1602408", "7.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 21:18:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 21:07:04", "1602407", "6.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 21:08:57", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 21:04:44", "1602406", "c7.a-156.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 22:17:38", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 20:55:12", "1602405", "ik.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 21:04:44", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 20:50:09", "1602404", "15.229.176.44:21424", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-26 20:50:05", "1602403", "160.238.13.158:30121", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-26 20:50:04", "1602402", "n.a-156.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 20:49:25", "1602401", "w6.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 20:50:04", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 20:29:27", "1602400", "m7.o-279.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 20:28:54", "1602399", "79.nytk.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 20:29:27", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 20:02:03", "1602398", "213.209.143.44:80", "ip:port", "botnet_cc", "elf.bashlite", "gayfgt,Gafgyt,qbot,torlus,lizkebab", "Bashlite", "", "100", "https://search.censys.io/hosts/213.209.143.44", "AS214943,C2,censys,Gafgyt,open-dir,RAILNET", "0", "DonPasci" "2025-09-26 20:02:01", "1602397", "180.76.118.219:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/180.76.118.219", "AS38365,BAIDU,c2,c2-redirector,censys,RedGuard", "0", "DonPasci" "2025-09-26 20:01:53", "1602395", "38.60.197.63:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://search.censys.io/hosts/38.60.197.63", "AS138915,C2,censys,KAOPU-HK,Stealc,Stealer", "0", "DonPasci" "2025-09-26 20:01:53", "1602396", "38.54.50.10:80", "ip:port", "botnet_cc", "win.stealc", "None", "Stealc", "", "100", "https://search.censys.io/hosts/38.54.50.10", "AS138915,C2,censys,KAOPU-HK,Stealc,Stealer", "0", "DonPasci" "2025-09-26 20:01:50", "1602394", "171.244.61.152:80", "ip:port", "botnet_cc", "win.nimplant", "None", "Nimplant", "2025-09-27 04:01:11", "100", "https://search.censys.io/hosts/171.244.61.152", "AS38731,C2,censys,Nimplant,VTDC-AS-VN", "0", "DonPasci" "2025-09-26 20:01:42", "1602393", "45.131.183.22:445", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:46:41", "100", "https://search.censys.io/hosts/45.131.183.22", "AS210895,C2,censys,Havoc,PODAON-PL-1", "0", "DonPasci" "2025-09-26 20:01:41", "1602392", "13.62.134.6:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:44:02", "100", "https://search.censys.io/hosts/13.62.134.6", "AMAZON-02,AS16509,C2,censys,Havoc", "0", "DonPasci" "2025-09-26 20:01:39", "1602391", "161.248.178.115:2404", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-09-27 04:01:01", "100", "https://search.censys.io/hosts/161.248.178.115", "AS150895,C2,censys,EZTECH-VN,Quasar,RAT", "0", "DonPasci" "2025-09-26 20:01:38", "1602388", "91.92.242.76:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-27 21:47:55", "100", "https://search.censys.io/hosts/91.92.242.76", "AS209800,C2,censys,Hookbot,METASPINNER-ASN", "0", "DonPasci" "2025-09-26 20:01:38", "1602389", "23.94.255.183:8082", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-27 04:00:59", "100", "https://search.censys.io/hosts/23.94.255.183", "AS-COLOCROSSING,AS36352,C2,censys,Hookbot", "0", "DonPasci" "2025-09-26 20:01:38", "1602390", "23.94.255.183:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-27 04:00:59", "100", "https://search.censys.io/hosts/23.94.255.183", "AS-COLOCROSSING,AS36352,C2,censys,Hookbot", "0", "DonPasci" "2025-09-26 20:01:36", "1602387", "120.220.219.63:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-27 04:00:57", "100", "https://search.censys.io/hosts/120.220.219.63", "AS9808,C2,censys,CHINAMOBILE-CN,Mythic", "0", "DonPasci" "2025-09-26 20:01:32", "1602386", "31.214.157.247:9000", "ip:port", "botnet_cc", "win.sectop_rat", "1xxbot,ArechClient", "SectopRAT", "", "100", "https://search.censys.io/hosts/31.214.157.247", "AS58329,C2,censys,RAT,Sectop,SERVINGA-NL", "0", "DonPasci" "2025-09-26 20:01:31", "1602385", "176.202.9.84:9301", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:30", "1602381", "176.202.9.84:27475", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:30", "1602382", "176.202.9.84:34606", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:30", "1602383", "176.202.9.84:57633", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:30", "1602384", "176.202.9.84:1234", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:29", "1602377", "176.202.9.84:48736", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:29", "1602378", "176.202.9.84:60472", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:29", "1602379", "176.202.9.84:445", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:29", "1602380", "176.202.9.84:21340", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:28", "1602373", "176.202.9.84:9200", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:28", "1602374", "176.202.9.84:11101", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:28", "1602375", "176.202.9.84:21752", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:28", "1602376", "176.202.9.84:22522", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:27", "1602369", "176.202.9.84:47009", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:27", "1602370", "176.202.9.84:995", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:27", "1602371", "176.202.9.84:6008", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:27", "1602372", "176.202.9.84:9000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://search.censys.io/hosts/176.202.9.84", "AS8781,AsyncRAT,C2,censys,QA-ISP,RAT", "0", "DonPasci" "2025-09-26 20:01:26", "1602368", "157.230.173.109:443", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-27 21:44:26", "100", "https://search.censys.io/hosts/157.230.173.109", "AS14061,AsyncRAT,C2,censys,DIGITALOCEAN-ASN,RAT", "0", "DonPasci" "2025-09-26 20:01:16", "1602367", "45.59.119.84:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-27 21:46:48", "100", "https://search.censys.io/hosts/45.59.119.84", "AS14956,C2,censys,ROUTERHOSTING,Sliver", "0", "DonPasci" "2025-09-26 20:01:15", "1602366", "45.94.31.142:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-27 21:46:55", "100", "https://search.censys.io/hosts/45.94.31.142", "AS210558,C2,censys,SERVICES-1337-GMBH,Sliver", "0", "DonPasci" "2025-09-26 20:00:19", "1602365", "45.121.215.13:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:42", "100", "https://search.censys.io/hosts/45.121.215.13", "AS152918,C2,censys,CobaltStrike,cs-watermark-666666666,LNL-AS-AP", "0", "DonPasci" "2025-09-26 20:00:18", "1602364", "47.92.4.83:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:52", "100", "https://search.censys.io/hosts/47.92.4.83", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-666666666", "0", "DonPasci" "2025-09-26 20:00:16", "1602363", "47.120.44.195:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:49", "100", "https://search.censys.io/hosts/47.120.44.195", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-391144938", "0", "DonPasci" "2025-09-26 20:00:15", "1602361", "39.97.161.126:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:36", "100", "https://search.censys.io/hosts/39.97.161.126", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-26 20:00:15", "1602362", "150.109.66.49:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 04:00:13", "100", "https://search.censys.io/hosts/150.109.66.49", "AS132203,C2,censys,CobaltStrike,cs-watermark-987654321,TENCENT-NET-AP-CN", "0", "DonPasci" "2025-09-26 19:44:20", "1602360", "s.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:46:02", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 19:33:26", "1602359", "tq1.o-279.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:46:02", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 19:32:32", "1602358", "di.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:33:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 19:24:12", "1602357", "ax.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:26:51", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 19:22:08", "1602356", "b2.o-279.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:26:51", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 19:20:02", "1602355", "c.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 19:22:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 18:48:09", "1602353", "91.105.93.128:995", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-27 21:47:53", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-09-26 18:47:56", "1602352", "80.85.157.81:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-27 21:47:42", "75", "None", "drb-ra,Mythic", "0", "abuse_ch" "2025-09-26 18:47:05", "1602351", "45.74.8.8:1002", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-27 21:46:50", "75", "None", "AsyncRAT,drb-ra,RAT", "0", "abuse_ch" "2025-09-26 18:46:58", "1602350", "45.14.246.57:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:46:44", "75", "None", "drb-ra,RAT,RemcosRAT", "0", "abuse_ch" "2025-09-26 18:45:41", "1602349", "192.142.0.63:40056", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:45:32", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-09-26 18:45:36", "1602348", "185.76.22.124:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-27 21:45:27", "75", "None", "drb-ra,Sliver", "0", "abuse_ch" "2025-09-26 18:45:21", "1602347", "183.61.169.35:10250", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-09-27 21:45:11", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-09-26 18:45:11", "1602346", "178.16.55.52:9090", "ip:port", "botnet_cc", "win.brute_ratel_c4", "BOLDBADGER,BruteRatel", "Brute Ratel C4", "2025-09-27 17:45:26", "75", "None", "BruteRatel,drb-ra", "0", "abuse_ch" "2025-09-26 18:44:16", "1602345", "14.102.238.72:443", "ip:port", "botnet_cc", "win.deimos_c2", "None", "DeimosC2", "2025-09-27 21:44:09", "75", "None", "Deimos,drb-ra", "0", "abuse_ch" "2025-09-26 18:43:51", "1602344", "107.191.49.75:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-27 21:43:46", "75", "None", "drb-ra,Mythic", "0", "abuse_ch" "2025-09-26 18:08:52", "1602343", "x.o-279.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 18:08:09", "1602342", "np.xyqd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 18:08:52", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 18:00:52", "1602341", "Iusefatalbtw-48418.portmap.host", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-09-26 18:00:52", "100", "https://tria.ge/250926-vkhdvs1yat", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-26 18:00:38", "1602339", "dcgerts.duckdns.org", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-qhq6rsvps8", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 18:00:38", "1602340", "startmenuexperiencehost.ydns.eu", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-pxhmhahk81", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 18:00:37", "1602338", "AseguramayoDC.casacam.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-rfwtxaal91", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 18:00:19", "1602335", "mean-airline.gl.at.ply", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-r9a5asbj91", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 18:00:19", "1602336", "original-fan.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-s4kxzszzbs", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 18:00:19", "1602337", "promole5.ddns.net", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "2025-09-26 18:03:44", "100", "https://tria.ge/250926-rghcxavqx9", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 17:55:17", "1602334", "fr.wuhp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:56:26", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 17:42:03", "1602333", "e1.a-342.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:56:26", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 17:40:04", "1602332", "b3.wuhp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:42:03", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 17:08:37", "1602330", "qk2.a-342.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 17:07:57", "1602329", "ix.wuhp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:08:37", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:27", "1602327", "ia.wuhp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 17:48:05", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:26", "1602298", "37.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 13:19:43", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:25", "1602302", "http://176.46.152.47/diamo/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS214351,diamotrix,FEMO IT SOLUTIONS LIMITED", "0", "antiphishorg" "2025-09-26 16:57:24", "1602301", "lexypaster.ddns.net", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "https://tip.neiki.dev/file/459238815cef12916912d15825351651b6222161e9229e7ae66dbf40f733b589", "asyncrat,rat,sheetrat", "1", "Neiki" "2025-09-26 16:57:23", "1602303", "http://158.94.208.102/diamo/login.php", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "AS209800,diamotrix,metaspinner net GmbH", "0", "antiphishorg" "2025-09-26 16:57:23", "1602304", "5.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 14:03:10", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:23", "1602306", "lc.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 17:35:20", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:22", "1602308", "gq.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 14:32:36", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:22", "1602309", "y3.pihp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 15:12:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:22", "1602311", "0z.pihp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 15:17:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:57:21", "1602325", "tl.pihp.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 16:24:45", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 16:36:30", "1602328", "u5.a-342.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 16:24:44", "1602326", "r.a-342.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 16:01:08", "1602323", "79.241.110.80:82", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-27 21:47:36", "100", "https://search.censys.io/hosts/79.241.110.80", "AS3320,C2,censys,DTAG,Netsupport,RAT", "0", "DonPasci" "2025-09-26 16:01:08", "1602324", "3.10.226.241:10259", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-27 21:46:19", "100", "https://search.censys.io/hosts/3.10.226.241", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-09-26 16:01:04", "1602322", "20.169.181.39:80", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:45:54", "100", "https://search.censys.io/hosts/20.169.181.39", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-09-26 16:01:03", "1602321", "update.00m-i.cloud", "domain", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 04:01:03", "100", "https://search.censys.io/hosts/20.169.181.39+update.00m-i.cloud", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-09-26 16:01:01", "1602320", "94.156.170.181:8089", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-27 04:00:59", "100", "https://search.censys.io/hosts/94.156.170.181", "AS215439,C2,censys,Hookbot,PLAY2GO-NET", "0", "DonPasci" "2025-09-26 16:00:43", "1602319", "45.147.77.210:5900", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-27 21:46:45", "100", "https://search.censys.io/hosts/45.147.77.210", "AS51889,C2,censys,GPDN-AS,Sliver", "0", "DonPasci" "2025-09-26 16:00:38", "1602318", "128.90.113.62:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:44:00", "100", "https://search.censys.io/hosts/128.90.113.62", "AS40861,C2,censys,PARAD-40-ASN,RAT,Remcos", "0", "DonPasci" "2025-09-26 16:00:37", "1602317", "196.251.69.194:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:45:44", "100", "https://search.censys.io/hosts/196.251.69.194", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-09-26 16:00:21", "1602316", "91.92.242.97:443", "ip:port", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "2025-09-26 16:02:06", "100", "https://search.censys.io/hosts/91.92.242.97", "AS209800,C2,censys,Latrodectus,METASPINNER-ASN", "0", "DonPasci" "2025-09-26 16:00:13", "1602314", "92.246.140.237:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:50:11", "100", "https://search.censys.io/hosts/92.246.140.237", "AS215590,C2,censys,CobaltStrike,cs-watermark-987654321,DPKGSOFT-AS", "0", "DonPasci" "2025-09-26 16:00:13", "1602315", "47.122.119.55:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:50", "100", "https://search.censys.io/hosts/47.122.119.55", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-26 15:25:05", "1602313", "147.185.221.31:45092", "ip:port", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "None", "XWorm", "0", "abuse_ch" "2025-09-26 15:17:49", "1602312", "k7.i-661.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 15:12:08", "1602310", "aa9.i-661.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 14:11:32", "1602307", "v2.i-661.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 14:32:35", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 14:02:59", "1602305", "g.i-661.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 13:19:43", "1602300", "aa9.i-574.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 13:18:48", "1602299", "qm8.j287y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-27 17:35:20", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 13:13:48", "1602277", "e1.lobd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 12:16:08", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 13:13:47", "1602267", "7w.lobd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:50:00", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 13:13:46", "1602289", "4t.wugh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 13:01:15", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 13:13:46", "1602292", "http://198.1.195.210:3000/download/panel", "url", "payload_delivery", "unknown_stealer", "None", "Unknown Stealer", "", "100", "https://bazaar.abuse.ch/sample/44d8a2d4450ffbbec0c4dfba3a0bafa48ad9e2d43bf04c2ffea554ba884c6d4b/", "infostealer", "0", "burger" "2025-09-26 13:11:26", "1602297", "95.216.180.238:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 13:11:12", "1602296", "fx.aztu.edu.az", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 13:11:11", "1602295", "fx.alexandraparasca.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 13:10:44", "1602293", "https://fx.alexandraparasca.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 13:10:44", "1602294", "https://fx.aztu.edu.az/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 13:01:15", "1602291", "xq0.i-574.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 13:00:48", "1602290", "u1.j287y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 12:51:17", "1602288", "223.111.244.8:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:28", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 12:51:05", "1602287", "176.233.252.31:8081", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:19", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 12:50:57", "1602285", "156.234.94.209:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:14", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 12:50:57", "1602286", "156.234.94.222:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:14", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 12:50:56", "1602284", "156.234.36.242:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:13", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 12:50:55", "1602282", "156.234.126.185:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:12", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 12:50:55", "1602283", "156.234.213.188:888", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:12", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 12:50:19", "1602281", "120.232.243.38:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:48:46", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 12:50:06", "1602280", "111.3.91.107:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:48:37", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 12:16:08", "1602279", "c5.i-574.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 12:15:11", "1602278", "h.j287y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 12:01:34", "1602276", "104.194.154.161:6000", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-27 21:43:29", "100", "https://search.censys.io/hosts/104.194.154.161", "AS14956,C2,censys,DcRAT,RAT,ROUTERHOSTING", "0", "DonPasci" "2025-09-26 12:01:32", "1602275", "80.85.156.117:3339", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-09-27 04:01:05", "100", "https://search.censys.io/hosts/80.85.156.117", "AS44493,C2,censys,CHELYABINSK-SIGNAL-AS,RAT,Venom", "0", "DonPasci" "2025-09-26 12:01:29", "1602274", "137.184.187.37:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-27 21:44:05", "100", "https://search.censys.io/hosts/137.184.187.37", "AS14061,C2,censys,DIGITALOCEAN-ASN,Hookbot", "0", "DonPasci" "2025-09-26 12:01:28", "1602273", "164.92.147.85:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-27 21:44:37", "100", "https://search.censys.io/hosts/164.92.147.85", "AS14061,C2,censys,DIGITALOCEAN-ASN,Mythic", "0", "DonPasci" "2025-09-26 12:01:07", "1602272", "5.101.86.62:52948", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:47:07", "100", "https://search.censys.io/hosts/5.101.86.62", "AS-GLOBALTELEHOST,AS62563,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-09-26 12:00:19", "1602271", "SHADOWii0000-45869.portmap.host", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-nzy7lagq6w", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 12:00:17", "1602270", "193.134.211.38:22222", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:23", "100", "https://search.censys.io/hosts/193.134.211.38", "AS139659,C2,censys,CobaltStrike,cs-watermark-666666666,LUCID-AS-AP", "0", "DonPasci" "2025-09-26 11:50:00", "1602269", "pq9.x874a.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:54:10", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 11:49:58", "1602268", "l.i-574.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:56:33", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 11:40:46", "1602240", "15.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 07:59:46", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:46", "1602254", "ol.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 08:46:12", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:45", "1602257", "teams-download.buzz", "domain", "payload_delivery", "unknown_rat", "None", "Unknown RAT", "", "50", "", "None", "0", "burger" "2025-09-26 11:40:45", "1602261", "ap.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 10:07:19", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:44", "1602258", "s5.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 09:40:16", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:43", "1602262", "zc.lobd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:56:33", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:40:43", "1602264", "rt.lobd.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 11:05:54", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 11:05:54", "1602266", "h1.e-134.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 11:05:31", "1602265", "w3.x874a.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 10:18:40", "1602263", "d.x874a.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 09:38:06", "1602260", "pz8.e-134.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 10:19:51", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 09:35:38", "1602259", "tm7.z413y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 10:07:19", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 08:46:12", "1602256", "w4.e-134.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 08:45:55", "1602255", "x8.z413y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 08:44:25", "1602253", "139.84.147.18:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:44:08", "75", "None", "drb-ra,Havoc", "0", "abuse_ch" "2025-09-26 08:43:02", "1602252", "1.161.124.7:443", "ip:port", "botnet_cc", "win.qakbot", "Oakboat,Pinkslipbot,Qbot,Quakbot", "QakBot", "2025-09-27 21:43:02", "75", "None", "drb-ra,Qakbot,Qbot,Quakbot", "0", "abuse_ch" "2025-09-26 08:01:36", "1602251", "47.128.80.213:58178", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-27 21:47:02", "100", "https://search.censys.io/hosts/47.128.80.213", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-09-26 08:01:31", "1602250", "82.29.96.239:39165", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-09-27 04:01:02", "100", "https://search.censys.io/hosts/82.29.96.239", "AS212238,C2,CDNEXT,censys,Quasar,RAT", "0", "DonPasci" "2025-09-26 08:01:29", "1602249", "102.117.170.192:7443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-27 21:43:04", "100", "https://search.censys.io/hosts/102.117.170.192", "AS23889,C2,censys,MauritiusTelecom,Mythic", "0", "DonPasci" "2025-09-26 08:01:23", "1602248", "154.12.190.35:63876", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "2025-09-27 04:00:53", "100", "https://search.censys.io/hosts/154.12.190.35", "AS906,C2,censys,DMIT,Supershell", "0", "DonPasci" "2025-09-26 08:01:09", "1602247", "185.182.185.101:1772", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:45:17", "100", "https://search.censys.io/hosts/185.182.185.101", "AS51167,C2,censys,CONTABO,RAT,Remcos", "0", "DonPasci" "2025-09-26 08:01:08", "1602245", "196.251.81.95:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:45:47", "100", "https://search.censys.io/hosts/196.251.81.95", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-09-26 08:01:08", "1602246", "46.250.253.70:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:46:59", "100", "https://search.censys.io/hosts/46.250.253.70", "AS141995,C2,CAPL-AS-AP,censys,RAT,Remcos", "0", "DonPasci" "2025-09-26 08:00:13", "1602244", "118.25.195.42:8999", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:48:44", "100", "https://search.censys.io/hosts/118.25.195.42", "AS45090,C2,censys,CobaltStrike,cs-watermark-100000,TENCENT-NET-AP", "0", "DonPasci" "2025-09-26 08:00:12", "1602243", "106.15.48.19:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:48:33", "100", "https://search.censys.io/hosts/106.15.48.19", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-26 07:59:46", "1602242", "n.z413y.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 07:59:35", "1602241", "d.e-134.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 07:38:13", "1602239", "was-rand.gl.at.ply.gg", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "50", "", "c2,xworm", "0", "juroots" "2025-09-26 07:37:36", "1602237", "216.9.224.34:24047", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-26 07:37:36", "1602238", "216.9.224.34:24048", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 20:01:14", "50", "", "c2,remcos", "0", "juroots" "2025-09-26 07:37:24", "1602236", "inversat.cc", "domain", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "50", "", "c2,remcos", "0", "juroots" "2025-09-26 07:37:07", "1602235", "hikylover.st", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "50", "", "c2,mirai", "0", "juroots" "2025-09-26 07:36:51", "1602234", "football-confident.gl.at.ply.gg", "domain", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "", "c2,dcrat", "0", "juroots" "2025-09-26 07:36:35", "1602233", "x.cheapgylsale.com", "domain", "botnet_cc", "win.bunitu", "None", "Bunitu", "", "50", "", "bunitu,c2", "0", "juroots" "2025-09-26 07:36:34", "1602232", "l.cheapgylsale.com", "domain", "botnet_cc", "win.bunitu", "None", "Bunitu", "", "50", "", "bunitu,c2", "0", "juroots" "2025-09-26 07:36:12", "1602230", "18.228.82.60:15427", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-26 07:36:12", "1602231", "83.136.210.163:7077", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-26 07:35:34", "1602227", "https://dpaste.com/9QZBY8BGW", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-26 07:35:34", "1602228", "https://dpaste.com/HEHDCEANU", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-26 07:35:34", "1602229", "https://pastebin.com/raw/Jj4NE9Pz", "url", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "50", "", "asyncrat,c2", "0", "juroots" "2025-09-26 07:31:01", "1602226", "137.220.152.126:9091", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "", "50", "https://www.shodan.io/host/137.220.152.126#9091", "c2,dcrat,shodan", "0", "juroots" "2025-09-26 07:30:46", "1602225", "51.92.211.243:7634", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "", "50", "https://www.shodan.io/host/51.92.211.243#7634", "c2,netsupport,shodan", "0", "juroots" "2025-09-26 07:30:30", "1602224", "47.83.254.175:8000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/47.83.254.175#8000", "c2,redguard,shodan", "0", "juroots" "2025-09-26 07:30:13", "1602223", "191.54.1.216:443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/191.54.1.216#443", "c2,mythic,shodan", "0", "juroots" "2025-09-26 07:29:38", "1602220", "35.152.54.76:35000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/35.152.54.76#35000", "c2,netbus,shodan", "0", "juroots" "2025-09-26 07:29:38", "1602221", "35.152.54.76:17000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/35.152.54.76#17000", "c2,netbus,shodan", "0", "juroots" "2025-09-26 07:29:38", "1602222", "35.152.137.8:8500", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/35.152.137.8#8500", "c2,netbus,shodan", "0", "juroots" "2025-09-26 07:29:23", "1602219", "51.158.190.201:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "50", "https://www.shodan.io/host/51.158.190.201#3333", "c2,gophish,phishing,shodan", "0", "juroots" "2025-09-26 07:29:02", "1602215", "5.129.214.234:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/5.129.214.234#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-26 07:29:02", "1602216", "217.73.60.6:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/217.73.60.6#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-26 07:29:02", "1602217", "51.195.148.21:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-27 20:01:19", "50", "https://www.shodan.io/host/51.195.148.21#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-26 07:29:02", "1602218", "57.130.30.204:31337", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "50", "https://www.shodan.io/host/57.130.30.204#31337", "c2,shodan,sliver", "0", "juroots" "2025-09-26 07:28:57", "1602212", "37.106.47.57:175", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#175", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:57", "1602213", "37.106.47.57:8140", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8140", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:57", "1602214", "37.106.47.57:3014", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3014", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:56", "1602209", "37.106.47.57:64477", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#64477", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:56", "1602210", "37.106.47.57:12507", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12507", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:56", "1602211", "37.106.47.57:45667", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#45667", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:55", "1602203", "37.106.47.57:806", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#806", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:55", "1602204", "37.106.47.57:10040", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10040", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:55", "1602205", "37.106.47.57:8112", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8112", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:55", "1602206", "37.106.47.57:12378", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12378", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:55", "1602207", "37.106.47.57:4664", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4664", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:55", "1602208", "37.106.47.57:3953", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3953", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:54", "1602197", "37.106.47.57:9532", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9532", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:54", "1602198", "37.106.47.57:9944", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9944", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:54", "1602199", "37.106.47.57:2233", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2233", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:54", "1602200", "37.106.47.57:25000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#25000", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:54", "1602201", "37.106.47.57:12296", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12296", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:54", "1602202", "37.106.47.57:13443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#13443", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:53", "1602192", "37.106.47.57:3156", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3156", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:53", "1602193", "37.106.47.57:7348", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#7348", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:53", "1602194", "37.106.47.57:1966", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1966", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:53", "1602195", "37.106.47.57:22082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#22082", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:53", "1602196", "37.106.47.57:57779", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#57779", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:52", "1602189", "37.106.47.57:16081", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16081", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:52", "1602190", "37.106.47.57:12295", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12295", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:52", "1602191", "37.106.47.57:6482", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#6482", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:51", "1602186", "37.106.47.57:8015", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8015", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:51", "1602187", "37.106.47.57:5907", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5907", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:51", "1602188", "37.106.47.57:1454", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1454", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:50", "1602182", "37.106.47.57:20040", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#20040", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:50", "1602183", "37.106.47.57:21295", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#21295", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:50", "1602184", "37.106.47.57:7634", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#7634", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:50", "1602185", "37.106.47.57:777", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#777", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:49", "1602176", "37.106.47.57:8143", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8143", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:49", "1602177", "37.106.47.57:1554", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1554", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:49", "1602178", "37.106.47.57:12414", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12414", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:49", "1602179", "37.106.47.57:8222", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8222", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:49", "1602180", "37.106.47.57:18090", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#18090", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:49", "1602181", "37.106.47.57:20202", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#20202", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:48", "1602172", "37.106.47.57:2320", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2320", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:48", "1602173", "37.106.47.57:12520", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12520", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:48", "1602174", "37.106.47.57:12468", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12468", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:48", "1602175", "37.106.47.57:14147", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#14147", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:47", "1602167", "37.106.47.57:5608", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5608", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:47", "1602168", "37.106.47.57:6500", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#6500", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:47", "1602169", "37.106.47.57:3071", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3071", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:47", "1602170", "37.106.47.57:50443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#50443", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:47", "1602171", "37.106.47.57:9700", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9700", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:46", "1602162", "37.106.47.57:4103", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4103", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:46", "1602163", "37.106.47.57:9179", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9179", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:46", "1602164", "37.106.47.57:9399", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9399", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:46", "1602165", "37.106.47.57:2323", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2323", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:46", "1602166", "37.106.47.57:8158", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8158", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:45", "1602156", "37.106.47.57:8451", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8451", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:45", "1602157", "37.106.47.57:6379", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#6379", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:45", "1602158", "37.106.47.57:3176", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3176", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:45", "1602159", "37.106.47.57:9550", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9550", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:45", "1602160", "37.106.47.57:21379", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#21379", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:45", "1602161", "37.106.47.57:11180", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#11180", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:44", "1602152", "37.106.47.57:12478", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12478", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:44", "1602153", "37.106.47.57:8593", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8593", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:44", "1602154", "37.106.47.57:2221", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2221", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:44", "1602155", "37.106.47.57:5255", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5255", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:43", "1602148", "37.106.47.57:2082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2082", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:43", "1602149", "37.106.47.57:8442", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8442", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:43", "1602150", "37.106.47.57:7601", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#7601", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:43", "1602151", "37.106.47.57:5006", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5006", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:42", "1602142", "37.106.47.57:18044", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#18044", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:42", "1602143", "37.106.47.57:5025", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5025", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:42", "1602144", "37.106.47.57:16067", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16067", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:42", "1602145", "37.106.47.57:12180", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12180", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:42", "1602146", "37.106.47.57:12019", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12019", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:42", "1602147", "37.106.47.57:1883", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1883", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:41", "1602138", "37.106.47.57:18093", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#18093", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:41", "1602139", "37.106.47.57:3016", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3016", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:41", "1602140", "37.106.47.57:3521", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3521", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:41", "1602141", "37.106.47.57:12382", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12382", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:40", "1602132", "37.106.47.57:54545", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#54545", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:40", "1602133", "37.106.47.57:48018", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#48018", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:40", "1602134", "37.106.47.57:503", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#503", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:40", "1602135", "37.106.47.57:8867", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8867", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:40", "1602136", "37.106.47.57:593", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#593", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:40", "1602137", "37.106.47.57:8879", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8879", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:39", "1602127", "37.106.47.57:1024", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1024", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:39", "1602128", "37.106.47.57:8018", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8018", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:39", "1602129", "37.106.47.57:3001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3001", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:39", "1602130", "37.106.47.57:3155", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3155", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:39", "1602131", "37.106.47.57:9529", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9529", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:38", "1602121", "37.106.47.57:4432", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4432", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:38", "1602122", "37.106.47.57:55443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#55443", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:38", "1602123", "37.106.47.57:12248", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12248", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:38", "1602124", "37.106.47.57:12174", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12174", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:38", "1602125", "37.106.47.57:3051", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3051", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:38", "1602126", "37.106.47.57:17774", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#17774", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:37", "1602115", "37.106.47.57:49", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#49", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:37", "1602116", "37.106.47.57:8902", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8902", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:37", "1602117", "37.106.47.57:12292", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12292", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:37", "1602118", "37.106.47.57:12562", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12562", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:37", "1602119", "37.106.47.57:55554", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#55554", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:37", "1602120", "37.106.47.57:5984", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5984", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:36", "1602111", "37.106.47.57:556", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#556", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:36", "1602112", "37.106.47.57:16100", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16100", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:36", "1602113", "37.106.47.57:52311", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#52311", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:36", "1602114", "37.106.47.57:8051", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8051", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:35", "1602105", "37.106.47.57:21250", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#21250", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:35", "1602106", "37.106.47.57:16053", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16053", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:35", "1602107", "37.106.47.57:9098", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9098", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:35", "1602108", "37.106.47.57:8475", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8475", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:35", "1602109", "37.106.47.57:16099", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16099", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:35", "1602110", "37.106.47.57:25084", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#25084", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:34", "1602099", "37.106.47.57:10089", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10089", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:34", "1602100", "37.106.47.57:3158", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3158", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:34", "1602101", "37.106.47.57:35002", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#35002", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:34", "1602102", "37.106.47.57:35560", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#35560", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:34", "1602103", "37.106.47.57:5620", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5620", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:34", "1602104", "37.106.47.57:10068", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10068", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:33", "1602093", "37.106.47.57:15044", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#15044", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:33", "1602094", "37.106.47.57:16036", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16036", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:33", "1602095", "37.106.47.57:12370", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12370", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:33", "1602096", "37.106.47.57:44308", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#44308", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:33", "1602097", "37.106.47.57:12419", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12419", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:33", "1602098", "37.106.47.57:4243", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4243", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:32", "1602089", "37.106.47.57:22609", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#22609", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:32", "1602090", "37.106.47.57:50022", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#50022", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:32", "1602091", "37.106.47.57:1022", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1022", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:32", "1602092", "37.106.47.57:11210", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#11210", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:31", "1602083", "37.106.47.57:11601", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#11601", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:31", "1602084", "37.106.47.57:35522", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#35522", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:31", "1602085", "37.106.47.57:16831", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16831", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:31", "1602086", "37.106.47.57:16050", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16050", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:31", "1602087", "37.106.47.57:119", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#119", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:31", "1602088", "37.106.47.57:12311", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12311", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:30", "1602077", "37.106.47.57:8906", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8906", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:30", "1602078", "37.106.47.57:2002", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2002", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:30", "1602079", "37.106.47.57:92", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#92", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:30", "1602080", "37.106.47.57:5272", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5272", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:30", "1602081", "37.106.47.57:8787", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8787", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:30", "1602082", "37.106.47.57:2226", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2226", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:29", "1602072", "37.106.47.57:12249", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12249", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:29", "1602073", "37.106.47.57:9204", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9204", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:29", "1602074", "37.106.47.57:10254", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10254", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:29", "1602075", "37.106.47.57:16000", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16000", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:29", "1602076", "37.106.47.57:833", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#833", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:28", "1602066", "37.106.47.57:3069", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3069", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:28", "1602067", "37.106.47.57:311", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#311", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:28", "1602068", "37.106.47.57:8010", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8010", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:28", "1602069", "37.106.47.57:81", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#81", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:28", "1602070", "37.106.47.57:8908", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8908", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:28", "1602071", "37.106.47.57:9057", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9057", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:27", "1602060", "37.106.47.57:548", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#548", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:27", "1602061", "37.106.47.57:8554", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8554", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:27", "1602062", "37.106.47.57:10243", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10243", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:27", "1602063", "37.106.47.57:9166", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9166", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:27", "1602064", "37.106.47.57:2210", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2210", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:27", "1602065", "37.106.47.57:12261", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12261", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:26", "1602055", "37.106.47.57:9998", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9998", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:26", "1602056", "37.106.47.57:4949", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4949", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:26", "1602057", "37.106.47.57:8708", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8708", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:26", "1602058", "37.106.47.57:28017", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#28017", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:26", "1602059", "37.106.47.57:21249", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#21249", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:25", "1602050", "37.106.47.57:3107", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3107", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:25", "1602051", "37.106.47.57:7443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#7443", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:25", "1602052", "37.106.47.57:1741", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1741", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:25", "1602053", "37.106.47.57:8889", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8889", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:25", "1602054", "37.106.47.57:9180", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9180", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:24", "1602045", "37.106.47.57:9758", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9758", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:24", "1602046", "37.106.47.57:5080", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5080", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:24", "1602047", "37.106.47.57:12400", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12400", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:24", "1602048", "37.106.47.57:16017", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16017", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:24", "1602049", "37.106.47.57:9333", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9333", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:23", "1602039", "37.106.47.57:9244", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9244", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:23", "1602040", "37.106.47.57:9981", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9981", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:23", "1602041", "37.106.47.57:1599", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1599", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:23", "1602042", "37.106.47.57:2480", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2480", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:23", "1602043", "37.106.47.57:16016", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16016", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:23", "1602044", "37.106.47.57:9074", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9074", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:22", "1602033", "37.106.47.57:9734", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9734", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:22", "1602034", "37.106.47.57:1970", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1970", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:22", "1602035", "37.106.47.57:4172", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4172", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:22", "1602036", "37.106.47.57:12103", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12103", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:22", "1602037", "37.106.47.57:12469", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12469", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:22", "1602038", "37.106.47.57:1460", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1460", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:21", "1602028", "37.106.47.57:16037", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16037", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:21", "1602029", "37.106.47.57:11110", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#11110", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:21", "1602030", "37.106.47.57:4840", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4840", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:21", "1602031", "37.106.47.57:2345", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2345", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:21", "1602032", "37.106.47.57:3187", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3187", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:20", "1602023", "37.106.47.57:9151", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9151", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:20", "1602024", "37.106.47.57:10205", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10205", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:20", "1602025", "37.106.47.57:12538", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12538", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:20", "1602026", "37.106.47.57:8688", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8688", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:20", "1602027", "37.106.47.57:16038", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16038", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:19", "1602019", "37.106.47.57:50010", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#50010", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:19", "1602020", "37.106.47.57:3780", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3780", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:19", "1602021", "37.106.47.57:8444", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8444", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:19", "1602022", "37.106.47.57:12130", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12130", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:18", "1602013", "37.106.47.57:8528", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8528", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:18", "1602014", "37.106.47.57:12158", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12158", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:18", "1602015", "37.106.47.57:18443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#18443", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:18", "1602016", "37.106.47.57:3269", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3269", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:18", "1602017", "37.106.47.57:10554", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10554", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:18", "1602018", "37.106.47.57:4782", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4782", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:17", "1602009", "37.106.47.57:35101", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#35101", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:17", "1602010", "37.106.47.57:8173", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8173", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:17", "1602011", "37.106.47.57:16096", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#16096", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:17", "1602012", "37.106.47.57:8732", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8732", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:16", "1602004", "37.106.47.57:8443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8443", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:16", "1602005", "37.106.47.57:10101", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10101", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:16", "1602006", "37.106.47.57:8142", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8142", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:16", "1602007", "37.106.47.57:10083", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10083", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:16", "1602008", "37.106.47.57:3118", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3118", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:15", "1601999", "37.106.47.57:18053", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#18053", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:15", "1602000", "37.106.47.57:54138", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#54138", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:15", "1602001", "37.106.47.57:21307", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#21307", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:15", "1602002", "37.106.47.57:42443", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#42443", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:15", "1602003", "37.106.47.57:12418", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12418", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:14", "1601994", "37.106.47.57:6020", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#6020", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:14", "1601995", "37.106.47.57:7349", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#7349", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:14", "1601996", "37.106.47.57:8039", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8039", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:14", "1601997", "37.106.47.57:9183", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9183", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:14", "1601998", "37.106.47.57:3013", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3013", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:13", "1601989", "37.106.47.57:55081", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#55081", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:13", "1601990", "37.106.47.57:40005", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#40005", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:13", "1601991", "37.106.47.57:2133", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2133", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:13", "1601992", "37.106.47.57:5900", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5900", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:13", "1601993", "37.106.47.57:8008", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8008", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:12", "1601983", "37.106.47.57:8062", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8062", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:12", "1601984", "37.106.47.57:29842", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#29842", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:12", "1601985", "37.106.47.57:18105", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#18105", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:12", "1601986", "37.106.47.57:9433", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9433", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:12", "1601987", "37.106.47.57:12243", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12243", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:12", "1601988", "37.106.47.57:5231", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5231", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:11", "1601977", "37.106.47.57:20053", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#20053", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:11", "1601978", "37.106.47.57:3008", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3008", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:11", "1601979", "37.106.47.57:21290", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#21290", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:11", "1601980", "37.106.47.57:9480", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9480", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:11", "1601981", "37.106.47.57:8586", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8586", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:11", "1601982", "37.106.47.57:12589", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12589", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:10", "1601971", "37.106.47.57:8076", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8076", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:10", "1601972", "37.106.47.57:5089", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5089", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:10", "1601973", "37.106.47.57:5555", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5555", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:10", "1601974", "37.106.47.57:9303", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9303", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:10", "1601975", "37.106.47.57:25082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#25082", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:10", "1601976", "37.106.47.57:10013", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10013", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:09", "1601965", "37.106.47.57:17", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#17", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:09", "1601966", "37.106.47.57:21242", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#21242", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:09", "1601967", "37.106.47.57:3790", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3790", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:09", "1601968", "37.106.47.57:8315", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8315", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:09", "1601969", "37.106.47.57:45666", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#45666", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:09", "1601970", "37.106.47.57:8155", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8155", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:08", "1601960", "37.106.47.57:2266", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2266", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:08", "1601961", "37.106.47.57:8402", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8402", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:08", "1601962", "37.106.47.57:12173", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12173", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:08", "1601963", "37.106.47.57:1925", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1925", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:08", "1601964", "37.106.47.57:5439", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5439", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:07", "1601954", "37.106.47.57:9069", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9069", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:07", "1601955", "37.106.47.57:9606", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9606", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:07", "1601956", "37.106.47.57:12551", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12551", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:07", "1601957", "37.106.47.57:9020", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9020", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:07", "1601958", "37.106.47.57:5005", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5005", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:07", "1601959", "37.106.47.57:221", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#221", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:06", "1601949", "37.106.47.57:1444", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1444", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:06", "1601950", "37.106.47.57:5135", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5135", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:06", "1601951", "37.106.47.57:9885", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9885", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:06", "1601952", "37.106.47.57:50100", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#50100", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:06", "1601953", "37.106.47.57:880", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#880", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:05", "1601944", "37.106.47.57:5680", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5680", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:05", "1601945", "37.106.47.57:30112", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#30112", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:05", "1601946", "37.106.47.57:1926", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#1926", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:05", "1601947", "37.106.47.57:8816", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8816", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:05", "1601948", "37.106.47.57:14104", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#14104", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:04", "1601938", "37.106.47.57:8412", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8412", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:04", "1601939", "37.106.47.57:2423", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2423", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:04", "1601940", "37.106.47.57:9923", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9923", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:04", "1601941", "37.106.47.57:8102", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8102", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:04", "1601942", "37.106.47.57:4506", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4506", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:04", "1601943", "37.106.47.57:234", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#234", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:03", "1601932", "37.106.47.57:5989", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5989", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:03", "1601933", "37.106.47.57:17771", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#17771", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:03", "1601934", "37.106.47.57:4567", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4567", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:03", "1601935", "37.106.47.57:5122", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5122", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:03", "1601936", "37.106.47.57:3082", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3082", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:03", "1601937", "37.106.47.57:180", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#180", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:02", "1601928", "37.106.47.57:10020", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10020", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:02", "1601929", "37.106.47.57:15", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#15", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:02", "1601930", "37.106.47.57:12225", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12225", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:02", "1601931", "37.106.47.57:45333", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#45333", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:01", "1601924", "37.106.47.57:12549", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12549", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:01", "1601925", "37.106.47.57:9118", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9118", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:01", "1601926", "37.106.47.57:2599", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2599", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:01", "1601927", "37.106.47.57:53481", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#53481", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:00", "1601919", "37.106.47.57:8024", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8024", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:00", "1601920", "37.106.47.57:7071", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#7071", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:00", "1601921", "37.106.47.57:12337", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#12337", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:00", "1601922", "37.106.47.57:8083", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8083", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:28:00", "1601923", "37.106.47.57:5249", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#5249", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:59", "1601914", "37.106.47.57:20256", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#20256", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:59", "1601915", "37.106.47.57:8001", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#8001", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:59", "1601916", "37.106.47.57:7510", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#7510", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:59", "1601917", "37.106.47.57:4300", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4300", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:59", "1601918", "37.106.47.57:9797", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9797", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:58", "1601909", "37.106.47.57:3151", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#3151", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:58", "1601910", "37.106.47.57:4899", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#4899", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:58", "1601911", "37.106.47.57:10047", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#10047", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:58", "1601912", "37.106.47.57:9034", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#9034", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:58", "1601913", "37.106.47.57:2224", "ip:port", "botnet_cc", "win.extreme_rat", "ExtRat", "Xtreme RAT", "", "50", "https://www.shodan.io/host/37.106.47.57#2224", "c2,extreme,shodan", "0", "juroots" "2025-09-26 07:27:28", "1601908", "196.251.70.130:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "50", "https://www.shodan.io/host/196.251.70.130#80", "c2,cobaltstrike,shodan", "0", "juroots" "2025-09-26 07:27:11", "1601907", "47.236.110.95:10443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-26 07:27:28", "50", "https://www.shodan.io/host/47.236.110.95#10443", "c2,cobaltstrike,cs-watermark-391144938,shodan", "0", "juroots" "2025-09-26 07:27:08", "1601906", "8.130.26.216:8443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-26 07:27:28", "50", "https://www.shodan.io/host/8.130.26.216#8443", "c2,cobaltstrike,cs-watermark-666666666,shodan", "0", "juroots" "2025-09-26 06:56:04", "1601905", "https://sisadfriolkdle.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/0f1dc290dc20f3eefb0f6cb4d965e437f207484151f57d0fe3b58b33565e99bc/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:56:03", "1601904", "https://lilikutliputsdf.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/0a0b5a41127b8a33da8142b9fe055caa42634247501d7157c9432cce612f7392/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:56:01", "1601903", "https://kwestgidokudiojek.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/0f1dc290dc20f3eefb0f6cb4d965e437f207484151f57d0fe3b58b33565e99bc/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:49:51", "1601899", "91.99.186.107:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:51", "1601901", "78.47.14.112:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:51", "1601902", "78.47.233.218:443", "ip:port", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:25", "1601894", "d0.alexandraparasca.com", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:25", "1601895", "sfr.konebras.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:25", "1601896", "icc.konebras.com.br", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:25", "1601897", "d0.aztu.edu.az", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:25", "1601898", "sfr.aztu.edu.az", "domain", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:09", "1601889", "https://d0.alexandraparasca.com/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:09", "1601890", "https://sfr.konebras.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:09", "1601891", "https://icc.konebras.com.br/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:09", "1601892", "https://d0.aztu.edu.az/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:49:09", "1601893", "https://sfr.aztu.edu.az/", "url", "botnet_cc", "win.vidar", "None", "Vidar", "", "100", "", "Vidar", "0", "crep1x" "2025-09-26 06:40:47", "1601888", "https://sistoronykastadro.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/d535cf3ad3fa5d18bf485cc86d4671b9febad7074c904be0290b41ba0a430dd8/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:40:45", "1601887", "https://dorevilokpadjghs.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/74b34fd58b8927a025dbba176442e079637049fe9b66fa80beed989e8939015e/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:40:44", "1601886", "https://dasrilkosdirosado.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/d535cf3ad3fa5d18bf485cc86d4671b9febad7074c904be0290b41ba0a430dd8/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:40:42", "1601885", "https://ariokliasklfdnok.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/74b34fd58b8927a025dbba176442e079637049fe9b66fa80beed989e8939015e/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:03:00", "1601884", "14.128.50.89:9000", "ip:port", "botnet_cc", "win.valley_rat", "Winos", "ValleyRAT", "", "100", "https://tria.ge/250926-f79z3atyct", "AS152194,C2,rat,triage,valleyrat", "0", "DonPasci" "2025-09-26 06:01:24", "1601882", "employment-memorabilia.gl.at.ply.gg", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250926-b5lr8sz1gy", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-26 06:01:24", "1601883", "mvps-remote.duckdns.org", "domain", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "", "100", "https://tria.ge/250926-f3dq3atxes", "C2,domain,quasar,rat,triage", "0", "DonPasci" "2025-09-26 06:00:58", "1601881", "https://klonfcrtyseaflow.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/dc25dd8cc1ce53da33777c82b6acfb820ede522e894093386349538e0b58d86c/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:00:56", "1601880", "https://daestfestifalkrlon.com/work/", "url", "botnet_cc", "win.latrodectus", "BLACKWIDOW,IceNova,Latrodectus,Lotus", "Latrodectus", "", "75", "https://bazaar.abuse.ch/sample/dc25dd8cc1ce53da33777c82b6acfb820ede522e894093386349538e0b58d86c/", "latrodectus", "0", "abuse_ch" "2025-09-26 06:00:51", "1601878", "nuz8o8.88933.vip", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-f1va2atxcw", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 06:00:51", "1601879", "omfg131313.dynuddns.com", "domain", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "", "100", "https://tria.ge/250926-etmf6sdm7t", "asyncrat,C2,domain,rat,triage", "0", "DonPasci" "2025-09-26 06:00:26", "1601877", "196.251.116.187:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "100", "https://tria.ge/250926-cqhmpsbr71", "AS401116,C2,rat,remcos,triage", "0", "DonPasci" "2025-09-26 06:00:18", "1601876", "aaaxxx6.hopto.org", "domain", "botnet_cc", "win.xworm", "None", "XWorm", "", "100", "https://tria.ge/250926-fzkefaej7z", "C2,domain,triage,xworm", "0", "DonPasci" "2025-09-26 05:57:11", "1601819", "142.132.185.98:2474", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:10", "1601822", "142.132.185.98:1337", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:09", "1601820", "142.132.185.98:12381", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-09-26 00:12:07", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:09", "1601821", "142.132.185.98:38441", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:08", "1601823", "142.132.185.98:6463", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:08", "1601824", "142.132.185.98:2348", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:07", "1601825", "142.132.185.98:8745", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:07", "1601826", "142.132.185.98:4444", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:07", "1601827", "142.132.185.98:7122", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:05", "1601828", "142.132.185.98:5555", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:05", "1601829", "142.132.185.98:8932", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:05", "1601830", "142.132.185.98:3333", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:04", "1601831", "142.132.185.98:7214", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:04", "1601832", "142.132.185.98:4200", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:03", "1601833", "142.132.185.98:3257", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:03", "1601834", "142.132.185.98:1114", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:02", "1601835", "142.132.185.98:6969", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:02", "1601836", "142.132.185.98:23845", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "", "c2,deeznuts,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:57:01", "1601845", "61.53.132.156:45062", "ip:port", "botnet_cc", "win.lokipws", "Burkina,Loki,LokiBot,LokiPWS", "Loki Password Stealer (PWS)", "", "75", "https://threatquery.com/engines/ip.html?value=61.53.132.156&type=ip", "AS4837,c2,LokiBot,threatquery", "0", "threatquery" "2025-09-26 05:57:00", "1601837", "91.224.92.78:80", "ip:port", "payload_delivery", "elf.mirai", "Katana", "Mirai", "", "100", "", "backdoor,Mirai,Omni,Trojan", "1", "bigbigfox" "2025-09-26 05:56:59", "1601848", "89.213.45.54:443", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "2025-09-27 21:47:52", "90", "https://search.censys.io/hosts/89.213.45.54", "AS214481,C2,censys", "0", "dyingbreeds_" "2025-09-26 05:56:58", "1601849", "78.56.171.137:8808", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-27 21:47:35", "100", "https://search.censys.io/hosts/78.56.171.137", "AS8764,C2,censys,RAT,TELIA-LIETUVA", "0", "dyingbreeds_" "2025-09-26 05:56:58", "1601852", "94.156.170.181:80", "ip:port", "botnet_cc", "apk.hook", "None", "Hook", "2025-09-26 04:00:51", "100", "https://search.censys.io/hosts/94.156.170.181", "AS215439,C2,censys,Hookbot,PLAY2GO-NET", "0", "dyingbreeds_" "2025-09-26 05:56:57", "1601854", "143.198.39.38:60000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/143.198.39.38", "AS14061,censys,DIGITALOCEAN-ASN,Viper", "0", "dyingbreeds_" "2025-09-26 05:56:56", "1601853", "111.229.202.130:8927", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/111.229.202.130", "AS45090,Botnet,byob,C2,censys", "0", "dyingbreeds_" "2025-09-26 05:56:56", "1601857", "91.236.230.146:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/91.236.230.146", "AS62005,BV-EU-AS,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-26 05:56:55", "1601855", "45.12.70.91:8443", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/45.12.70.91", "AS41745,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-26 05:56:55", "1601856", "104.168.135.87:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/104.168.135.87", "AS54290,censys,GoPhish,HOSTWINDS,Phishing", "0", "dyingbreeds_" "2025-09-26 05:56:54", "1601858", "192.210.228.122:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/192.210.228.122", "AS-COLOCROSSING,AS36352,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-26 05:56:54", "1601859", "180.76.149.173:8080", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/180.76.149.173", "AS38365,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-26 05:56:53", "1601860", "18.153.132.95:3333", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/18.153.132.95", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-26 05:56:53", "1601861", "51.38.64.232:8000", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/51.38.64.232", "AS16276,censys,GoPhish,OVH,Phishing", "0", "dyingbreeds_" "2025-09-26 05:56:52", "1601862", "40.81.228.148:8081", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/40.81.228.148", "AS8075,censys,GoPhish,MICROSOFT-CORP-MSN-AS-BLOCK,Phishing", "0", "dyingbreeds_" "2025-09-26 05:56:52", "1601863", "54.73.179.121:4433", "ip:port", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "https://search.censys.io/hosts/54.73.179.121", "AMAZON-02,AS16509,censys,GoPhish,Phishing", "0", "dyingbreeds_" "2025-09-26 05:56:51", "1601867", "151.242.30.2:38241", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "Mirai", "0", "elfdigest" "2025-09-26 05:56:51", "1601868", "cnc.feds.gay", "domain", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "Mirai", "0", "elfdigest" "2025-09-26 05:56:49", "1601477", "108.187.0.52:56003", "ip:port", "botnet_cc", "win.purelogs", "None", "PureLogs Stealer", "", "99", "https://www.joesandbox.com/analysis/1784125/0/html", "None", "0", "netresec" "2025-09-26 05:56:49", "1601497", "89.32.41.47:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "2025-09-25 16:00:10", "100", "None", "Mirai", "0", "elfdigest" "2025-09-26 05:56:48", "1601520", "https://nickbush24.com/reg", "url", "botnet_cc", "win.broomstick", "CLEANBOOST,CleanUp,CleanUpLoader,Oyster", "Broomstick", "", "75", "https://app.any.run/tasks/1e0101a3-d609-44bf-af64-e795ac1524a0", "None", "0", "tanner" "2025-09-26 05:56:48", "1601522", "45.156.87.152:3778", "ip:port", "botnet_cc", "elf.mirai", "Katana", "Mirai", "", "100", "None", "Mirai", "0", "elfdigest" "2025-09-26 05:51:23", "1601875", "111.231.168.28:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-26 05:51:22", "1601874", "47.108.55.114:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 04:00:11", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-26 05:51:06", "1601873", "81.70.153.75:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-391144938", "0", "abuse_ch" "2025-09-26 05:50:55", "1601872", "123.56.54.231:82", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-26 05:50:54", "1601871", "49.232.166.91:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-26 05:50:48", "1601870", "129.204.186.209:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-26 05:50:47", "1601869", "111.229.48.203:801", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "100", "None", "CobaltStrike,cs-watermark-987654321", "0", "abuse_ch" "2025-09-26 04:12:56", "1601866", "t1.o-554.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 04:10:59", "1601865", "m0.nybh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 04:12:56", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 04:01:22", "1601864", "45.152.85.15:8443", "ip:port", "botnet_cc", "win.bianlian", "None", "BianLian", "2025-09-27 21:46:46", "100", "https://search.censys.io/hosts/45.152.85.15", "AS213220,BianLian,C2,censys,DATA-DELTA-AS", "0", "DonPasci" "2025-09-26 04:00:37", "1601851", "104.194.156.45:8000", "ip:port", "botnet_cc", "win.sliver", "None", "Sliver", "", "100", "https://search.censys.io/hosts/104.194.156.45", "AS14956,C2,censys,open-dir,payload,ROUTERHOSTING,Sliver", "0", "DonPasci" "2025-09-26 04:00:30", "1601850", "196.251.83.188:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:45:47", "100", "https://search.censys.io/hosts/196.251.83.188", "AS401120,C2,censys,CHEAPY-HOST,RAT,Remcos", "0", "DonPasci" "2025-09-26 04:00:11", "1601847", "68.183.36.134:8008", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:56", "100", "https://search.censys.io/hosts/68.183.36.134", "AS14061,C2,censys,CobaltStrike,cs-watermark-987654321,DIGITALOCEAN-ASN", "0", "DonPasci" "2025-09-26 04:00:10", "1601846", "47.93.147.159:10002", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-26 04:00:17", "100", "https://search.censys.io/hosts/47.93.147.159", "ALIBABA-CN-NET,AS37963,C2,censys,CobaltStrike,cs-watermark-987654321", "0", "DonPasci" "2025-09-26 02:49:52", "1601844", "217.154.212.25:2053", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:28", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 02:49:48", "1601843", "196.251.71.22:443", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:25", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-26 02:28:09", "1601842", "qz9.o-554.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 02:27:02", "1601841", "lq.pymh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 02:28:09", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 00:30:49", "1601840", "v2.o-554.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 00:29:49", "1601839", "m3.3r7j7.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 04:11:31", "100", "None", "clearfake", "1", "ttakvam" "2025-09-26 00:29:46", "1601838", "hk.pymh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-26 00:30:49", "100", "None", "ClearFake", "0", "threatcat_ch" "2025-09-26 00:05:12", "1601818", "http://towerbingobongoboom.com:8080/updater?for=E0CD6A53D52A08539A9787E388FF1D3B", "url", "botnet_cc", "unknown", "None", "Unknown malware", "", "100", "None", "GoProxy", "0", "abuse_ch" "2025-09-26 00:02:05", "1601817", "15.237.251.20:44817", "ip:port", "botnet_cc", "win.netsupportmanager_rat", "NetSupport", "NetSupportManager RAT", "2025-09-27 21:44:22", "100", "https://search.censys.io/hosts/15.237.251.20", "AMAZON-02,AS16509,C2,censys,Netsupport,RAT", "0", "DonPasci" "2025-09-26 00:02:03", "1601815", "31.57.55.16:65503", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-26 04:00:49", "100", "https://search.censys.io/hosts/31.57.55.16", "AS36137,C2,censys,DcRAT,PEG-FR,RAT", "0", "DonPasci" "2025-09-26 00:02:03", "1601816", "31.57.55.69:65503", "ip:port", "botnet_cc", "win.dcrat", "DarkCrystal RAT", "DCRat", "2025-09-26 04:00:49", "100", "https://search.censys.io/hosts/31.57.55.69", "AS36137,C2,censys,DcRAT,PEG-FR,RAT", "0", "DonPasci" "2025-09-26 00:01:31", "1601814", "196.251.71.141:443", "ip:port", "botnet_cc", "win.venom", "None", "Venom RAT", "2025-09-26 04:00:47", "100", "https://search.censys.io/hosts/196.251.71.141", "AS401120,C2,censys,CHEAPY-HOST,RAT,Venom", "0", "DonPasci" "2025-09-26 00:01:30", "1601813", "192.142.0.63:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:45:32", "100", "https://search.censys.io/hosts/192.142.0.63", "AS214036,C2,censys,Havoc,ULTAHOST-AS", "0", "DonPasci" "2025-09-26 00:01:29", "1601812", "20.169.181.39:443", "ip:port", "botnet_cc", "win.havoc", "Havokiz", "Havoc", "2025-09-27 21:45:54", "100", "https://search.censys.io/hosts/20.169.181.39", "AS8075,C2,censys,Havoc,MICROSOFT-CORP-MSN-AS-BLOCK", "0", "DonPasci" "2025-09-26 00:00:57", "1601811", "201.210.76.254:443", "ip:port", "botnet_cc", "win.quasar_rat", "CinaRAT,QuasarRAT,Yggdrasil", "Quasar RAT", "2025-09-26 04:00:44", "100", "https://search.censys.io/hosts/201.210.76.254", "AS8048,C2,CANTV,censys,Quasar,RAT", "0", "DonPasci" "2025-09-26 00:00:50", "1601810", "164.68.120.30:3006", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-27 21:44:37", "100", "https://search.censys.io/hosts/164.68.120.30", "AS51167,AsyncRAT,C2,censys,CONTABO,RAT", "0", "DonPasci" "2025-09-26 00:00:49", "1601809", "45.156.87.82:8000", "ip:port", "botnet_cc", "win.asyncrat", "None", "AsyncRAT", "2025-09-27 21:46:46", "100", "https://search.censys.io/hosts/45.156.87.82", "AS51396,AsyncRAT,C2,censys,PFCLOUD,RAT", "0", "DonPasci" "2025-09-26 00:00:34", "1601808", "108.174.56.150:2404", "ip:port", "botnet_cc", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "2025-09-27 21:43:47", "100", "https://search.censys.io/hosts/108.174.56.150", "AS-COLOCROSSING,AS36352,C2,censys,RAT,Remcos", "0", "DonPasci" "2025-09-25 23:33:11", "1601806", "16bc4c9ca0a1461b82d8e731ab5ced982a895548210f49fa6e106fb49fe1cc30", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:11", "1601807", "c99733010bf11a734c153e70b88eaa09", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:10", "1601803", "e66437f20ac2fe570ad886d485354b997e873b9b7eb2ed2db00855e1b09f5e39", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:10", "1601804", "295da332ce2cd1b25724b8c6fdad3854", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:10", "1601805", "5a92b279124710588b4934cd921299d52e5903eb", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:09", "1601801", "8da4c0ab7c022b25277d3a0cad21798d", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:09", "1601802", "9f5e786113ceeb033a0157c9f0b2af73a1a6fe16", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:08", "1601798", "0477339311e1e0690a2ce400de5a25dc", "md5_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:08", "1601799", "21634114c4001464cd9306de68e4d16de5f0a215", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:08", "1601800", "08340a503c6eb0b479acc2d5ad51f9a2ad1d3e3b8a30707448babd3416a22dab", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:07", "1601795", "0450cbe9cf426f9857131d4730ca898e", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:07", "1601796", "6aa4021f5c4165a4a2720112d231709d49ef55e6", "sha1_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:07", "1601797", "b95af92a834eb681ddc75a01948eb1cb28657366911a657b43e3f3c9abc79f10", "sha256_hash", "payload", "win.redline_stealer", "RECORDSTEALER", "RedLine Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:06", "1601792", "c6c8dc34fd2735beab6bb1f8609bc67b", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:06", "1601793", "c7e7c630a22b64f8dc589c28762f4c634c1d11b0", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:06", "1601794", "634e76c0b66a36325be0d2d4c48566042173abd342b636bfb322c50a91cc5e75", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:05", "1601789", "c48b806b5553a48b2f73b88d714ce6ca", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:05", "1601790", "f69f7d1206793cac1075fd3a21a2be4c5f8a5abb", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:05", "1601791", "07ff93264959e611dc2833c5b5d7625c1f18d0d943792a5019a319d48c260c17", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:04", "1601786", "fcb24423bcb5913809a33911443558ec", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:04", "1601787", "dc2a262813e753d396203cea6cb9c95e0c68825b", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:04", "1601788", "6d583cacffa753561203ea70ca7dd3da996bdb0b6ef5b25aaef8eb01ae5c8326", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:03", "1601784", "17ffc4d08153a41606aba2cc6bf649d050a59e34", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:03", "1601785", "ad0a87e7d15323230f7732b7d734abe976d5e6b4e32ec086e7892ca0f67acfe7", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:02", "1601782", "4044d855baa6bb2633fcfa8d489c2e6a06e2923f545b94be7768cdcfba857b89", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:02", "1601783", "99c3184e60f6f0eed2157faa34735939", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:01", "1601779", "12f519e0749c4f2d852684cb3131506b89b941710c1f477ecc74b7958d9e9f46", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:01", "1601780", "8c824758d17ace05063668722b3109e6", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:01", "1601781", "86386cf1326a3686191cf7fe6e4d03ed5cced55a", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:00", "1601776", "519ab6b3a7f312dd520533bd579b161fd7a0fc7b07204ce22fe3b6279316c0b4", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:00", "1601777", "f4eada0743d985d936f9ba3902a44f20", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:33:00", "1601778", "0be7bae2e21fdf8898e2fa05f77b5502502379c6", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:59", "1601774", "3ea5dc223fef0d8d959f3be548c4be64", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:59", "1601775", "d5936424ef94e783abc55c64ebdf5a453fa8aff5", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:58", "1601771", "5f36f9f448681a12e0d097dd37b4ddaa", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:58", "1601772", "cdd423c493e98915a9f2cea1548fa8ac3c0e576b", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:58", "1601773", "55c420575256efe054c9e02202fce8e4540b62e5e7bbd5fb24b25effdbdefd98", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:57", "1601768", "0c14cdb4498258b007bf52acdabccf3a", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:57", "1601769", "6991c9321edfc738e823bbb66b53bfe9aa6db38e", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:57", "1601770", "806c54f6774b7fd87697f35797bf146b7b72367c5ccb17ed21e10de5cb7d9020", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:56", "1601765", "349b587a16492e9fa485fc5bfe4b3a8b", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:56", "1601766", "58c71dbf124a823412dc0b7bc791dd880f8fed27", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:56", "1601767", "26f658333fbc8b9516cd269e6e367d117224e603bfb996fbcd33ce01ad321985", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:55", "1601762", "d122e2191fa117e0de511bd9707d197e", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:55", "1601763", "bcabecab5ee5bea3bbe36d516ab02d6e20965bf4", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:55", "1601764", "725e677966bf390ad5932fbdea2890a8dbcaf346d2b4bd606590b97ecd2c7d2a", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:54", "1601759", "6e9b5aafe76978c72754cd13228a4bb4", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:54", "1601760", "155e72f0dd10f14e5b8f7269a29a10efea8bafb1", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:54", "1601761", "203c3adfd8e7dfce5ad2eb48f32eadac9ea1ef359ba007f589e92e9c718339af", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:53", "1601757", "1fdca3da7b02aaec44b8ceeb5022dd2c38078369", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:53", "1601758", "7a4d557a530f7630d2d22b60c1ed5adf386cb57401bfe73da141adbf1e9e91e4", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:52", "1601754", "8cb4ce6aa982f4ef8bbd94d4867972f34eac0c72", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:52", "1601755", "bbe3c1845567df994a78b290fef9260d54f6ae3d9a0e2b121fc28ec3f34557db", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:52", "1601756", "208ce31d7b37d17d069859f3ef0ea3c0", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:51", "1601751", "b9925eb81773022087c6ada5e067fe020ae73b9e", "sha1_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:51", "1601752", "b5e1c67dee17674abd3bb018b8cc80fc8c7524261f905a24ee38f341a382adba", "sha256_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:51", "1601753", "d3748f7cb99d9d8ad8bda106fa6c6523", "md5_hash", "payload", "win.troystealer", "None", "troystealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:50", "1601748", "93cc60755577b561a9daefad6098a388cb2be34b", "sha1_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:50", "1601749", "fdc4f6f01f98760794e04c00c6d9f2cd2332cbd7569c87663302c4deeb8a2e47", "sha256_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:50", "1601750", "fcc62dc776526cc0f9e6c7edafcb2594", "md5_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:49", "1601745", "c6a20ac9d09fd0e9b40ee3a73690c1e3b0e607fe", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:49", "1601746", "0874e7b9ba2653207308bad8a2efca4a30690413a4eaeace15a6b4d601a5bb94", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:49", "1601747", "cc38769ded7b2c6959c3199c84f8db91", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:48", "1601742", "85e94cd8816fbf04766aeca538657e55d0ff812c", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:48", "1601743", "f26b15aa89c33b3ceabfdbd1e2dbc1a1759587add95183baba90ca4d0607d6d2", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:48", "1601744", "7ae9d64c120cf88a5d8079ec2542ca93", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:47", "1601739", "771674c2bfe693fcf55e9769f3b8914f2f1fafba", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:47", "1601740", "688f780750bb4f3baa5a0b3e460f4cae16d56ce0c173d630811ce14c9b614fa1", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:47", "1601741", "f632077cdacca6b399cc8a2a4a3b4c69", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:46", "1601737", "eedcb9d6941ac0222326effff57b8d1311e38850f1feb008f871732eb4176e54", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:46", "1601738", "1eb5183cfd3ff79750be9dafbb56b7e8", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:45", "1601734", "6e009cb2ccbc1f7ab7595a488cee196394fbd771fac77ce393a8e3cbddd108b3", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:45", "1601735", "6ebaea392ba661d3408653fef0037de6", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:45", "1601736", "28189c62af579d40fc265c10d7ba149602cf8848", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:44", "1601731", "ce489800817ea619199ea83ada512983e04a79cd0517bffedfb7db01dd6f3d17", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:44", "1601732", "2a896010e623f15fcda22dabce50fb40", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:44", "1601733", "983de3aba0229da958db42d7b81c224deb6a7e35", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:43", "1601728", "1bd7f308b3898676aa758530e4c98d95a6220ff0fa96a8670d4e61ab792e761c", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:43", "1601729", "e50e52bb9030e2900952d0768eb848a4", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:43", "1601730", "7c29809132a91664ccd48d05a8b5a590b4af8be0", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:42", "1601726", "bb525f68da6fb8dfbe4dc44e33e1193d", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:42", "1601727", "50148fd0231475cd068d38b7fb65349b8c613545", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:41", "1601723", "5515b2a1e61f448da9e045a8c5f2f568", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:41", "1601724", "5a34d205beaf9e20f7bc4e8907eebd70f9315bbb", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:41", "1601725", "b35d99e722f9bbbbb7f0792f4193976e174191bda29b7616807f77ffdac5546b", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:40", "1601720", "4d0ad8db3f658ad728de8db951f50b11", "md5_hash", "payload", "win.younglotus", "DarkShare", "YoungLotus", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:40", "1601721", "64966183e8d1ac56c0731154518bff3d010de253", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:40", "1601722", "184b60b719f2ef2425d6c7483c11bf6124e67a890fe14acf981b3429e6f56854", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:39", "1601717", "e0ccab18854569e47da189b78d084c35", "md5_hash", "payload", "win.webmonitor", "RevCode", "WebMonitor RAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:39", "1601718", "f6f9a3bd76c544ecb29cb3a7ec62bab6e53bce94", "sha1_hash", "payload", "win.younglotus", "DarkShare", "YoungLotus", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:39", "1601719", "992909009f91cb9befb1649da1eb057f49b562ab9b6ffce8953a1f616a037042", "sha256_hash", "payload", "win.younglotus", "DarkShare", "YoungLotus", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:38", "1601714", "88a3db0853d92216b7a7f51519fe84f9", "md5_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:38", "1601715", "0c9da95fab7056bdbe420f3d4e0b05fdb031d048", "sha1_hash", "payload", "win.webmonitor", "RevCode", "WebMonitor RAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:38", "1601716", "9af05270999fb97c3e0b25cc76e644be34b80442297b44103bae829f70d1820a", "sha256_hash", "payload", "win.webmonitor", "RevCode", "WebMonitor RAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:37", "1601712", "84168262c24bba01888454b3fa63db14355dbbfa", "sha1_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:37", "1601713", "4c7dab2b02e95713227c4d42a450fb49611abc565f18fd986b80bd4f9c83d693", "sha256_hash", "payload", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:36", "1601709", "46055d91a546bf99de177e97bc4e50e0fcbc4dae", "sha1_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:36", "1601710", "0dd61c2bc71e0dd4b4bd7bbd660b1b4646fb5d1240f067ed728a9dacd3fbed5d", "sha256_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:36", "1601711", "c312a0067b8196b424eebec08357b21f", "md5_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:35", "1601706", "b70daa16f318e2db6e8fcb8571f1b1fda6ed8ad3", "sha1_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:35", "1601707", "15fb02f50b1e2452c28f43cf152763adfe0437334832bf5db5885512450b2d20", "sha256_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:35", "1601708", "c1cb4d98ea54d5408552509bba7dbf3c", "md5_hash", "payload", "win.luca_stealer", "None", "Luca Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:34", "1601703", "1497c0156eaf25a9f78f741627754e2dca2ae8f4", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:34", "1601704", "24c45bab55ca504b93a80cd8d72e94c3baf722c539e03aaa60ec8cbf4a11d69e", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:34", "1601705", "7c107980477e32710046110944825718", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:33", "1601700", "c91cb02246319f1c66fd9167bfb171cc2f63b7a5", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:33", "1601701", "70de374f49537dc6227fd2172c7f7f38c3f61d234b4acf69058aa5c3404590da", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:33", "1601702", "537ab20edc2a55ad778a59c3e75cadff", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:32", "1601698", "7dd988ed0f432c6279698bcf0dc7500ab0153fe77378f06e718a2a3b1534c5d7", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:32", "1601699", "c96f6c650dbfc1e4ad98a4ca9c5c450d", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:31", "1601695", "55b3f8a499020145a728a1b28e90b2753e9ec4895369ada8d2812f61f3696f42", "sha256_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:31", "1601696", "328b2a460796db04f3d3f93963f4b629", "md5_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:31", "1601697", "cd91469779de9c8c9f7643789e2ef8c626e5cd03", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:30", "1601692", "242418928ee50cd9d4c70bddf5b9434ee65244aa46376f123f1c59359c281eaa", "sha256_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:30", "1601693", "0755252c826a1427e4599d22c5fee3f8", "md5_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:30", "1601694", "cbfb6575db1534d21dcc603c7f71f99cb85998a1", "sha1_hash", "payload", "win.salatstealer", "None", "SalatStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:29", "1601690", "d8dd3e5331bc7797a7546646943d90b3", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:29", "1601691", "bc9295b5c7575678508822e38dbae2306775d2ae", "sha1_hash", "payload", "win.remcos", "RemcosRAT,Remvio,Socmer", "Remcos", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:28", "1601687", "437618b22ef7ebb31d7bc51f23913e03", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:28", "1601688", "96f5fc86ef738faccc808c7f9cf347de1ed0227e", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:28", "1601689", "8fff303bfb9bfb67bbff7b1aabf41637887276d5e8b3d5763fb7c559c2ca581c", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:27", "1601684", "05c44962b40691d3412a4fcd323a744c", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:27", "1601685", "ea1942c7e4104431863b56a1dc7414974f06a662", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:27", "1601686", "13199e42b39e183eea312c99eb0bb2cc697f925945b25a6e6dcc1550d4676a9d", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:26", "1601681", "e349bd0463a61bf87242406f640d5524", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:26", "1601682", "957c7e44ab759e57b3ca024cb939a54c304e6d31", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:26", "1601683", "f2716726e0b5ffe70b16aadeb4210480aac6d5297246067737ca6268cc5738cb", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:25", "1601678", "05afb0178ad592dc3c3d1d7f3918fd0c", "md5_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:25", "1601679", "f98595d38f39bf7f55ff9cf31c27c3f15c588509", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:25", "1601680", "1e8455c7bcbcc2f000b972418d0e193fcc0a022f330c9eea750bacf95b2493b4", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:24", "1601676", "65bbd5fb25c3b2008b0d9b09d12d0d0a97cac0bd", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:24", "1601677", "053fdd300865d1f2c9e73e7df6277335316767a45aeaff187d6495dc792f7689", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:23", "1601673", "536070cdc76549a56c837bb5d7104a389c91e5ff", "sha1_hash", "payload", "win.ghostsocks", "None", "GhostSocks", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:23", "1601674", "f9716135b3eb5b91e697cb02fda30a5c1d0de0867382d9f5b99ac576d9bacf48", "sha256_hash", "payload", "win.ghostsocks", "None", "GhostSocks", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:23", "1601675", "d0d99f924c84ff411dbf2f1fd25522e8", "md5_hash", "payload", "win.ghostsocks", "None", "GhostSocks", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:22", "1601670", "f5dac0a4aa47aec69d159904422b906fe589bac1", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:22", "1601671", "26e6b93427949360b1b00f81af356a5b947b95ca021d8f4618fea76ec7f2c54d", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:22", "1601672", "bbddcf46a8de309d9db1fc791e658268", "md5_hash", "payload", "win.vidar", "None", "Vidar", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:21", "1601667", "c3ef7054076bd4aa238d998543cf1d247009e8f3", "sha1_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:21", "1601668", "a867e908995563dad71a115e74f73d0449ba21dc62310b2e0b2e179e399a4d73", "sha256_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:21", "1601669", "25bdc29533d15c9f924b552f2ed516e5", "md5_hash", "payload", "win.asyncrat", "None", "AsyncRAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:20", "1601665", "868bf28e2b667d23b3867b04e1e349ef625aee1db3c7fae1992db6d2bd03fe10", "sha256_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:20", "1601666", "8bd8b136dfc009d363ef772240caf48b", "md5_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:19", "1601662", "56aa595a5e815230d1fe0f9a9e9b744d809d7e5daf28cdf43283036126a7bc5d", "sha256_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:19", "1601663", "375cb8055313196662a03052caed2aef", "md5_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:19", "1601664", "6fdef1a35877c99292aa96470f570555e9fba62e", "sha1_hash", "payload", "win.formbook", "win.xloader", "Formbook", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:18", "1601659", "befa46166e43d30548a11b5d93ba321bfc0304e4d3a22969545bc51df3e887be", "sha256_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:18", "1601660", "a171547aae102d6f86c16b4e2df316e9", "md5_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:18", "1601661", "3bb92181ce297f9f67d327a3cb26f0b1d595af2b", "sha1_hash", "payload", "win.krakenkeylogger", "None", "KrakenKeylogger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:17", "1601656", "6dd391bb10499681f406744962230bf176454a073955913a6278058e41bc02b2", "sha256_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:17", "1601657", "01d319e60594476bd85df1e23a8bb470", "md5_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:17", "1601658", "4576942425a23e7b07f223e9b0a2f15c2f575543", "sha1_hash", "payload", "win.agent_tesla", "AgenTesla,AgentTesla,Negasteal", "Agent Tesla", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:16", "1601654", "885111915715be36ce385456d8d9b6af", "md5_hash", "payload", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:16", "1601655", "394d3a2457fe63b1a74ecd2c6138042f25788ead", "sha1_hash", "payload", "win.valley_rat", "Winos", "ValleyRAT", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:15", "1601651", "906b09a84d70168d24a168566bd884a2", "md5_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:15", "1601652", "ab2f6f5e7d32fd1b1483d6847cfa7a189b7985d1", "sha1_hash", "payload", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:15", "1601653", "b56bfa3b2b15568250f21583deee3c5059f87fe830d4ce021deeaddfef880775", "sha256_hash", "payload", "win.aurotun_stealer", "None", "Aurotun Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:14", "1601648", "16771ad1d7491ef2b9904b844fa9f5bb", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:14", "1601649", "f0c3b1b2b669e14f6c14e6cd4c89f27ceb50208d", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:14", "1601650", "9f001462867b7d210dea54afb92c2b023efa6ee46e8bb43fe1574722e133cacc", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:13", "1601645", "22c7dd608f4c8cf8b126354e4ce1498b", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:13", "1601646", "183b8eaaa240fa0439ece03c3c4eeefba538b770", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:13", "1601647", "b5def5a71c2c8f07fa30379346fdd97c89bc77f8fbd5200bc41a3bb13ce4ee4c", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:12", "1601642", "e37ecf304ac846c03cdb04fa6cbfe1dd", "md5_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:12", "1601643", "068b3c467558fa0d472a81f27e348f1cdd576e37", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:12", "1601644", "94ab584f2783aceea12fa27325cf6a3398c37d0d0404b42526e9106d92556cc8", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:11", "1601640", "bbbeb70afeeb7901b27ec5dddf6bafcccf84ba8a", "sha1_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:11", "1601641", "8e1679072636b5c3dfcbb778b6eab126d385de5e4ed914118d954af5aa30d37b", "sha256_hash", "payload", "win.strelastealer", "None", "StrelaStealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:10", "1601637", "ad0cfb81420cc011dab8b22b8fbf21838961d8af", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:10", "1601638", "fc4fbf964b1ea4b01201f4f9fa13345ee834464272d6cdc9814de53e1c4d9e6b", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:10", "1601639", "76b073332f2bc4233e24dd9a3031be93", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:09", "1601634", "3b88bfc9e022c9aeebba42dbcf8c72e3bc81dc29", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:09", "1601635", "23c7f931514e66885cf41c759b4f746ee3e6a7ae4f4c587133e4016bfdc4b767", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:09", "1601636", "331353c2ef0400a7df1469526aae5f96", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:08", "1601631", "810020da6317d135468c90c33c01d23e5efe2b80", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:08", "1601632", "8f69a8e1be4f5d02c3600b4e41d3f70a60ac7e0d9c7f25b6268f657917c4b749", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:08", "1601633", "1508fc0c1388b4ecede098e585c8e5eb", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:07", "1601628", "8ce1a76ea615e015c13a43ce2a00411f7ef83dd4", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:07", "1601629", "b6fdc7de80b3afad0be8be678dbd7dbf1edf000434f075e67bdc3236488cd1fe", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:07", "1601630", "4b8d613611a862def046214154911f3b", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:06", "1601625", "73c4428bacfa3a4ade1debf532c0173a7aad325d", "sha1_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:06", "1601626", "a78a574a8e118ebde1f21e3e94fd090af7b21771b6e7341dbb121ff93193a49e", "sha256_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:06", "1601627", "13492417dd4c7ff8a70245699eabf570", "md5_hash", "payload", "win.darkcloud", "None", "DarkCloud Stealer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:05", "1601623", "75a68ccf94d77bd6b321a5aac66a93cf16624da85e14bb16458559434992a0be", "sha256_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:05", "1601624", "f2baf5e77610d41aaf30894078ce9c47", "md5_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:04", "1601620", "4af56b9bfd7f7de86cc0b3b6a910c2ffb331f6c76e32104041c554c00409d296", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:04", "1601621", "f665283962b63ad448b9ea160cceecb6", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:04", "1601622", "bca3355aea2855bfd9fd3a13626501a97290101c", "sha1_hash", "payload", "win.coinminer", "None", "Coinminer", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:03", "1601617", "0e950d396f054459d624c7734c02e9357f2a0fa21bad98edc52d46169b3487eb", "sha256_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:03", "1601618", "99846d752dcc4c49335ae1e98ee4a2b6", "md5_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:03", "1601619", "c09a9c42d0d1c8e22aeff7aabaee677d88df34a1", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:02", "1601615", "327cc1c7daf19bdaf2df76e24a7aa0a0", "md5_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:02", "1601616", "1384051fe32bb99f9ea71f0f78c7c4b01f3b3072", "sha1_hash", "payload", "win.masslogger", "None", "MASS Logger", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:01", "1601613", "4e562f7ac330d978f387189b4bcdd35a624e7bb4", "sha1_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:01", "1601614", "560cb221607c3c5a2a2cfbf276cda17a9ef3dcea84c8ab2094edbb4184121a54", "sha256_hash", "payload", "win.rhadamanthys", "None", "Rhadamanthys", "", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:00", "1601610", "53ae43cd779a9d0b22d5bd93668e953f98012883", "sha1_hash", "payload", "win.stealc", "None", "Stealc", "2025-09-26 23:30:50", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:00", "1601611", "468b1a3d163c9123ff825af496e42cc29a7c8d2fd63bd5593f411f22150c76c8", "sha256_hash", "payload", "win.stealc", "None", "Stealc", "2025-09-26 23:30:50", "95", "None", "None", "0", "Grim" "2025-09-25 23:32:00", "1601612", "a46fd829228b24ce9b6d2160f84f2378", "md5_hash", "payload", "win.stealc", "None", "Stealc", "2025-09-26 23:30:50", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:59", "1601607", "4f45710966d31c0a59c2f8416b798c2ce2e32217", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "2025-09-26 23:30:46", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:59", "1601608", "dbab3fbea6138e57e996045a93a3105d86e5e659bbc311d71a4e7bcc698dc353", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "2025-09-26 23:30:46", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:59", "1601609", "1ae2db37b7cd181421545760ed87c80e", "md5_hash", "payload", "win.vidar", "None", "Vidar", "2025-09-26 23:30:47", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:58", "1601604", "b23de31303c2d40302620aac170e8d06875035a1", "sha1_hash", "payload", "win.vidar", "None", "Vidar", "2025-09-26 23:30:45", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:58", "1601605", "b085a54ff0c006b14309eb3edec70182ae7b036b15ccacb5b44dad1fcfd1c5b6", "sha256_hash", "payload", "win.vidar", "None", "Vidar", "2025-09-26 23:30:45", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:58", "1601606", "b319a6e7300ac10e067352a9e30c288e", "md5_hash", "payload", "win.vidar", "None", "Vidar", "2025-09-26 23:30:46", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:57", "1601601", "c3037c0ebf33b6e3a015e4afa74fc9c9c63d88d3", "sha1_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "2025-09-26 23:30:44", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:57", "1601602", "8e6b8cff477fe728413cd3547e19399053b80007d8a22280ae806a43c90e3d39", "sha256_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "2025-09-26 23:30:44", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:57", "1601603", "6c850692db8d5b590c88b2fc3794d25f", "md5_hash", "payload", "win.guidloader", "None", "GUIDLOADER", "2025-09-26 23:30:45", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:56", "1601599", "ae9a6b6438f5d41b03219aa9e5ccfa77bd2fb0edbc39f4b6e98d28bbf7ea80e1", "sha256_hash", "payload", "win.owlproxy", "None", "Owlproxy", "2025-09-26 23:30:43", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:56", "1601600", "ae56b5acb31f273cb6bc3c14a848d9a9", "md5_hash", "payload", "win.owlproxy", "None", "Owlproxy", "2025-09-26 23:30:44", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:55", "1601596", "9f64cb8fde71c95ef227494e8e57ca897fcda3453156ba054689cfbe135fb208", "sha256_hash", "payload", "win.xworm", "None", "XWorm", "2025-09-26 23:30:42", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:55", "1601597", "d88c8eee9db334347bf48dc4d67a21b9", "md5_hash", "payload", "win.xworm", "None", "XWorm", "2025-09-26 23:30:43", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:55", "1601598", "fe4428f76c1921e8b8e348c461140ad86d95a1fa", "sha1_hash", "payload", "win.owlproxy", "None", "Owlproxy", "2025-09-26 23:30:43", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:54", "1601594", "bece6593173293201f711de6dead8e83", "md5_hash", "payload", "win.blackremote", "BlackRAT", "BlackRemote", "2025-09-26 23:30:42", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:54", "1601595", "2e12dbc4ef796f3a4d8ca2c4eae581fea9a2f106", "sha1_hash", "payload", "win.xworm", "None", "XWorm", "2025-09-26 23:30:42", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:53", "1601592", "2320184955fd1be330df5ab8c81925f8d90b65c1", "sha1_hash", "payload", "win.blackremote", "BlackRAT", "BlackRemote", "2025-09-26 23:30:41", "95", "None", "None", "0", "Grim" "2025-09-25 23:31:53", "1601593", "a2e6cc6a5b6d0717fe70542d56aa5e201d4c5ad0cd82d8662d25ce2eae8c691e", "sha256_hash", "payload", "win.blackremote", "BlackRAT", "BlackRemote", "2025-09-26 23:30:41", "95", "None", "None", "0", "Grim" "2025-09-25 22:50:01", "1601591", "47.94.56.36:80", "ip:port", "botnet_cc", "win.cobalt_strike", "Agentemis,BEACON,CobaltStrike,cobeacon", "Cobalt Strike", "2025-09-27 21:49:54", "75", "None", "CobaltStrike,drb-ra", "0", "abuse_ch" "2025-09-25 22:34:45", "1601590", "xq0.9t6p5.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "", "100", "None", "clearfake", "1", "ttakvam" "2025-09-25 22:33:47", "1601589", "k.o-554.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-25 22:38:34", "100", "None", "clearfake", "1", "ttakvam" "2025-09-25 22:32:31", "1601588", "u.pymh.ru", "domain", "payload_delivery", "js.clearfake", "None", "ClearFake", "2025-09-25 22:38:34", "100", "None", "ClearFake", "0", "threatcat_ch" # Number of entries: 1262