Dee

Over the 10k #malware C2 panels on tracker.viriback.com

ZABBIX panel here: http://46.30.188[.]99:8443/login - same 8443 port just as for the previously seen ZABBIX panel (x.com/malwrhuntertea…). Then opendir here: http://46.30.188[.]99:9090/ And also on port 80 there is some fake captcha / ClickFix lure... 🤷‍♂️

94.156.102.75 dariksky[.bg #Ghost #Panel #c2 #CTI @500mk500 @ViriBack @AndreGironda @skocherhan

Some panel with "ZABBIX" as "login-brand": http://41.216.188[.]46:8443/login 🤷‍♂️

botcontrol.work 159.198.75.186 AS 22612 ( Namecheap, Inc. ) @Namecheap @500mk500 @ViriBack @AndreGironda @skocherhan #RAT #c2 #ThreatIntelligence #Panel

Shadow RAT 87[.120.107.117/login Admin panel at 87[.120.107.117/admin

Several Shodan API keys exposed in open directories revealed usernames associated with #MuddyWater members, Edu plan accounts. icemint Blackmoz0 nopac Another C2: 141[.]11.187.165 (moz folder - similar targets, tools, persian comments ,etc.) x.com/polygonben/sta…

roadmvn.com @500mk500 @ViriBack @AndreGironda @skocherhan #Ghost #c2 #ThreatIntelligence #Panel

New #ClearFake associate: xxxblyat #Odyssey #Stealer coming in via SmartContract operated by ClearFake created 40 minutes ago. C2: 77.90.185[.]24 Panel: http://77.90.185.24/login which is the Odyssey panel with no logo.

41.216.189.53 #ToponeV2 @500mk500 @ViriBack @AndreGironda @skocherhan

Some panel here: http://95.216.253[.]50:8000/login 🤷‍♂️

@windscribecom 5-2 for a Canada win

Alright who wants another chance at Lifetime Pro? Tomorrow, the Men's Olympic Hockey Quarterfinals begin - Canada 🇨🇦 is playing against Czechia 🇨🇿 To enter the giveaway, follow our X account, like and reply to this post with your prediction for the final score of the game. First 5 people to have guessed the correct score win Lifetime Pro! Submissions (obviously) close before the game begins at 10:30 AM EST. Good luck and LET'S GO CANADA!

Some panel here: http://31.57.219[.]68:8080/login 🤷‍♂️

Seems login page is now hidden, but new domains: autoupdatewinsystem[.top tabbysbakescodes[.ws

#ReconLoader #malware deadnet[.]best/admin.php app.any.run/tasks/26e7e8a9… Downloads Legit putty at the moment. cc: @ET_Labs

Agartha stealer being promoted on underground forum agarthax[.com 64[.89.163.125:80

#Shiba #Loader #malware Maybe in DEV/Testing ? Panel Login: 196.251.107[.]109/panel/login[.]php MD5: 90b3cdea023bd02b8a3fb8142f8fcfd7 + other samples Gate URL: /panel/private.php app.any.run/tasks/3c03bb59…

Yet another RAT in town: RemoteX🖥️🖱️ 🪲 Dropped by Amadey 📃 Written in Golang 💻 Uses HKCU\...\CurrentVersion\Run\RemoteX for persitence (lame 🚽) 🌐 Uses WebSocket for C2 communication 🕵️‍♂️ Unauthenticated RAT admin panel 🤡 Botnet C2: 📡 109.107.168.147:80 (Partner Hosting LTD 🇬🇧) Malware sample ⤵️ bazaar.abuse.ch/sample/d631655…

unknown #malware ? Sample: 855cbb0c38dc63dd5625fdff29c98ae3 Obfuscated .NetReactor exe C2 Login: s://win64autoupdates[.]top/CNB/l0g1n234[.]php See: app.any.run/tasks/3ccd1c3e… Tagged as #raccoon by @anyrun_app

Xillen Stealer 🎣, heavily dropped by Amadey 🔥 Botnet C2: https://goldenring[.]live/api/logs/check "Invisible. Undetectedable. Unstopable." 🤡 👉 github.com/BengaminButton… Samples ⤵️ bazaar.abuse.ch/browse/signatu… Additional IOCs on ThreatFox 🦊 threatfox.abuse.ch/browse/tag/Xil…