James_inthe_boxMalicious #simplehelp #rmm #opendir at:
https://katz.adv\.br/dhl/
c2: funsunmexicobizz.top
𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲
@james_inthe_box Seems like HTTP over TCP 443 is "normal" for this one...
Other C2 servers used by same type of RMM/RAT:
- 147.45.218.66:443
- 185.80.234.36:443
- 91.211.251.233:443 🔥