James_inthe_boxMar 2

Malicious #simplehelp #rmm #opendir at:

https://katz.adv\.br/dhl/

Show threadJames_inthe_boxMar 2
c2: funsunmexicobizz.top
Show thread𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲Mar 3
@james_inthe_box HTTP on TCP port 443 
154.29.76.245:443
Show thread𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲

@james_inthe_box Seems like HTTP over TCP 443 is "normal" for this one...
Other C2 servers used by same type of RMM/RAT:

  • 147.45.218.66:443
  • 185.80.234.36:443
  • 91.211.251.233:443 🔥
Mar 3 at 9:13amWeb