[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnOPN702YvxUt4gOBlNpRtopxikStDsqlWtjaT_4mHNc":3},{"article":4,"iocs":33},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":21,"category":22,"article_tags":25},"d08d4a05-017e-4ae8-86f8-a8095e7f325a","My favorite Remus botnet C2 domain so far 😄\n\nhavelbeenpwned .net ⤵️\nNICENIC INTERNATIONAL🇨🇳\n\n1...","my-favorite-remus-botnet-c2-domain-so-far-havelbeenpwned-net-nicenic-internation-f501ed","My favorite Remus botnet C2 domain so far 😄\n\nhavelbeenpwned .net ⤵️\nNICENIC INTERNATIONAL🇨🇳\n\n103.211.219.238:4219⤵️\nAS394695  PUBLIC-DOMAIN-REGISTRY 🇮🇳\n\nMalware sample:\nhttps:\u002F\u002Ft.co\u002FnsMIhlu2Ir\n\nMore #Remnus IOCs available on ThreatFox 🦊\nhttps:\u002F\u002Ft.co\u002FghzxeZHBwA\n\n\u002Fcc @troyhunt https:\u002F\u002Ft.co\u002FsAzokYUTlC","A security researcher shared indicators of compromise for the Remus botnet, including the C2 domain havelbeenpwned.net hosted on Chinese registrar NicNic International, and the command server IP 103.211.219.238:4219 in India (AS394695). Additional IOCs are available on ThreatFox.","Remus botnet C2 domain and infrastructure IOCs disclosed.",null,"https:\u002F\u002Fx.com\u002Fabuse_ch\u002Fstatus\u002F2051971419924299879","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHoRHZvWIAI5hlI.jpg","2026-05-06T10:24:44+00:00","2026-05-06T11:00:09.923576+00:00",8,[18],{"name":19,"type":20},"ThreatFox","technology","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":21,"icon":11,"name":23,"slug":24},"Malware","malware",[26,28],{"category":27},{"id":21,"icon":11,"name":23,"slug":24},{"category":29},{"id":30,"icon":11,"name":31,"slug":32},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[34,38,42],{"type":35,"value":36,"context":37},"domain","havelbeenpwned.net","Remus botnet C2 domain",{"type":39,"value":40,"context":41},"ip","103.211.219.238","Remus botnet C2 server IP",{"type":24,"value":43,"context":44},"Remus","Botnet malware family"]