← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - New Botnet Emerges from the Shadows: NightshadeC2
In August 2025, eSentire's Threat Response Unit (TRU) identified a new botnet, tracked as "NightshadeC2," which is being deployed via a loader that employs a simple yet highly effective technique to bypass malware analysis sandboxes and exclude the final payload in Windows Defender using a technique we refer to here-in as “UAC Prompt Bombing”.
TRU has observed both C and Python-based variants that communicate with an unidentified Command and Control (C2) framework. The C variant primarily communicates over TCP ports 7777, 33336, 33337, and 443, whereas Python variants predominantly utilize TCP port 80.
Indicators of Compromise (32 / 108 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 03935f58d2d3efb35c1ddaafb6d90b98 | MD5 of 24934295a5824ef8ec8df1df9ee5bc719bb98e9b6b55b2cbbb02498782762cc5 | 2025-09-09 | |
| FileHash-MD5 | 185fcf0307266e4852432ca35aee0d9a | MD5 of 26a5e18d6ac86a865250452528664d4cde74187d741fcf98370efb34d4219490 | 2025-09-09 | |
| FileHash-MD5 | 1babfa10199c402b2f997c53c30fd885 | MD5 of 21497a0eb89f321f971b4346880b43b342df131c431788cff4685c5a5a71b53e | 2025-09-09 | |
| FileHash-MD5 | 27e0d4e10f601241ffb39ceada0c6bad | MD5 of 6d62210addb8268d0bd3e6ef0400d54c84e550ccad49f5867fdc51edc0c1db2c | 2025-09-09 | |
| FileHash-MD5 | 2a67f9b4451bc5e3444f93bab7ad698b | MD5 of 04a1852aed5734d8aaf97730a7231272f103605a4f83ea8413abe6f8169aee4c | 2025-09-09 | |
| FileHash-MD5 | 319bf29209542cf9dd0d6bb438eceece | MD5 of 85b4d29f2830a3be3a0f51fbe358bea1a35d2a8aaa6a24f5cc1f2e5d2769716e | 2025-09-09 | |
| FileHash-MD5 | 35f81d066028f5e69508956bed79d3ee | MD5 of 53775af67e9df206ed3f9c0a3756dbbc4968a77b1df164e9baddb51e61ac82df | 2025-09-09 | |
| FileHash-MD5 | 384dc1f93ff98010ffa79b78d1e76180 | MD5 of e77bc95772ae84e5ecf68c928059cab3e305f92b1518d0ec3f8a7eb6eb728503 | 2025-09-09 | |
| FileHash-MD5 | 3d93291852845e315e1496e6f7929522 | MD5 of c4fd98db8d8181d949ee4ff47991dda70f73b47c72104aa519150223dd8d3588 | 2025-09-09 | |
| FileHash-MD5 | 4b139d1e079eb10ffd2543e22ea438dd | MD5 of 94dc0f696a46f3c225b0aa741fbd3b8997a92126d66d7bc7c9dd8097af0de52a | 2025-09-09 | |
| FileHash-MD5 | 52ecba80f6b8474761c3dd7436c978dd | MD5 of 39b40746de01af66c0e5ce5888df4c42e474adcdb4301275b1474423d7a0ff1f | 2025-09-09 | |
| FileHash-MD5 | 5e112bf39e380e74bd820db22820a19b | MD5 of 7ce399ae92c3e79a25e9013b2c81fe0add119bda0a65336d1e5c231654db01a5 | 2025-09-09 | |
| FileHash-MD5 | 63c433a8987db6c3647d924bd3b8205e | MD5 of 282fa3476294e2b57aa9a8ab4bc1cc00f334197298e4afb2aae812b77e755207 | 2025-09-09 | |
| FileHash-MD5 | 66b2d356076a39300abc31abfe8cfea8 | MD5 of cf0c7e0f3c3ea60da7bfe779f09d32b441d5089c905a5d905253e2f4b2b202fd | 2025-09-09 | |
| FileHash-MD5 | 67deffe47d3cd06280a8ed4c45732ad8 | MD5 of 1178fa21928e5aac0f320e18bfb15603e00d3b8874719f4e74dd4f49db6dc5a8 | 2025-09-09 | |
| FileHash-MD5 | 6fdff41e8b7c3b107618708cfd0c4ebe | MD5 of ce2ad8b6d76ba03c96d9248ac3d22590801e00611244c1942875adf52c154971 | 2025-09-09 | |
| FileHash-MD5 | 7bb83d32203f1604785ddc909bcce6da | MD5 of 5a741df3e4a61b8632f62109a65afc0f297f4ed03cd7e208ffd2ea5e2badf318 | 2025-09-09 | |
| FileHash-MD5 | 8193d8266f7e1c6b9224ac9da2fbf990 | MD5 of cbee972115b129ed3ce366217321a6f431ab86d9bf61c90ef7d224f1004a672c | 2025-09-09 | |
| FileHash-MD5 | 82c7d087f69e5594489ea1be1755e829 | MD5 of f2ff4cbcd6d015af20e4e858b0f216c077ec6d146d3b2e0cbe68b56b3db7a0be | 2025-09-09 | |
| FileHash-MD5 | 87f7c07fec9cf5396e09b19b56f9be2c | MD5 of 0e9d984f980ceffb846946a8926e1d69abf2d07a6b710b8f8c802026ba3bbdb4 | 2025-09-09 | |
| FileHash-MD5 | a1652546e05709972a040dcf2f452b82 | MD5 of 0c08b5f3c24841d5fe02ddebdcf4707a75c790916c3ad4c769108241ddf999e4 | 2025-09-09 | |
| FileHash-MD5 | aa6c3ddf1ca9fccc6e9518a9b004f4ee | MD5 of 05a4f648099d0b35d6eb4662266b1046d4691bb8e739a4fd4e4e55e69774ef1f | 2025-09-09 | |
| FileHash-MD5 | ac77ab1a3f5a3691e23265bc495e84e8 | MD5 of 58d54e2454be3e4e9a8ea86a3f299a7a60529bc12d28394c5bdf8f858400ff7b | 2025-09-09 | |
| FileHash-MD5 | b8ddd22670522a352a7586303c785d62 | MD5 of 3dd877835c04fde3f2d14ce96f23a1c00002fefa9d731e8c4ce3b656aac90063 | 2025-09-09 | |
| FileHash-MD5 | c16d822930acf6e2f788e98966a69d80 | MD5 of 8940944e4abc600b283703876def0403160a5109abdbcb9e97c488dc3cc59b94 | 2025-09-09 | |
| FileHash-MD5 | c51a8192f84bc62b343df185974a277d | MD5 of 2fcb76dfdfcd390658bbc032faafef607804d5d4a2f1c0005f274ab2e06d8af4 | 2025-09-09 | |
| FileHash-MD5 | c711bc35a88de291dcab885ddb2e7373 | MD5 of 05d2d06143d363c1e41546f14c1d99b082402460ba4e8598667614de996d2fbc | 2025-09-09 | |
| FileHash-MD5 | c7fed6e5ad87ab5c13163300f2dfa500 | MD5 of a2feb262a667de704e5e08a8a705c69bbcc806e0d52f0f8e3f081a6aa6c8d7b4 | 2025-09-09 | |
| FileHash-MD5 | cf4958e8024e9071b540eacee8b3e424 | MD5 of 375229df144b3fb0d0560d90b06aa7fe34825886069653a088fa4071476cf63e | 2025-09-09 | |
| FileHash-MD5 | d7ce6c361cf0a395853a7f06df22c71f | MD5 of 0fd7eb57f5f9d817dd497c1ce3be0791f5e798077f8dc2c3a4e2b2b0b0bdc2c6 | 2025-09-09 | |
| FileHash-MD5 | f63fd51085f4d8ba1d5a8a1bfca4b86e | MD5 of 420f13538c0c2620eba396e96afdf36430b2618d7d215e96c81444379ab8a7bc | 2025-09-09 | |
| FileHash-MD5 | f8fae59f47f269cb4ee50e701fddc76c | MD5 of 1ff6ee23b4cd9ac90ee569067b9e649c76dafac234761706724ae0c1943e4a75 | 2025-09-09 |