ScreenConnect
ScreenConnect ConnectWise legitimate RMM tool abuse. invitedGuests.bat. BAT dropper + MSI installation.
Threat Profile
Type
RAT
Programming LanguageProprietary
C2 ProtocolHTTPS
First Seen2024
Targets
Küresel Kurumsal
Purpose / Capabilities
- Remote Access (RMM Abuse)
C2 Servers 2
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
hbdhfijnsgjnds.top
|
443 | HTTPS | INACTIVE | |
hbdhfijnsgjnds.top
|
443 | HTTPS | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (2)
ScreenConnect Abuse -- invitedGuests.bat hbdhfijnsgjnds.top C2, Yasal RMM Aracı Kötüye Kullanımı | Orta
ScreenConnect 1KB invitedGuests.bat davet listesi. hbdhfijnsgjnds.top DGA C2. ConnectWise meşru RMM araç kötüye kullanim.
Read Report →ScreenConnect/ConnectWise -- 1052 Byte invitedGuests.bat, hbdhfijnsgjnds.top .top C2 | Yüksek
ConnectWise RAT abuse 1052 byte. invitedGuests.bat admin.hbdhfijnsgjnds.top ScreenConnect.ClientSetup.msi indirme.
Read Report →