Skip to main content
Skip to main content
PANOPTICON
back

STIX Bundle Browser

STIX 2.1 threat intelligence bundles — import into OpenCTI, MISP, or any STIX-aware platform. 12 campaigns · 251 IOCs · 495 objects. Curated from The Hunter's Ledger (CC BY-NC 4.0).

Download all (.zip)
12 bundles
medium

Flask C2 & MSSQL CLR Backdoor

STIX 2.1 bundle covering Flask-based C2 framework and MSSQL CLR stored procedure backdoor on a Windows staging host.

2026-06-15·28 objects·12 IOCs·The Hunter's Ledger
Post-ExPriv EscC2Open Dir
JSON View
high

CVE-2026-41940 cPanel Harvester

Exploitation of CVE-2026-41940 in cPanel — credential harvesting toolkit served from open directory.

2026-05-17·35 objects·18 IOCs·The Hunter's Ledger
CVEExploitCred TheftPhishing
JSON View
critical

Multi-Cluster: Rhadamanthys / BellaMain / Inkognito

Three distinct threat clusters sharing infrastructure — Rhadamanthys infostealer, BellaMain PhaaS, Inkognito VPN/phishing.

2026-05-15·67 objects·34 IOCs·The Hunter's Ledger
MaaSStealerLoaderOpen Dir
JSON View
high

HijackLoader / Penguish / Rugmi → AsyncRAT

Multi-stage phishing campaign delivering AsyncRAT through HijackLoader, Penguish, and Rugmi loaders.

2026-05-06·41 objects·22 IOCs·The Hunter's Ledger
LoaderRATMaaSOpen Dir
JSON View
high

AdaptixC2 Open Directory Exposure

Exposed AdaptixC2 framework with multiple payloads, beacon configs, and post-exploitation tooling.

2026-04-30·32 objects·15 IOCs·The Hunter's Ledger
C2ToolkitOpen DirMulti-Family
JSON View
critical

Remcos RAT OpenDirectory Campaign

Large-scale Remcos RAT campaign — builder configs, persistent installers, credential harvesting modules.

2026-02-20·52 objects·28 IOCs·The Hunter's Ledger
RATCred TheftPersistenceEvasion
JSON View
critical

Arsenal-237: Advanced Toolkit Analysis

Arsenal-237 group — Rust ransomware, BYOVD exploitation, kernel-mode rootkit, CrowdStrike termination module.

2026-01-15·78 objects·42 IOCs·The Hunter's Ledger
RansomwareRustBYOVDRootkit
JSON View
critical

PULSAR RAT — Technical Analysis

.NET-based remote access trojan with credential theft, screen capture, and evasion capabilities.

2025-12-10·34 objects·16 IOCs·The Hunter's Ledger
RATCred TheftEvasion.NET
JSON View
high

ShinyHunters Data Leak Site

ShinyHunters data leak site infrastructure — backend API, admin panels, leaked database storage.

2026-04-17·24 objects·11 IOCs·The Hunter's Ledger
ExfilCred TheftOpen Dir
JSON View
high

From Webshells to The Cloud

PHP webshells pivoting from compromised web servers to cloud environments with data exfiltration channels.

2025-10-22·38 objects·19 IOCs·The Hunter's Ledger
WebshellPHPExfilC2
JSON View
medium

Sliver C2 Toolchain + ScareCrow Loader

Sliver C2 framework paired with ScareCrow loader for evasion — Go-based toolchain.

2026-03-10·29 objects·14 IOCs·The Hunter's Ledger
C2LoaderGoEvasion
JSON View
high

Chaos Ransomware Multi-Stage Loader

Chaos ransomware delivered via multi-stage loader from TorBrowserTor infrastructure.

2026-04-23·37 objects·20 IOCs·The Hunter's Ledger
RansomwareLoaderEvasionOpen Dir
JSON View