Tag: 2024-08-08

This analysis uncovers the expansion of a significant botnet operation, dubbed Quad7 or 7777 botnet, characterized by its unique use of TCP port 7777 on compromised routers, primarily TP-Link and Hikvision devices. The research reveals a potential second tranche of bots, the 63256 botnet, comprised…

This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …