Tag: 2024-08-08
2 attack reports | 22 vulnerabilities
Attack reports
Botnet 7777: Are You Betting on a Compromised Router?
This analysis uncovers the expansion of a significant botnet operation, dubbed Quad7 or 7777 botnet, characterized by its unique use of TCP port 7777 on compromised routers, primarily TP-Link and Hikvision devices. The research reveals a potential second tranche of bots, the 63256 botnet, comprised…
Downloadable IOCs 7
The Return of Ghost Emperor’s Demodex
This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
Downloadable IOCs 3
Botnet 7777: Are You Betting on a Compromised Router?
This analysis uncovers the expansion of a significant botnet operation, dubbed Quad7 or 7777 botnet, characterized by its unique use of TCP port 7777 on compromised routers, primarily TP-Link and Hikvision devices. The research reveals a potential second tranche of bots, the 63256 botnet, comprised…
Downloadable IOCs 7
The Return of Ghost Emperor’s Demodex
This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
Downloadable IOCs 3