Tag: c2 communication

13 Attack Reports | 0 Vulnerabilities

Attack reports

From ClickFix to Command: A Full PowerShell Attack Chain

A targeted intrusion campaign impacting Israeli organizations has been identified, leveraging compromised internal email infrastructure to distribute phishing messages. The attack uses a multi-stage, PowerShell-based infection chain, culminating in the delivery of a remote access trojan (RAT). Key …
obfuscation
rat
phishing
social engineering
powershell
lateral movement
c2 communication
2025-08-11
israeli targets
powershell rat
Published: August 11, 2025
Downloadable IOCs: 0

LNK Trojan delivers REMCOS

This report details a multi-stage malware campaign delivering the REMCOS backdoor via a malicious Windows LNK shortcut file. The attack begins with social engineering, leveraging PowerShell for initial execution and deploys a persistent backdoor capable of full system compromise. The infection chai…
backdoor
powershell
remcos
keylogger
lnk file
c2 communication
pif file
multi-stage attack
base64 encoding
2025-07-30
Published: July 30, 2025
Downloadable IOCs: 8

Targeted attacks leverage accounts on popular online platforms as C2 servers

A sophisticated cyberattack campaign targeted the Russian IT industry and other entities globally in late 2024. The attackers used social media profiles and popular websites to deliver payload information, bypassing detection methods. They employed spear phishing emails with malicious RAR archives,…
cobalt strike
cobalt strike beacon
shellcode
targeted attacks
social media
c2 communication
spear phishing
dll hijacking
2025-07-30
api obfuscation
Published: July 30, 2025
Downloadable IOCs: 2

DslogdRAT Malware Installed in Ivanti Connect Secure

The article discusses a malware called DslogdRAT, which was installed on Ivanti Connect Secure systems by exploiting CVE-2025-0282. The malware communicates with a C2 server during business hours to avoid detection. It uses a web shell for initial access and supports various commands for file opera…
zero-day
c2 communication
web shell
CVE-2025-0282
CVE-2025-22457
spawnsnare
ivanti connect secure
2025-04-28
spawnchimera
dslogdrat
Published: April 28, 2025
Downloadable IOCs: 0

New Stealer on the Horizon

SvcStealer 2025 is a novel information stealer delivered through spear phishing email attachments. It harvests sensitive data including machine information, installed software, user credentials, cryptocurrency wallets, and browser data. The malware creates a unique folder, terminates specific proce…
cryptocurrency
information stealer
c2 communication
evasion techniques
spear phishing
data harvesting
svcstealer
2025-04-23
Published: April 23, 2025
Downloadable IOCs: 4

PE32 Ransomware: A New Telegram-Based Threat on the Rise

PE32 Ransomware is a new strain of malware that utilizes Telegram for command and control. Despite its amateur execution, it effectively encrypts files and causes significant damage. The ransomware features a unique two-tiered payment model, demanding one fee to unlock files and another to prevent …
encryption
telegram
c2 communication
2025-04-22
two-tiered ransom
amateur execution
pe32 ransomware
bot api
exposed infrastructure
Published: April 22, 2025
Downloadable IOCs: 5

GorillaBot: Technical Analysis and Code Similarities with Mirai

GorillaBot is a newly discovered Mirai-based botnet that has launched over 300,000 attacks across more than 100 countries, targeting various industries including telecommunications, finance, and education. It reuses Mirai's core logic while adding custom encryption and evasion techniques. The malwa…
evasion
encryption
botnet
mirai
c2 communication
anti-debugging
2025-03-25
xtea
sha-256
gorillabot
Published: March 25, 2025
Downloadable IOCs: 3

SVC New Stealer on the Horizon

SvcStealer 2025 is a newly discovered information stealer malware distributed through spear phishing emails. It targets sensitive data including machine information, installed software, user credentials, cryptocurrency wallets, and browser data. The malware creates a unique folder, terminates speci…
cryptocurrency
data exfiltration
information stealer
c2 communication
evasion techniques
spear phishing
2025-03-21
svcstealer
Published: March 21, 2025
Downloadable IOCs: 0

Njrat Campaign Using Microsoft Dev Tunnels

A new Njrat malware campaign has been detected utilizing Microsoft's dev tunnels service for command and control (C2) communication. This service, designed for developers to securely expose local services to the internet, is being exploited by the malware to establish connections with C2 servers. T…
njrat
malware campaign
c2 communication
usb propagation
2025-02-27
microsoft dev tunnels
Published: February 27, 2025
Downloadable IOCs: 6

Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques

ValleyRAT, a sophisticated multi-stage malware attributed to Silver Fox APT, has updated its tactics, techniques, and procedures. The malware targets key roles in finance, accounting, and sales departments using phishing emails, malicious websites, and instant messaging platforms. The infection cha…
phishing
persistence
valleyrat
keylogger
dll side-loading
c2 communication
anti-vm
2025-02-05
ghostrat
silver fox apt
Published: February 5, 2025
Downloadable IOCs: 12

Analysis of the attack activities of APT-C-26 (Lazarus) using weaponized IPMsg software

The Lazarus group, a highly active APT organization, has been observed weaponizing the IPMsg installer for attacks. When executed, the malicious installer releases the official IPMsg version 5.6.18.0 to deceive users while activating a malicious DLL in memory. This DLL connects to a remote control …
backdoor
apt
social engineering
data theft
c2 communication
2025-01-02
ipmsg
dll64.dll
loader1.dll
att_loader_dll.dll
weaponized installer
Published: January 2, 2025
Downloadable IOCs: 3

DarkVision RAT

DarkVision RAT is a customizable remote access trojan that first appeared in 2020, offered on Hack Forums for $60. Written in C/C++ and assembly, it offers features like keylogging, screenshots, file manipulation, process injection, remote code execution, and password theft. The analysis reveals a …
purecrypter
c2 communication
multi-stage attack
2024-10-10
remote access trojan
darkvision rat
Published: October 10, 2024
Downloadable IOCs: 0

Zharkbot Strings

Zharkbot is a C++ downloader with extensive anti-analysis and anti-sandbox features. It uses in-line string encryption and API calls, making static and emulation analysis challenging. The malware performs sandbox detection by checking for specific usernames and hypervisors. It installs itself in th…
persistence
anti-analysis
amadey
downloader
2024-09-03
anti-sandbox
string encryption
c2 communication
zharkbot
Published: September 3, 2024
Downloadable IOCs: 2
Click here to see more Attack Reports