Tag: command and control

LightSpy, a modular surveillance framework, has expanded its capabilities to target Facebook and Instagram data. The malware, initially focused on mobile devices, now compromises Windows, macOS, Linux, and routers. Recent analysis reveals a significant expansion in its command list, with over 100 c…

In December 2024, the Lazarus Group, a North Korean threat actor, launched a sophisticated global campaign targeting cryptocurrency and technology developers. The operation, code-named 'Phantom Circuit,' involved embedding malware into trusted development tools, compromising hundreds of victims wor…

This analysis details a web shell intrusion incident where attackers exploited an IIS worker to exfiltrate data. The attacker uploaded a web shell, created a new account for persistence, modified an existing user's password, and used encoded PowerShell commands to establish a reverse TCP shell for …

A phishing attack on December 24th, 2024 compromised a Cyberhaven employee's access to the Google Chrome Web Store, leading to the publication of a malicious version of their Chrome extension. This was part of a larger campaign targeting Chrome Extension developers, primarily aiming at Facebook Ads…

A sophisticated multi-stage PowerShell campaign has been identified, utilizing an LNK file to initiate a sequence of obfuscated scripts. The attack maintains persistence and stealth by connecting with a command-and-control server. It employs Chisel, a fast TCP/UDP tunneling tool, and a Netskope pro…

A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, ca…

This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …

The report details sophisticated command and control (C2) techniques employed by the APT41 threat group. APT41 uses custom malware and legitimate tools to maintain persistent access to compromised networks while evading detection. Key techniques include DNS tunneling, domain fronting, and steganogr…