Tag: irc

4 Attack Reports | 0 Vulnerabilities

Attack reports

TA-ShadowCricket: Emerging Malware Trends and IRC Server Tracking

The TA-ShadowCricket group, formerly known as Shadow Force, has been active in the Asia-Pacific region since 2012, targeting Windows servers and MS-SQL servers. They operate an IRC server with over 2,000 affected IPs in 72 countries. The group uses various malware and tools, including Upm, SqlShell…

windows servers

credentialstealer

Published: May 27, 2025

Downloadable IOCs: 13

Outlaw cybergang attacking targets worldwide

A recent incident response case in Brazil revealed a Perl-based crypto mining botnet called Outlaw, also known as Dota, targeting Linux environments. The threat actor exploits weak SSH credentials, downloads malicious scripts, and deploys an XMRig miner for Monero cryptocurrency. The botnet include…

Published: April 29, 2025

Downloadable IOCs: 0

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective

OUTLAW is a persistent Linux malware that uses basic techniques like SSH brute-forcing, SSH key manipulation, and cron-based persistence to maintain a long-lasting botnet. Despite its lack of sophistication, it remains active by leveraging simple but impactful tactics. The malware deploys modified …

cryptocurrency mining

stealth shellbot

Published: April 3, 2025

Downloadable IOCs: 87

Malware Targets Message Queuing Services Applications

The report describes a recent campaign targeting Apache RocketMQ platforms, where attackers exploited a known vulnerability (CVE-2023-33246) to gain remote code execution on the systems. They then downloaded and executed the Muhstik malware, which provides persistence, evades detection, performs la…

Published: June 6, 2024

Linked vulnerabilities : CVE-2023-33246

Downloadable IOCs: 21

Click here to see more Attack Reports