Tag: proxy
4 attack reports | 0 vulnerabilities
Attack reports
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
PowerShell Keylogger
A newly identified keylogger operating via PowerShell script has been analyzed, revealing its capabilities to capture keystrokes, gather system information, and exfiltrate data. The malware uses a cloud server in Finland as a proxy and an Onion server for C2 communication, ensuring anonymity. It im…
Downloadable IOCs 3
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybe…
Downloadable IOCs 64
Threat Actors' Systems Can Also Be Exposed and Used by Other Threat Actors
This report discusses a case where a CoinMiner threat actor's proxy server, used to access an infected botnet, became the target of a ransomware threat actor's Remote Desktop Protocol (RDP) scan attack. The ransomware threat actor successfully breached the proxy server and distributed ransomware to…
Downloadable IOCs 34
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
PowerShell Keylogger
A newly identified keylogger operating via PowerShell script has been analyzed, revealing its capabilities to capture keystrokes, gather system information, and exfiltrate data. The malware uses a cloud server in Finland as a proxy and an Onion server for C2 communication, ensuring anonymity. It im…
Downloadable IOCs 3
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybe…
Downloadable IOCs 64
Threat Actors' Systems Can Also Be Exposed and Used by Other Threat Actors
This report discusses a case where a CoinMiner threat actor's proxy server, used to access an infected botnet, became the target of a ransomware threat actor's Remote Desktop Protocol (RDP) scan attack. The ransomware threat actor successfully breached the proxy server and distributed ransomware to…
Downloadable IOCs 34
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
PowerShell Keylogger
A newly identified keylogger operating via PowerShell script has been analyzed, revealing its capabilities to capture keystrokes, gather system information, and exfiltrate data. The malware uses a cloud server in Finland as a proxy and an Onion server for C2 communication, ensuring anonymity. It im…
Downloadable IOCs 3
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybe…
Downloadable IOCs 64
Threat Actors' Systems Can Also Be Exposed and Used by Other Threat Actors
This report discusses a case where a CoinMiner threat actor's proxy server, used to access an infected botnet, became the target of a ransomware threat actor's Remote Desktop Protocol (RDP) scan attack. The ransomware threat actor successfully breached the proxy server and distributed ransomware to…
Downloadable IOCs 34
Bulbature, beneath the waves of GobRAT
This report examines an infrastructure used to control compromised edge devices transformed into Operational Relay Boxes for launching cyber attacks. The infrastructure, consisting of 63 identified servers, uses GobRAT and Bulbature malware to compromise devices and create a botnet. Features includ…
Downloadable IOCs 120
PowerShell Keylogger
A newly identified keylogger operating via PowerShell script has been analyzed, revealing its capabilities to capture keystrokes, gather system information, and exfiltrate data. The malware uses a cloud server in Finland as a proxy and an Onion server for C2 communication, ensuring anonymity. It im…
Downloadable IOCs 3
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks
TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybe…
Downloadable IOCs 64
Threat Actors' Systems Can Also Be Exposed and Used by Other Threat Actors
This report discusses a case where a CoinMiner threat actor's proxy server, used to access an infected botnet, became the target of a ransomware threat actor's Remote Desktop Protocol (RDP) scan attack. The ransomware threat actor successfully breached the proxy server and distributed ransomware to…
Downloadable IOCs 34