Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
14 résultats taggé C2  ✕
Investigating Anonymous VPS services used by Ransomware Gangs https://blog.bushidotoken.net/2025/02/investigating-anonymous-vps-services.html
16/02/2025 14:40:27
QRCode
archive.org
thumbnail

One of the challenges with investigating cybercrime is the infrastructure the adversaries leverage to conduct attacks. Cybercriminal infrastructure has evolved drastically over the last 25 years, which now involves hijacking web services, content distribution networks (CDNs), residential proxies, fast flux DNS, domain generation algorithms (DGAs), botnets of IoT devices, the Tor network, and all sorts of nested services.

This blog shall investigate a small UK-based hosting provider known as BitLaunch as an example of how challenging it can be to tackle cybercriminal infrastructure. Research into this hosting provider revealed that they appear to have a multi-year history of cybercriminals using BitLaunch to host command-and-control (C2) servers via their Anonymous VPS service.

bushidotoken EN 2025 investigation VPS BitLaunch C2 Ransomware
Detecting Popular Cobalt Strike Malleable C2 Profile Techniques https://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2/
03/07/2023 21:20:44
QRCode
archive.org
thumbnail

We examine malicious Cobalt Strike case studies with distinct techniques using Malleable C2 profiles.

unit42 EN 2023 CobaltStrike Malleable C2 Profile Techniques
Visualizing QakBot Infrastructure https://www.team-cymru.com/post/visualizing-qakbot-infrastructure
18/05/2023 09:53:40
QRCode
archive.org
thumbnail

This blog post seeks to draw out some high-level trends and anomalies based on our ongoing tracking of QakBot command and control (C2) infrastructure. By looking at the data with a broader scope, we hope to supplement other research into this particular threat family, which in general focuses on specific infrastructure elements; e.g., daily alerting on active C2 servers.

team-cymru EN 2023 QakBot Infrastructure research C2
MacStealer: New macOS-based Stealer Malware Identified https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
27/03/2023 07:20:11
QRCode
archive.org
thumbnail

Uptycs has already identified three Windows-based malware families that use Telegram this year, including Titan Stealer, Parallax RAT, and HookSpoofer. Attackers are increasingly turning to it, particularly for stealer command and control (C2).

And now the Uptycs threat research team has discovered a macOS stealer that also controls its operations over Telegram. We’ve dubbed it MacStealer.

Uptycs EN 2023 macOS C2 stealer MacStealer Telegram
Havoc Across the Cyberspace https://www.zscaler.com/blogs/security-research/havoc-across-cyberspace
15/02/2023 19:23:59
QRCode
archive.org
thumbnail

ThreatLabz observed a new campaign targeting a Government organization in which the threat actors utilized a new Command & Control (C2) framework named Havoc

zscaler EN 2023 ThreatLabz Havoc C2 analysis
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice
23/11/2022 22:57:25
QRCode
archive.org
thumbnail

Key Takeaways

  • Nighthawk is an advanced C2 framework intended for red team operations through commercial licensing.
  • Proofpoint researchers observed initial use of the framework in September 2022 by a likely red team.
  • We have seen no indications at this time that leaked versions of Nighthawk are being used by attributed threat actors in the wild.
  • The tool has a robust list of configurable evasion techniques that are referenced as “opsec” functions throughout its code.
    P* roofpoint researchers expect Nighthawk will show up in threat actor campaigns as the tool becomes more widely recognized or as threat actors search for new, more capable tools to use against targets.
proofpoint EN 2022 redteam tool Nighthawk C2 framework threat
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html
14/10/2022 09:39:08
QRCode
archive.org
thumbnail
  • Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.
  • The Alchimist has a web interface in Simplified Chinese with remote administration features.
  • The attack framework is designed to target Windows, Linux and Mac machines.
  • Alchimist and Insekt binaries are implemented in GoLang.
  • This campaign consists of additional bespoke tools such as a MacOS exploitation tool, a custom backdoor and multiple off-the-shelf tools such as reverse proxies.
talosintelligence EN 2022 TheAlchimist C2 C&C attack-framework
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks - Microsoft Security Blog https://www.microsoft.com/security/blog/2022/08/24/looking-for-the-sliver-lining-hunting-for-emerging-command-and-control-frameworks/
25/08/2022 14:34:56
QRCode
archive.org
thumbnail

Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.

microsoft EN 2022 Sliver C2 framework command-and-control threat-actor
A new botnet Orchard Generates DGA Domains with Bitcoin Transaction Information https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/
09/08/2022 13:07:41
QRCode
archive.org

DGA is one of the classic techniques for botnets to hide their C2s, attacker
only needs to selectively register a very small number of C2 domains, while for
the defenders, it is difficult to determine in advance which domain names will
be generated and registered.

netlab360 EN 2022 Orchard botnet C2 bitcoin domains
Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns https://blog.talosintelligence.com/2022/08/dark-utilities.html
05/08/2022 14:35:44
QRCode
archive.org
thumbnail
  • Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries.
  • It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems.
  • Payloads provided by the platform support Windows, Linux and
  • Python-based implementations and are hosted within the Interplanetary File System (IPFS), making them resilient to content moderation or law enforcement intervention.
  • Since its initial release, we've observed malware samples in the wild leveraging it to facilitate remote access and cryptocurrency mining.
talosintelligence 2022 dark-utilities DarkUtilities C2
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
03/08/2022 15:35:19
QRCode
archive.org
thumbnail
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.
  • The implants for the new malware family are written in the Rust language for Windows and Linux.
  • A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors.
  • We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints.
  • We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
talosintelligence EN 2022 manjusaka CobaltStrike framework imitation C2
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/
07/07/2022 07:30:53
QRCode
archive.org

Unit 42 continuously hunts for new and unique malware samples that match known advanced persistent threat (APT) patterns and tactics. On May 19, one such sample was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging.

unit42 EN 2022 BruteRatelC4 CobaltStrike redteam APT BRc4 C2 malware
Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass - CloudSEK https://cloudsek.com/threatintelligence/gimmick-macos-malware-spreads-through-customized-files-enables-macos-codesign-bypass/
27/05/2022 11:02:15
QRCode
archive.org
thumbnail

We discovered that Gimmick MacOS malware communicates only through their C2 server hosted on Google Drive. The malware was discovered in the first week of May and it has been actively targeting macOS devices

Cloudsek EN 2022 malware macOS Gimmick C2
Complete dissection of an APK with a suspicious C2 Server https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/
02/04/2022 12:06:04
QRCode
archive.org

During our analysis of the Penquin-related infrastructure we reported in our previous post, we paid special attention to the malicious binaries contacting these IP addresses, since as we showed in the analysis, they had been used as C2 of other threats used by Turla.

turla apk android analysis EN 2022 lab52 c2
4507 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio