C2 – WindowsTechs.com

[SANS ISC] Python Malware Using Postgresql for C2 Communications

Posted on August 25, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Python Malware Using Postgresql for C2 Communications“: For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common

The post [SANS ISC] Python Malware Using Postgresql for C2 Communications appeared first on /dev/random.

Continue reading [SANS ISC] Python Malware Using Postgresql for C2 Communications→

How Morris Worm Command and Control Changed Cybersecurity

Posted on May 1, 2023 by Jonathan Reed

A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable data. The key to all this is a well-developed Command and Control (C2 or C&C) […]

The post How Morris Worm Command and Control Changed Cybersecurity appeared first on Security Intelligence.

Continue reading How Morris Worm Command and Control Changed Cybersecurity→

[SANS ISC] Waiting for the C2 to Show Up

Posted on August 20, 2021 by Xavier

published the following diary on isc.sans.edu: “Waiting for the C2 to Show Up“: Keep this in mind: “Patience is key”. Sometimes when you are working on a malware sample, you depend on online resources. I’m working on a classic case: a Powershell script decodes then injects a shellcode into a process. There

The post [SANS ISC] Waiting for the C2 to Show Up appeared first on /dev/random.

Continue reading [SANS ISC] Waiting for the C2 to Show Up→

Corelight Sensors detect the ChaChi RAT

Posted on June 24, 2021 by Corelight Labs Team

By Paul Dokas, Keith Jones, Anthony Kasza, Yacin Nadji, & Vern Paxson – Corelight Labs Team Recently Blackberry analyzed a new GoLang Remote Access Trojan (RAT) named “ChaChi.” This sample was interesting in that it tunnels information over DNS as … Continue reading Corelight Sensors detect the ChaChi RAT→

[SANS ISC] C2 Activity: Sandboxes or Real Victims?

Posted on April 2, 2021 by Xavier

I published the following diary on isc.sans.edu: “C2 Activity: Sandboxes or Real Victims?“: In my last diary, I mentioned that I was able to access screenshots exfiltrated by the malware sample. During the first analysis, there were approximately 460 JPEG files available. I continued to keep an eye on the

The post [SANS ISC] C2 Activity: Sandboxes or Real Victims? appeared first on /dev/random.

Continue reading [SANS ISC] C2 Activity: Sandboxes or Real Victims?→

[SANS ISC] Pastebin.com Used As a Simple C2 Channel

Posted on March 19, 2021 by Xavier

I published the following diary on isc.sans.edu: “Pastebin.com Used As a Simple C2 Channel“: With the growing threat of ransomware attacks, they are other malicious activities that have less attention today but they remain active. Think about crypto-miners. Yes, attackers continue to mine Monero on compromised systems. I spotted an interesting

The post [SANS ISC] Pastebin.com Used As a Simple C2 Channel appeared first on /dev/random.

Continue reading [SANS ISC] Pastebin.com Used As a Simple C2 Channel→

Malicious Software Infrastructure Easier to Get and Deploy Than Ever

Posted on January 8, 2021 by Becky Bracken

Researchers at Recorded Future report a rise in cracked Cobalt Strike and other open-source adversarial tools with easy-to-use interfaces. Continue reading Malicious Software Infrastructure Easier to Get and Deploy Than Ever→

Finding SUNBURST Backdoor with Zeek Logs & Corelight

Posted on December 15, 2020 by John Gamble

John Gamble, Director of Product Marketing, Corelight FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform. The attack trojanizes Orion software updates to d… Continue reading Finding SUNBURST Backdoor with Zeek Logs & Corelight→

Firestarter Android Malware Abuses Google Firebase Cloud Messaging

Posted on October 30, 2020 by Lindsey O'Donnell

The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism. Continue reading Firestarter Android Malware Abuses Google Firebase Cloud Messaging→

Firestarter Android Malware Abuses Google Firebase Cloud Messaging

Posted on October 30, 2020 by Lindsey O'Donnell