Command-and-Control (C&C) – WindowsTechs.com

How the ZeuS Trojan Info Stealer Changed Cybersecurity

Posted on May 8, 2023 by Jonathan Reed

Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or device, it’s highly adept at exfiltrating login credentials, financial information and personal data. Info stealers […]

The post How the ZeuS Trojan Info Stealer Changed Cybersecurity appeared first on Security Intelligence.

Continue reading How the ZeuS Trojan Info Stealer Changed Cybersecurity→

How Morris Worm Command and Control Changed Cybersecurity

Posted on May 1, 2023 by Jonathan Reed

A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable data. The key to all this is a well-developed Command and Control (C2 or C&C) […]

The post How Morris Worm Command and Control Changed Cybersecurity appeared first on Security Intelligence.

Continue reading How Morris Worm Command and Control Changed Cybersecurity→

Kronos Malware Reemerges with Increased Functionality

Posted on January 25, 2023 by Itzik Chimino

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos […]

The post Kronos Malware Reemerges with Increased Functionality appeared first on Security Intelligence.

Continue reading Kronos Malware Reemerges with Increased Functionality→

Self-Checkout This Discord C2

Posted on January 17, 2023 by John Dwyer

In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated […]

The post Self-Checkout This Discord C2 appeared first on Security Intelligence.

Continue reading Self-Checkout This Discord C2→

Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1

Posted on October 17, 2022 by Rio Sherri

Command & Control (C2) frameworks are a very sensitive component of Red Team operations. Often, a Red Team will be in a highly privileged position on a target’s network, and a compromise of the C2 framework could lead to a compromise of both the red team operator’s system and control over beacons established on a […]

The post Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1 appeared first on Security Intelligence.

Continue reading Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1→

Zeus Sphinx Back in Business: Some Core Modifications Arise

Posted on May 11, 2020 by Nir Shwarts

With Zeus Sphinx back in the financial cybercrime arena, IBM X-Force is providing a technical analysis of the Sphinx Trojan’s current version, which was first released in the wild in late 2019.

The post Zeus Sphinx Back in Business: Some Core Modifications Arise appeared first on Security Intelligence.

Continue reading Zeus Sphinx Back in Business: Some Core Modifications Arise→

New Android Banking Trojan Targets Spanish, Portuguese Speaking Users

Posted on April 21, 2020 by Ben Wagner

IBM X-Force recently analyzed a new Android banking Trojan dubbed “Banker.BR” that appears to be targeting users in Spain, Portugal, Brazil and other parts of Latin America.

The post New Android Banking Trojan Targets Spanish, Portuguese Speaking Users appeared first on Security Intelligence.

Continue reading New Android Banking Trojan Targets Spanish, Portuguese Speaking Users→

TA505 Continues to Infect Networks With SDBbot RAT

Posted on April 14, 2020 by Melissa Frydrych

IBM X-Force IRIS recently identified attacks likely linked to Hive0065, also known as TA505, which spread the SDBbot remote-access Trojan (RAT) alongside other custom malware.

The post TA505 Continues to Infect Networks With SDBbot RAT appeared first on Security Intelligence.

Continue reading TA505 Continues to Infect Networks With SDBbot RAT→

Grandoreiro Malware Now Targeting Banks in Spain

Posted on April 13, 2020 by Dani Abramov

A familiar malware threat called Grandoreiro, a remote-overlay banking Trojan that typically affects bank customers in Brazil, has spread to attack banks in Spain.

The post Grandoreiro Malware Now Targeting Banks in Spain appeared first on Security Intelligence.

Continue reading Grandoreiro Malware Now Targeting Banks in Spain→

ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework

Posted on April 7, 2020 by Ole Villadsen

Financially motivated, adaptable, sophisticated and persistent, the ITG08 threat group is likely to remain one of the most potent cybercriminal groups in this new decade.

The post ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework appeared first on Security Intelligence.

Continue reading ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework→