C&C | Orthology.eu

Malwarebytes Labs April 12, 2021

How ransomware gangs are connected, sharing resources and tactics

Many of us who read the news daily encounter a regular drum beat of ransomware stories that are both worrying and heartbreaking. And what many of us don’t realize is that they are often interconnected. Some of the gangs behind the ransomware campaigns that we read about have established a relationship among each other that can be described as “being in league with each other”, yet they lack … [Read more...]

Filed Under: Analysis of the World's First Ransomware Cartel, Analyst1, BazarLoader, C&C, CIS, command & control, Commonwealth of Independent States, conti, digital cartel, FIN6, Grim SPider, Jon DiMaggio, lockbit, Maze Team, megacortex, raas, Ragnar group, ransom cartel, Ransom Mafia, ransomware, Ransomware as a Service, ransomware cartel, ryuk, suncrypt, TEMP.MixMaster, trickbot, Twisted Spider, UNC1878, Viking Spider, Wizard Spider

Pieter Arntz February 5, 2021

Update now! Chrome patches zero-day that was exploited in the wild

A Chrome patch has been issued with an advisory stating that the Stable channel has been updated to 88.0.4324.150 for Windows, Mac and Linux. The only noteworthy thing about this update is a patch for a zero-day vulnerability that has been actively exploited in the wild. But that one looks to be extremely important. Which zero-day got patched? Publicly disclosed computer security flaws are … [Read more...]

Filed Under: C&C, chrome, cve-2021-21148, Exploits and vulnerabilities, heap buffer overflow, security researchers, Social engineering, solarwinds, watering hole

Jovi Umawing September 3, 2019

TrickBot adds new trick to its arsenal: tampering with trusted texts

Researchers from Dell Secureworks saw a new feature in TrickBot that allows it to tamper with the web sessions of users who have certain mobile carriers. According to a blog post that they published early last week, TrickBot can do this by “intercepting network traffic before it is rendered by a victim’s browser.” If you may recall, TrickBot, a well-known banking Trojan we detect as … [Read more...]

Filed Under: 2fa, account takeover fraud, ATO, Authy, C&C, Dell Secureworks, dynamic webinject, dyreza, emotet, Eternal Romance, EternalBlue, EternalChampion, Gold Blackburn, Google Authenticator, hasherezade, point-of-sale, port-out fraud, POS, SIM hijacking, SIM swapping, Sprint, T-Mobile, thetrick, trickbot, trickloader, trickster, Trojan.TrickBot, Trojans, two-factor authentication, Verizon Wireless

Malwarebytes Labs December 12, 2017

A state of constant uncertainty or uncertain constancy? Fast flux explained

Last August, WireX made headlines. For one thing, it was dubbed the first-known DDoS botnet that used the Android platform. For another, it used a technique that—for those who have been around in the industry for quite a while now—rung familiar in the ears: fast flux. In the context of cybersecurity, fast flux could refer to two things: one, a network similar to a P2P that hosts a botnet’s … [Read more...]

Filed Under: 101, botnet, C&C, carding, fast flux, fast flux agent, FYI, IP flux, kronos, phishing, storm worm, stration worm, wirex

How ransomware gangs are connected, sharing resources and tactics

TrickBot adds new trick to its arsenal: tampering with trusted texts

A state of constant uncertainty or uncertain constancy? Fast flux explained

SEARCH

RECENT POSTS

Archives

DISCLAIMER