Summary:
Noxia, a new dark web bulletproof hosting provider, is facilitating cybercriminal activities by offering low-cost server rentals for various programming applications. This service enables the distribution of malicious code and software supply chain attacks, posing significant risks to cybersecurity. The provider’s infrastructure allows for the creation and management of disposable servers, complicating tracking efforts by law enforcement.
#DarkWeb #BulletproofHosting #CyberCrime
Noxia, a new dark web bulletproof hosting provider, is facilitating cybercriminal activities by offering low-cost server rentals for various programming applications. This service enables the distribution of malicious code and software supply chain attacks, posing significant risks to cybersecurity. The provider’s infrastructure allows for the creation and management of disposable servers, complicating tracking efforts by law enforcement.
#DarkWeb #BulletproofHosting #CyberCrime
Keypoints:
Noxia is a new bulletproof hosting provider on the dark web, advertising on BreachForums.
Offers low-cost server rentals for Python, Node.js, Go, and Rust applications.
Provides infrastructure for malware distribution and software supply chain attacks.
Servers can be used for command and control, phishing, and managing botnets.
Noxia’s services are designed to evade detection by security filters.
Malware hosted by Noxia includes files flagged as malicious by multiple security vendors.
Developers are advised to adopt comprehensive security strategies to mitigate risks.
MITRE Techniques:
Supply Chain Compromise (T1195.002): Compromise Software Supply Chain.
Acquire Infrastructure (T1583.003): Virtual Private Server.
Develop Capabilities (T1587.001): Malware.
Command and Scripting Interpreter (T1059.006): Python.
Command and Scripting Interpreter (T1059.007): JavaScript.
IoC:
[domain] noxia[.]cloud
[domain] octane[.]lol
[ip address] 149.40.3[.]138
[ip address] 54.84.236[.]175
[ip address] 142.132.140[.]101
[ip address] 35.169.59[.]174
[ip address] 172.67.214[.]207
[ip address] 3.70.101[.]28
[ip address] 3.72.140[.]173
[file name] octane.exe
[file hash] cb800cc9a220ac17e8f222b8c33f4afcc92b6d17b5453e19be99705806c32dc2
[file hash] cc16da3e9a5d56c8a0ac96e1211acb8b728bf66dbaad24f15ad8190f7bedce72
Full Research: https://socket.dev/blog/noxia-emerging-dark-web-bulletproof-hosting-provider