Tag: BOTNET
February 22, 2022 Editor’s Note: Since conducting his initial research, ZeroFox Intelligence Researcher Stephan Simon has uncovered additional details about the operators and the botnet. Updates have been published here.
In late October 2021, ZeroFox Intelligence discovered a previously unknown botnet called Kraken. Though still under active development, Kraken already features the ability to download and execute secondary payloads, run shell commands, and take screenshots of the victim’s system.…
This post is also available in: 日本語 (Japanese)
Executive SummaryAs early as Dec. 21, 2021, Unit 42 observed a new infection method for the highly prevalent malware family Emotet. Emotet is high-volume malware that often changes and modifies its attack patterns. This latest modification of the Emotet attack follows suit.…
Research by: Aliaksandr Trafimchuk, Raman Ladutska
This research comes as a follow-up to our previous article on Trickbot, “When Old Friends Meet Again: Why Emotet Chose Trickbot For Rebirth” where we provided an overview of the Trickbot infrastructure after its takedown. Check Point Research (CPR) now sheds some light on the technical details of key Trickbot modules.…
These websites host Smokeloader payloads as part of three categories named “pab1”, “pab2” and “pab3”. These are not necessarily linked to the analogous “pub*” affiliate IDs, since we have seen some “pab2” payloads with the “555” affiliate ID. While tracking PrivateLoader, we only received links to download the “pab2” payloads from these websites.…
While monitoring the distribution source of malware in Korea, the ASEC analysis team has discovered that DDoS IRC Bot strains disguised as adult games are being installed via webhards. Webhards are platforms commonly used for the distribution of malware in Korea, where njRAT and UDP Rat were distributed in the past.…
In September, Russian companies faced the problem of malicious software disguised as accounting documents. The launch of the virus led to leaks of personal data of users and the connection their computers to the botnet. Check Point company claims that 15.3% of Russian Internet users received such letters only in a month.…
Herman Klimenko, adviser of the Russian President on Internet development, said that nowadays this is the most common and most dangerous virus. There are about 20 million computers in Moscow, of those, 20-30 percent are infected.…