Although the majority of botnets still use a basic client-server model, with most relying on HTTP servers to receive commands, many prominent threats now use
Category: Threat Intelligence
Petya The jury is still out on whether the malware is Petya or something that just looks like it (it messes with the Master Boot
Our sinkhole is designed to collect any and all HTTP requests to sinkholed domain for investigation purposes (these are then sent to a back-end database). What this
A while ago I started writing a series of articles documenting the Kelihos Peer-to-Peer infrastructure but had to pull them due to an ongoing operation.
Mirai is a piece of malware designed to hijack busybox systems (commonly used on IoT devices) in order to perform DDoS attacks, it’s also the
With the exception of a few unconfirmed reports of Dridex targeting Baltic countries (which doesn’t make much sense economically), infection campaigns have ceased since mid
Since the Kelihos takedown in front of a live audience at RSA Conference in 2013, the operator had opted to maintain a low profile by keeping
Around the 8th of June VICE picked up the story about Necurs’ downtime and wrote a great article including a tweet from Kevin Beaumont referencing
Dridex spreads mainly using Office documents containing malicious macros, initially the primary stage would involve using VBA (Visual Basic for Applications) to download and execute
While I was reverse engineering ZeroAccess in order to write a monitoring system, I had an idea which would allow me to use ZeroAccess C&C