Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Recently, a new infection vector that cracks Windows machines through SMB password brute force is on the rise” reads the analysis published by AVAST. ” continues the report.

DNS 129

DNS Cryptocurrency Internet Internet 129

Krebs on Security

JULY 18, 2022

These two software are currently unknown to most if not all antivirus companies.” “Using the internal router, it would be possible to poison the DNS cache of the LAN router of the infected node, enabling further attacks.” The Exe Clean service made malware look like goodware to antivirus products.

VPN 304

VPN Computers and Electronics Antivirus Software 304

SecureList

OCTOBER 25, 2023

Subsequent analysis revealed earlier instances of suspicious code dating back to 2017. Importantly, our investigation, which considered binary timestamps, indicated that this exploit was created prior to April 2017. It is worth noting that the EternalBlue exploit was publicly disclosed by the Shadow Brokers group on April 14, 2017.

Malware 106

Malware DNS Encryption Cryptocurrency 106

Krebs on Security

SEPTEMBER 6, 2021

The common acronym in nearly all of Saim Raza’s domains over the years — “FUD” — stands for “ F ully U n- D etectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances. ” Image: Scylla Intel.

Software 239

Software Phishing Cybercrime Accountability 239

SecureList

DECEMBER 1, 2023

Upon startup, this backdoor makes a type A DNS request for the <hex-encoded 20-byte string> u.fdmpkg[.]org After parsing the response to the DNS request, the backdoor launches a reverse shell, using the secondary C2 server for communications. Instead, it tried to exploit the CVE-2017-0199 vulnerability. org domain.

Malware 90

Malware Ransomware Encryption Energy and Utilities 90

Security Affairs

APRIL 9, 2019

The installed payload actually is a Base64 encoded PE32 file, file-lessly stored within the registry hive to avoid antivirus detection. Stealer and CryptoStealer module to steal cryptocurrency wallets and saved passwords. Figure 5: Final payload written in the registry key in base64 Format. The Payload. Static payload data.

Malware 72

Malware Advertising DNS Antivirus 72

Security Boulevard

JUNE 15, 2023

As a result, this technique may bypass static antivirus signatures and complicate malware reverse engineering. Prior to this date, in 2021, the domain was registered and hosted by a previous owner, with DNS resolution observed through October of 2021. 171:15555 Size ~234 KB Compiler: EP:Microsoft Visual C/C++ (2017 v.15.5-6)

Cryptocurrency 52

Cryptocurrency Password Management Malware DNS 52