Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control C2 beaconing intervals, rather than persisten...

RedditC2 - Abusing Reddit API To Host The C2 Traffic, Since Most Of The Blue-Team Members Use Reddit, It Might Be A Great Way To Make The Traffic Look Legit

Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit.  Disclaimer: Use of this project is for Educational/Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is...

Denonia cryptominer is first malware to target AWS Lambda

Security researchers at Cado Security, a cybersecurity forensics company, recently discovered the first publicly-known malware targeting Lambda, the serverless computing platform of Amazon Web Services AWS. Though Lambda has been around for less than ten years, serverless technology is considered...

CobaltBus - Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus

Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus Setup 1. Create an Azure Service Bus 2. Create a Shared access policy Connection string that can only Send and Listen 3. Edit the static connectionString variable in Beacon C projects to match the "Primar...

Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor

Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform. These overarching changes make it both easier for cybercriminals to deploy the backdoor, as well as cloak the destination of the command-and-control C2 traffic...

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor

Executive Summary We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452. FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. The attacker’s post...

CSI: Evidence Indicators for Targeted Ransomware Attacks - Part II | McAfee Blogs

CSI: Evidence Indicators for Targeted Ransomware Attacks – Part II Christiaan Beek · FEB 20, 2020 In our first article we discussed the growing pattern of targeted ransomware attacks where the first infection stage is often an info-stealer kind of malware used to gain credentials/access to...

SMB DOUBLEPULSAR Remote Code Execution

This module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This module require...

Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth

A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits EKs, according to researchers. Proofpoint researchers said on Thursday that in the most recently tracked example, t...

Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor

This tool was developed by Mike Bautista. PyLocky is a family of ransomware written in Python that attempts to masquerade as a Locky variant. This ransomware will encrypt all files on a victim machine before demanding that the user pay a ransom to gain access to their decrypted files. To combat...