#purecrypter — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #purecrypter, aggregated by home.social.
-
Do #PureLogs Stealer and #PureCrypter use the same C2 protocol, or is there some way to tell the C2 protocols apart?
C2 servers:
🔥 45.141.233.100:7708
🔥 144.172.91.74:7709
🔥 62.60.235.100:9100
🔥 65.108.24.103:62050
🔥 91.92.120.102:62050
🔥 192.30.240.242:62520 -
Good day everyone!
Cisco Talos brings us a HOT report on a new backdoor they observed in a widespread campaign that they dubbed #TorNet, owing to the fact that the actor connects the victim's machine to the TOR network for stealthy command and control (C2) communications and detection evasion.
Attack Summary:
The attack starts with a phishing email with a malicious attachment, which leads to a .NET loader executing and downloads the #PureCrypter malware, which is responsible for dropping and running the TorNet backdoor. After a successful connection to the C2 server it connects the victim's machine to the TOR network which enables it to receive and run arbitrary .NET assemblies in memory.Behavior Summary:
Initial Access:
Phishing Email with Attachment - in this case, a .tgz (compressed file)Defense Evasion
Released and renewed the ip address of the compromised machine - "cmd /c ipconfig /release" and "cmd /c ipconfig /renew"
Modifcaiton of the machine - "Add-MpPreference -ExclsuionPath" and "Add-MpPreference -ExclusionProcess"Discovery:
WMI Activity - "Select * from Win32_BIOS" and "Select * from Win32_ComputerSystem"Persistence:
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder - Dropped a VB script in the windows Startup folderThese are just some of the behaviors, for the rest, go and enjoy the read! Happy Hunting!
New TorNet backdoor seen in widespread campaign
https://blog.talosintelligence.com/new-tornet-backdoor-campaign/Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
-
Good day everyone!
Cisco Talos brings us a HOT report on a new backdoor they observed in a widespread campaign that they dubbed #TorNet, owing to the fact that the actor connects the victim's machine to the TOR network for stealthy command and control (C2) communications and detection evasion.
Attack Summary:
The attack starts with a phishing email with a malicious attachment, which leads to a .NET loader executing and downloads the #PureCrypter malware, which is responsible for dropping and running the TorNet backdoor. After a successful connection to the C2 server it connects the victim's machine to the TOR network which enables it to receive and run arbitrary .NET assemblies in memory.Behavior Summary:
Initial Access:
Phishing Email with Attachment - in this case, a .tgz (compressed file)Defense Evasion
Released and renewed the ip address of the compromised machine - "cmd /c ipconfig /release" and "cmd /c ipconfig /renew"
Modifcaiton of the machine - "Add-MpPreference -ExclsuionPath" and "Add-MpPreference -ExclusionProcess"Discovery:
WMI Activity - "Select * from Win32_BIOS" and "Select * from Win32_ComputerSystem"Persistence:
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder - Dropped a VB script in the windows Startup folderThese are just some of the behaviors, for the rest, go and enjoy the read! Happy Hunting!
New TorNet backdoor seen in widespread campaign
https://blog.talosintelligence.com/new-tornet-backdoor-campaign/Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
-
Good day everyone!
Cisco Talos brings us a HOT report on a new backdoor they observed in a widespread campaign that they dubbed #TorNet, owing to the fact that the actor connects the victim's machine to the TOR network for stealthy command and control (C2) communications and detection evasion.
Attack Summary:
The attack starts with a phishing email with a malicious attachment, which leads to a .NET loader executing and downloads the #PureCrypter malware, which is responsible for dropping and running the TorNet backdoor. After a successful connection to the C2 server it connects the victim's machine to the TOR network which enables it to receive and run arbitrary .NET assemblies in memory.Behavior Summary:
Initial Access:
Phishing Email with Attachment - in this case, a .tgz (compressed file)Defense Evasion
Released and renewed the ip address of the compromised machine - "cmd /c ipconfig /release" and "cmd /c ipconfig /renew"
Modifcaiton of the machine - "Add-MpPreference -ExclsuionPath" and "Add-MpPreference -ExclusionProcess"Discovery:
WMI Activity - "Select * from Win32_BIOS" and "Select * from Win32_ComputerSystem"Persistence:
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder - Dropped a VB script in the windows Startup folderThese are just some of the behaviors, for the rest, go and enjoy the read! Happy Hunting!
New TorNet backdoor seen in widespread campaign
https://blog.talosintelligence.com/new-tornet-backdoor-campaign/Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
-
Good day everyone!
Cisco Talos brings us a HOT report on a new backdoor they observed in a widespread campaign that they dubbed #TorNet, owing to the fact that the actor connects the victim's machine to the TOR network for stealthy command and control (C2) communications and detection evasion.
Attack Summary:
The attack starts with a phishing email with a malicious attachment, which leads to a .NET loader executing and downloads the #PureCrypter malware, which is responsible for dropping and running the TorNet backdoor. After a successful connection to the C2 server it connects the victim's machine to the TOR network which enables it to receive and run arbitrary .NET assemblies in memory.Behavior Summary:
Initial Access:
Phishing Email with Attachment - in this case, a .tgz (compressed file)Defense Evasion
Released and renewed the ip address of the compromised machine - "cmd /c ipconfig /release" and "cmd /c ipconfig /renew"
Modifcaiton of the machine - "Add-MpPreference -ExclsuionPath" and "Add-MpPreference -ExclusionProcess"Discovery:
WMI Activity - "Select * from Win32_BIOS" and "Select * from Win32_ComputerSystem"Persistence:
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder - Dropped a VB script in the windows Startup folderThese are just some of the behaviors, for the rest, go and enjoy the read! Happy Hunting!
New TorNet backdoor seen in widespread campaign
https://blog.talosintelligence.com/new-tornet-backdoor-campaign/Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
-
An unknown threat group has been targeting government agencies in Asia Pacific and North America via abuse of the popular Discord network and a hijacked website belonging to a non-profit. The two-stage attacks include enticing victims to install the PureCrypter downloader, which then delivers a variety of possible malware payloads.
https://www.scmagazine.com/news/cybercrime/purecrypter-discord-target-govt #CyberSecurity #PureCrypter #Discord #NorthAmerica #APAC #government #targets -
Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.
https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html #CyberSecurity #PureCrypter #malare #APAC #NorthAmerica -
Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.
https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html #CyberSecurity #PureCrypter #malare #APAC #NorthAmerica -
Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.
https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html #CyberSecurity #PureCrypter #malare #APAC #NorthAmerica -
Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.
https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html #CyberSecurity #PureCrypter #malare #APAC #NorthAmerica -
📢 Watch out for PureCrypter malware targeting government entities through #Discord by delivering a wide range of other nasty #malware.
Details: https://www.hackread.com/purecrypter-malware-discord/
-
I'M BAAAACK!
Og det er #CYBER2GO også!
Dagens 3 nyheder:
* #Microsoft integrerer #Edge #Secure #Network
* #NewsCorp udsat for #cyberangreb 2020-2022
* #PureCrypter - global indflydelse
Lyt med hvor du finder dine #podcasts eller på https://cyber2go.buzzsprout.com!
--
tags:
#cyber2go #cybersikkerhed #cybersec #cybersecurity #IT #teknik #fælleshjerne #dkmastodon -
Der #Trojaner #PureCrypter wird momentan für Angriffe auf Regierungs-Organisationen verwendet. https://winfuture.de/news,134827.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia