#systembc — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #systembc, aggregated by home.social.
-
The Gentlemen smascherati: quando il secondo gruppo ransomware al mondo diventa la vittima
Il backend del gruppo ransomware-as-a-service The Gentlemen è stato violato e i dati interni pubblicati. Check Point Research ha analizzato il leak, rivelando struttura organizzativa, identità dell'amministratore, tattiche di negoziazione e l'arsenale tecnico di uno dei gruppi criminali più attivi del 2026. -
The Gentlemen smascherati: quando il secondo gruppo ransomware al mondo diventa la vittima
Il backend del gruppo ransomware-as-a-service The Gentlemen è stato violato e i dati interni pubblicati. Check Point Research ha analizzato il leak, rivelando struttura organizzativa, identità dell'amministratore, tattiche di negoziazione e l'arsenale tecnico di uno dei gruppi criminali più attivi del 2026. -
The Gentlemen smascherati: quando il secondo gruppo ransomware al mondo diventa la vittima
Il backend del gruppo ransomware-as-a-service The Gentlemen è stato violato e i dati interni pubblicati. Check Point Research ha analizzato il leak, rivelando struttura organizzativa, identità dell'amministratore, tattiche di negoziazione e l'arsenale tecnico di uno dei gruppi criminali più attivi del 2026. -
The Gentlemen smascherati: quando il secondo gruppo ransomware al mondo diventa la vittima
Il backend del gruppo ransomware-as-a-service The Gentlemen è stato violato e i dati interni pubblicati. Check Point Research ha analizzato il leak, rivelando struttura organizzativa, identità dell'amministratore, tattiche di negoziazione e l'arsenale tecnico di uno dei gruppi criminali più attivi del 2026. -
The Gentlemen smascherati: quando il secondo gruppo ransomware al mondo diventa la vittima
Il backend del gruppo ransomware-as-a-service The Gentlemen è stato violato e i dati interni pubblicati. Check Point Research ha analizzato il leak, rivelando struttura organizzativa, identità dell'amministratore, tattiche di negoziazione e l'arsenale tecnico di uno dei gruppi criminali più attivi del 2026. -
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
#TheGentlemen #SystemBC
https://research.checkpoint.com/2026/dfir-report-the-gentlemen/ -
Gentlemen Ransomware Spreads Rapidly Through Affiliate Network
Gentlemen Ransomware is spreading rapidly through its affiliate network, fueling a surge in multi-platform attacks and infections linked to the malicious tool SystemBC. This ransomware-as-a-service operation is making it alarmingly easy for cybercriminals to join the fray and wreak havoc.
#Ransomware #GentlemenRansomware #Ransomwareasaservice #AffiliateNetwork #Systembc
-
Operation Storming Tide: A massive multi-stage intrusion campaign
#Mora_001 #Matanbuchus #SystemBC
https://fortgale.com/blog/defence/operation-storming-tide/ -
Silent Push Identifies More Than 10,000 Infected IPs as Part of SystemBC Botnet Malware Family
#SystemBC
https://www.silentpush.com/blog/systembc/ -
SystemBC – Bringing the Noise
#SystemBC #REMProxy
https://blog.lumen.com/systembc-bringing-the-noise/ -
Another day, another #Amadey 📅👀 This time dropping #SystemBC ⤵️
Amadey botnet C2:
📡cobolrationumelawrtewarms .com
📡107.189.27.66 (AS14956 ROUTERHOSTING 🇳🇱)Dropping SystemBC from the following URL:
🌐https://urlhaus.abuse.ch/url/3470633/SystemBC payload:
📄https://bazaar.abuse.ch/sample/c13d59dc2e8ee1cbdb8016de0fb3b374f827406fa5d2d1aa4a2820170816d131/SystemBC botnet C2:
📡towerbingobongoboom .com
📡213.209.150.137:4086 (AS42821 RAPIDNET 🇩🇪) -
Happy Monday, or should I say, Happy #DFIRDay!
That's right, The DFIR Report has dropped another one of their awesome reports, this time covering an attack that involved the #BlackSuit ransomware. There was a dash of #CobaltStrike, #SystemBC, some encoded Powershell commands for defense evasion (and to keep you guessing on what the command really is!), LSASS access for credentials, and ultimately led to the ransomware being deployed. This report provides a great example of all the things the adversary needs to do to be successful in an attack and all the information they need from your environment to do it!
Stay tuned for your Threat Hunting Tip of the Day but while you wait, enjoy the article! Happy Hunting!
And I promise you I am not going to take the easy way out and hit you with the AutoRun registry key hunt package again!
BlackSuit Ransomware
https://thedfirreport.com/2024/08/26/blacksuit-ransomware/Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
-
We are proud to announce that Sekoia #TDR team contributed to the joint international law enforcement operation #OperationEndgame, targeting the notorious botnets #IcedID, #Smokeloader, #SystemBC and #Pikabot
-
Operation Endgame - Largest Ever Operation Against Botnets Hits Dropper Malware Ecosystem
Date: May 30, 2024
CVE: Not specified
Vulnerability Type: Malware
CWE: [[CWE-94]], [[CWE-502]]
Sources: Europol News, Eurojust NewsIssue Summary
Europol, in coordination with law enforcement agencies from multiple countries, conducted the largest ever operation targeting botnets. This operation, dubbed "Operation Endgame," took place from May 27 to 29, 2024, and led to the disruption of major malware droppers including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. The effort resulted in four arrests and the takedown of over 100 servers worldwide. These droppers were used to facilitate ransomware and other cyber-attacks by installing additional malware onto target systems. The operation was supported by Eurojust and involved contributions from countries including France, Germany, the Netherlands, Denmark, the UK, the US, and others. Private partners also played a role in the operation, which aimed to dismantle the infrastructure supporting these malicious activities. The success of this operation marks a significant step in combating cybercrime on a global scale.
Operation Endgame, coordinated by Europol, dismantled several major botnets including IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee. This international effort involved law enforcement agencies from multiple countries and led to the arrest of four individuals and the takedown of over 100 servers. The botnets targeted facilitated ransomware and other cyber-attacks.
Technical Key Findings
The malware droppers involved are designed to infiltrate systems and install additional malware, often avoiding detection through sophisticated evasion techniques. These droppers were used to deploy ransomware and other malicious payloads by bypassing security measures and enabling further system compromises.
Vulnerable Products
The operation did not specify particular products but targeted the infrastructures supporting droppers like IcedID, SystemBC, Pikabot, Smokeloader, and Bumblebee.
Impact Assessment
If abused, these vulnerabilities could lead to widespread ransomware attacks, financial losses, and significant disruption of services. The infrastructure taken down had facilitated numerous cyber-attacks globally, highlighting the severe impact on cybersecurity.
Patches or Workaround
The report did not mention specific patches or workarounds. However, continuous monitoring and updating of security measures are recommended to protect against such threats.
Tags
#Botnets #Malware #Ransomware #Cybersecurity #Europol #OperationEndgame #Cybercrime #IcedID #SystemBC #Pikabot #Smokeloader #Bumblebee
-
We are proud to announce that we assisted the joint international law enforcement operation #OperationEndgame, targeting the notorious botnets #IcedID, #Smokeloader, #SystemBC and #Pikabot 🔥
abuse.ch has provided key infrastructure to LEA and internal partners to disrupt these botnet operations 🛑
More information on the operation is available here:
👉 https://operation-endgame.com/ -
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/
-
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/
-
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/
-
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/
-
🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏
As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.
👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/