Clicky

Sunday, December 1, 2019

APT Calypso RAT, Flying Dutchman Samples



Reference


 Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data.




Sunday, October 6, 2019

Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples)



Reference




“Masad Clipper and Stealer” steals browser information, computer files,  and automatically replaces cryptocurrency wallets from the clipboard with its own.
It is written using Autoit scripts and then compiled into a Windows executable.
It uses Telegram to exfiltrate stolen information.





Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples

Linux/AirDropBot samples