Search cyberveille.decio.ch

Visualizing QakBot Infrastructure

This blog post seeks to draw out some high-level trends and anomalies based on our ongoing tracking of QakBot command and control (C2) infrastructure. By looking at the data with a broader scope, we hope to supplement other research into this particular threat family, which in general focuses on specific infrastructure elements; e.g., daily alerting on active C2 servers.

#team-cymru #EN #2023 #QakBot #Infrastructure #research #C2

·team-cymru.com·May 18, 2023

Visualizing QakBot Infrastructure

Darth Vidar: The Dark Side of Evolving Threat Infrastructure

Summary Three key takeaways from our analysis of Vidar infrastructure: Russian VPN gateways are potentially providing anonymity for Vidar operators / customers, making it more challenging for analysts to have a complete overview of this threat. These gateways now appear to be migrating to Tor. Vidar operators appear to be expanding their infrastructure, so analysts need to keep them in their sights. We expect a new wave of customers and as a result, an increase of campaigns in the upcoming weeks

#team-cymru #EN #2023 #Vidar #infostealer #analysis #threat #infrastructure #VPN

·team-cymru.com·Jan 23, 2023

Darth Vidar: The Dark Side of Evolving Threat Infrastructure

Summary Three key takeaways from our analysis of Vidar infrastructure: Russian VPN gateways are potentially providing anonymity for Vidar operators / customers, making it more challenging for analysts to have a complete overview of this threat. These gateways now appear to be migrating to Tor. Vidar operators appear to be expanding their infrastructure, so analysts need to keep them in their sights. We expect a new wave of customers and as a result, an increase of campaigns in the upcoming weeks

#team-cymru #EN #2023 #Vidar #infostealer #analysis #threat #infrastructure #VPN

·team-cymru.com·Jan 23, 2023

Darth Vidar: The Dark Side of Evolving Threat Infrastructure