Key findings We found a new heuristic allowing us to keep tracking the attack infrastructure of the infamous ShadowSyndicate known to leverage a wide range of top-tier Ransomware-as-service. ShadowSyndicate used the same Secure Shell (SSH) fingerprint on many servers...
Principale conclusion Les Spoofers sont principalement des loueurs d’infrastructures. Ils développent l’outil et ensuite préparent des « places » payantes pour les autres utilisateurs. Ils jouissent d’une position dominante surtout grâce à la différence de...
Key findings A phishing toolkit that we named “Premium panel”, due to the presence of the sentence “Live Control Panel Premium”. This toolkit is comprised of a panel composed of multiple .php pages and .js scripts that handle victim credentials logging and redirection...
Key findings CryptBot continues to be deployed mainly from websites offering fake cracked software and “Pay-Per-Install” solutions like PrivateLoader (also known as “InstallsKey” on Telegram) or the now defunct 360Installer. By searching for the Matomo tracking script...
Key findings This report presents: The Russian autonomous system PROSPERO (AS200593) could be linked with a high level of confidence to Proton66 (AS198953), another Russian AS, that we believe to be connected to the bulletproof services named ‘SecureHost’...
