Key findings A phishing toolkit that we named “Premium panel”, due to the presence of the sentence “Live Control Panel Premium”. This toolkit is comprised of a panel composed of multiple .php pages and .js scripts that handle victim credentials logging and redirection...
Key findings CryptBot continues to be deployed mainly from websites offering fake cracked software and “Pay-Per-Install” solutions like PrivateLoader (also known as “InstallsKey” on Telegram) or the now defunct 360Installer. By searching for the Matomo tracking script...
Key findings This report presents: The Russian autonomous system PROSPERO (AS200593) could be linked with a high level of confidence to Proton66 (AS198953), another Russian AS, that we believe to be connected to the bulletproof services named ‘SecureHost’...
Key findings This report presents: The Regulations on the Management of Network Product Security Vulnerabilities (RMSV), an extension of China’s 2017 Cybersecurity Law, targeting hardware/software companies as well as cybersecurity researchers. The RMSV...
Key findings The online presence of “all_father”, the user advertising PandorahVNC. The capabilities of PandorahVNC and other known threat actors that were observed using it. An infrastructure related to PandorahVNC which is advertised as “anonvnc” and is linked with...
Key findings Code Signing Technology allows developers to digitally sign their programs, ensuring authenticity and integrity. This can be exploited by malicious actors to bypass security measures, gain privileges, and deceive users with seemingly legitimate...
