BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
BTC $68279.0927
ETH $3629.5433
BNB $418.8260
SOL $133.0943
XRP $0.6497
stETH $3620.7348
ADA $0.7707
DOGE $0.1827
AVAX $43.0376
DOT $9.8988
wstETH $4204.4051
TRX $0.1402
LINK $20.4333
WETH $3627.8562
MATIC $1.1461
WBTC $68015.7231
UNI $12.3628
BCH $469.5171
LTC $88.8112
IMX $3.1360
ICP $13.3800
CAKE $3.3523
ETC $35.9657
FIL $10.0244
LEO $4.8744
ATOM $12.4782
TON $2.7811
HBAR $0.1174
RNDR $7.3750
KAS $0.1614
INJ $40.6866
DAI $0.9990
OKB $56.8390
VET $0.0495
PEPE $0.0000
XLM $0.1458
FDUSD $0.9965
STX $3.0333
XMR $148.4317
WEMIX $2.7041
LDO $3.2821
NEAR $4.3354
GRT $0.3080
ARB $1.9787
THETA $2.3471
APEX $2.6824
BSV $115.5449
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The collaboration of former Conti hackers with the FIN7 group led to the spread of Domino and Nemesis malware

    A new strain of malware developed by attackers with ties to the FIN7 cybercriminal group was used by former members of the now-defunct Conti ransomware gang, indicating a collaboration between the two hacker groups.

    Malicious software, dubbed Domino, is primarily intended to facilitate the subsequent exploitation of malicious software on compromised systems.

    “Former members of the TrickBot/Conti syndicate have been using Domino since at least the end of February 2023 to deliver the Project Nemesis information thief or more powerful backdoors such as Cobalt Strike,” IBM Security X-Force security researcher said in the report.

    FIN7, also known as Carbanak and ITG14, is a prolific Russian-speaking cybercriminal syndicate that uses a variety of custom malware to deploy various payloads.

    The latest wave of intrusions detected by IBM Security X-Force two months ago involved the use of the Dave Loader to deploy the Domino backdoor.

    Potential links between Domino and FIN7 lie in the coincidence of the source code of the new malware with DICELOADER (aka Lizar or Tirion), which is attributed to the FIN7 group. This malware is designed to collect sensitive information and extract encrypted payloads from a remote attacker's server.

    In the next stage of the infection, the second loader, codenamed Domino, comes into play, which contains an encrypted information stealing program known as Project Nemesis, capable of collecting sensitive data from the clipboard, Discord, web browsers, crypto wallets, VPN services and other applications.

    Another important event connecting Domino with FIN7 dates back to December last year, when the same loader, NewWorldOrder, was used to deliver both Domino and Carbanak backdoors.

    This "matryoshka doll" of malware and downloaders used in this campaign is not some fundamentally new scheme. In November 2022, Microsoft Threat Intelligence reported cyberattacks orchestrated by an attacker known as DEV-0569. It used the BATLOADER malware to deliver Vidar and Cobalt Strike, the latter of which eventually contributed to the deployment of the Royal ransomware.

    “The use of malware that is associated with multiple groups of attackers within a single campaign, such as Dave Loader, Domino Backdoor and Project Nemesis Infostealer, highlights the difficulty of tracking down cybercriminals, but also provides insight into how and with whom they cooperate,” — concluded the IBM Security researcher.
    Author DeepWeb
    ChatGPT, PaperCut and Google Chrome bugs are on the CISA list of exploited vulnerabilities
    The Edge browser merges the list of visited sites directly to Microsoft servers

    Comments 0

    Add comment