BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The collaboration of former Conti hackers with the FIN7 group led to the spread of Domino and Nemesis malware

    A new strain of malware developed by attackers with ties to the FIN7 cybercriminal group was used by former members of the now-defunct Conti ransomware gang, indicating a collaboration between the two hacker groups.

    Malicious software, dubbed Domino, is primarily intended to facilitate the subsequent exploitation of malicious software on compromised systems.

    “Former members of the TrickBot/Conti syndicate have been using Domino since at least the end of February 2023 to deliver the Project Nemesis information thief or more powerful backdoors such as Cobalt Strike,” IBM Security X-Force security researcher said in the report.

    FIN7, also known as Carbanak and ITG14, is a prolific Russian-speaking cybercriminal syndicate that uses a variety of custom malware to deploy various payloads.

    The latest wave of intrusions detected by IBM Security X-Force two months ago involved the use of the Dave Loader to deploy the Domino backdoor.

    Potential links between Domino and FIN7 lie in the coincidence of the source code of the new malware with DICELOADER (aka Lizar or Tirion), which is attributed to the FIN7 group. This malware is designed to collect sensitive information and extract encrypted payloads from a remote attacker's server.

    In the next stage of the infection, the second loader, codenamed Domino, comes into play, which contains an encrypted information stealing program known as Project Nemesis, capable of collecting sensitive data from the clipboard, Discord, web browsers, crypto wallets, VPN services and other applications.

    Another important event connecting Domino with FIN7 dates back to December last year, when the same loader, NewWorldOrder, was used to deliver both Domino and Carbanak backdoors.

    This "matryoshka doll" of malware and downloaders used in this campaign is not some fundamentally new scheme. In November 2022, Microsoft Threat Intelligence reported cyberattacks orchestrated by an attacker known as DEV-0569. It used the BATLOADER malware to deliver Vidar and Cobalt Strike, the latter of which eventually contributed to the deployment of the Royal ransomware.

    “The use of malware that is associated with multiple groups of attackers within a single campaign, such as Dave Loader, Domino Backdoor and Project Nemesis Infostealer, highlights the difficulty of tracking down cybercriminals, but also provides insight into how and with whom they cooperate,” — concluded the IBM Security researcher.
    Author DeepWeb
    ChatGPT, PaperCut and Google Chrome bugs are on the CISA list of exploited vulnerabilities
    The Edge browser merges the list of visited sites directly to Microsoft servers

    Comments 0

    Add comment