BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Chinese cybercriminals attack Asian government agencies and defense organizations


    In one of the latest reports, Symantec security specialists spoke about the Billbug group, whose activities they have been monitoring since 2018. One of the latest attacks is targeted at a company that provides certification services. According to experts, this is how hackers wanted to get signatures for their malware in order to make it harder to detect or decrypt traffic.

    Symantec has not been able to figure out how Billbug gains initial access to victims' networks, but has seen evidence that it does so by exploiting known vulnerabilities in popular applications. As with its other campaigns, Billbug combines tools used on victim systems, various utilities, and its own malware. The hacker's toolkit looks like this:

    • AdFind;
    • Winmail;
    • WinRAR;
    • Ping;
    • Tracert;
    • Route;
    • NBTscan;
    • Certutil;
    • Port Scanner.

    These tools help cybercriminals to merge with normal processes and not leave behind suspicious traces in the logs.

    But the group also has more exotic weapons in its arsenal, which it often uses during attacks:

    • Stowaway, a Go-based layered proxy tool;
    • The Hannotog backdoor allows hackers to change firewall settings, gain a foothold on a compromised machine, download encrypted data, execute arbitrary commands;
    • The Sagerunex backdoor is deployed with Hannotog and injected into the "explorer.exe" process. It then writes the logs to a local temporary file encrypted with the AES (256-bit) algorithm. The configuration and state of the backdoor is also stored locally and encrypted with the RC4 algorithm, with the keys for both algorithms hardcoded into the malware. Sagerunex then connects to the C&C server via HTTPS to send a list of active proxies and files, and receives payloads and shell commands from operators. Moreover, it can execute programs and DLLs using "runexe" and "rundll".

    The traces of these tools in the victims' networks led Symantec to Billbug, as the hackers used them frequently in their previous operations.

    Author DeepWeb
    10 Linux Commands That Can Destroy Your System
    Scientists have discovered three new strains of ransomware in the wild

    Comments 0

    Add comment