Nov. 17, 2023, 2:10 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics

  • Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. 

  • Most of the group’s Phobos variants are distributed by SmokeLoader, a backdoor trojan. This commodity loader typically drops or downloads additional payloads when deployed. In 8Base campaigns, however, it has the ransomware component embedded in its encrypted payloads, which is then decrypted and loaded into the SmokeLoader …

8base backdoor cisco cisco talos deep dive distributed dive loader operations phobos ransomware ransomware ransomware group smokeloader talos tools trojan

Information Security Engineers

@ D. E. Shaw Research | New York City

Anti-fraud and Compliance Support Agent (Armenia)

@ Manychat | Yerevan, Armenia

ATC Instructor - Cybersecurity

@ Fulton County Schools | Atlanta, GA, US, 30339

Senior Cyber Threat Intel Analyst

@ Maveris | Washington, District of Columbia, United States - Remote

Head of Information Security

@ Catawiki | The Hague, Netherlands

Security Architect

@ Ocorian | London, United Kingdom