Prometei botnet improves modules and exhibits new capabilities in recent updates

• Prometei botnet continued its activity since Cisco Talos first reported about it in 2020.  Since November 2022, we have observed Prometei improving the infrastructure components and capabilities. More specifically, the botnet operators updated certain submodules of the execution chain to automate processes and challenge forensic analysis methods.
  
  


• We assess with high confidence that v3 of the Prometei botnet is of medium size, with   more than 10,000 infected systems worldwide, based on data obtained by sinkholing the DGA domains over a …

analysis botnet capabilities challenge cisco cisco talos forensic forensic analysis high infrastructure medium modules november processes prometei size systems talos updates