all InfoSec news
Suspicious Prometei Botnet Activity, (Sun, Jan 7th)
Malware Analysis, News and Indicators - Latest topics malware.news
On the 31 Dec 2023, after trying multiple username/password combination, actor using IP 194.30.53.68 successfully loging to the honeypot and uploaded eight files where 2 of them are protected with a 7zip password (updates1.7z & updates2.7z). Some of these files have been identified to be related to the Prometei trojan by Virustotal. The file sqhost.exe [6] was last found by Talos [7] used with the Prometei botnet as a trojan coin miner.
Article Link: https://isc.sans.edu/diary/rss/30538
1 post - 1 participant …
7zip actor amp botnet dec files honeypot password prometei trojan username virustotal