![]() ![]() They shone light on two large email campaigns targeting U.S. In August of 2021, Group-IB published research on Prometheus TDS. Prometheus: The God of Fire (and TDSes?!) In our revamped plot line, there is hope at the bottom of Pandora’s box in the form of passionate researchers working diligently to identify and thwart these cyber-thieves. The torch is now a Beacon (of the cracked/leaked Cobalt Strike variety). In our gritty reboot of this classic tale, instead of a rebel bringing the light of knowledge to humanity, the main character is the “puppetmaster” of a monstrous cephalopod that has its tentacles wending its way around a huge territory. What would this tale look like if it were updated, with the god of fire reimagined as a cybercriminal? Prometheus, a supreme trickster, stole fire for humankind by lighting a torch from the sun. He has published information and tooling that makes it possible to decrypt this Beacon traffic. Malware researcher for NVISO Labs Didier Stevens also recently found six SSL private keys bundled with cracked or leaked copies of Cobalt Strike, one of which has an extensive overlap with Prometheus-related activity.With the data gathered from the BlackBerry Research & Intelligence Team’s Cobalt Strike Team Server scanning solution, we were able to cluster a variety of different malware families they’ve used, based on Beacon configuration data. ![]() This threat actor appears to lean heavily on Cobalt Strike for part of its infrastructure (for more information about Cobalt Strike please download our recent book on the subject).The Crimeware-as-a-Service (CaaS) offering was posted by a cyber threat actor called “Ma1n” on various Russian hack forums, to a primarily Russian customer base. The subscription-based malware service Prometheus TDS was first discovered in August of 2021 by Group-IB, as part of an email campaign targeting U.S. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |