Monday, August 14, 2017

DiamondFox in the Wild

TLP AMBER ANNOUNCEMENT: 

DiamondFox is a credential stealing multi purpose botnet that is available on the black market as MaaS (Malware as a Service). Also known as Gorynych, DiamondFox is still actively leveraged in the wild with its recent version Crystal available in online marketplaces. This dangerous malware can steal information from PoS (Point of Sale) systems with campaigns targeting multi-state healthcare providers, dental clinics, manufacturers, and technology companies. To get a picture of the current state of DiamondFox botnets, Wapack Labs has collected recent samples and extracted the command and control (C2) information from their configuration files. This report provides technical details on DiamondFox, the Russian botnet infrastructure, and details regarding the domains...READ MORE

Wapack Labs has cataloged and reported extensively on malware and botnets in the past. An archive of related reporting can be found in the Red Sky Alliance portal.

WWW.WAPACKLABS.COM

This TLP AMBER report is available only to Red Sky Alliance members.