The Threat CodexMar 26
Operation Storming Tide: A massive multi-stage intrusion campaign
#Mora_001 #Matanbuchus #SystemBC
https://fortgale.com/blog/defence/operation-storming-tide/
Operation Storming Tide: A massive multi-stage intrusion campaign

In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabilities. The campaign, internally dubbed "FortiSync Quasar," revealed an evolution from ransomware operations to strategic espionage, deploying Matanbuchus 3.0, Astarion RAT, and SystemBC. Rapid containment prevented any data exfiltration.

Fortgale Blog
The Threat CodexFeb 5
Silent Push Identifies More Than 10,000 Infected IPs as Part of SystemBC Botnet Malware Family
#SystemBC
https://www.silentpush.com/blog/systembc/
Silent Push Identifies More Than 10,000 Infected IPs as Part of SystemBC Botnet Malware Family

Silent Push Preemptive Cyber Defense Analysts identified more than 10,000 unique infected IP addresses associated with the SystemBC botnet.

Silent Push
TechNaduFeb 4

SystemBC infections now exceed 10,000 IPs globally, including systems linked to government hosting.

Silent Push also uncovered a stealthy Linux-targeting Perl variant with zero AV detections.

https://www.technadu.com/systembc-infections-exceed-10000-including-systems-linked-to-government-hosting/619549/

Thoughts?
#ThreatIntel #Malware #SystemBC #Ransomware

The Threat CodexSep 18, 2025
SystemBC – Bringing the Noise
#SystemBC #REMProxy
https://blog.lumen.com/systembc-bringing-the-noise/
SystemBC: Bringing the noise

Understand how the SystemBC botnet utilizes VPS networks to create powerful proxies for criminal threat groups and malicious activities.

Lumen Blog
The DefendOps DiariesSep 18, 2025

A single infected VPS is now pumping out 16GB of proxy traffic a day—turning servers into a cybercrime highway. How is SystemBC reshaping the threat landscape? Read on to uncover the full story.

https://thedefendopsdiaries.com/systembc-malware-transforming-infected-vps-systems-into-a-proxy-highway/

#systembc
#malware
#vpssecurity
#botnet
#cybercrime
#proxy
#infosec
#threatintelligence
#cybersecurity

SystemBC Malware: Transforming Infected VPS Systems into a Proxy Highway

Discover how SystemBC malware exploits vulnerable VPS systems to create a global proxy network, fueling cybercrime and evading law enforcement.

The DefendOps Diaries
abuse.ch Mar 7, 2025

Another day, another #Amadey 📅👀 This time dropping #SystemBC ⤵️

Amadey botnet C2:
📡cobolrationumelawrtewarms .com
📡107.189.27.66 (AS14956 ROUTERHOSTING 🇳🇱)

Dropping SystemBC from the following URL:
🌐https://urlhaus.abuse.ch/url/3470633/

SystemBC payload:
📄https://bazaar.abuse.ch/sample/c13d59dc2e8ee1cbdb8016de0fb3b374f827406fa5d2d1aa4a2820170816d131/

SystemBC botnet C2:
📡towerbingobongoboom .com
📡213.209.150.137:4086 (AS42821 RAPIDNET 🇩🇪)

URLhaus | http://45.59.120.8/files/dinnmamunms/cubrodriver.exe

URLhaus is a project operated by abuse.ch with the purpose of sharing malicious URLs that are being used for malware distribution

The Threat CodexAug 27, 2024
BlackSuit Ransomware
#BlackSuitRansomware #CobaltStrike #BloodHound #SystemBC
https://thedfirreport.com/2024/08/26/blacksuit-ransomware/
BlackSuit Ransomware

Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor leveraged va…

The DFIR Report
Just Another Blue TeamerAug 26, 2024

Happy Monday, or should I say, Happy #DFIRDay!

That's right, The DFIR Report has dropped another one of their awesome reports, this time covering an attack that involved the #BlackSuit ransomware. There was a dash of #CobaltStrike, #SystemBC, some encoded Powershell commands for defense evasion (and to keep you guessing on what the command really is!), LSASS access for credentials, and ultimately led to the ransomware being deployed. This report provides a great example of all the things the adversary needs to do to be successful in an attack and all the information they need from your environment to do it!

Stay tuned for your Threat Hunting Tip of the Day but while you wait, enjoy the article! Happy Hunting!

And I promise you I am not going to take the easy way out and hit you with the AutoRun registry key hunt package again!

BlackSuit Ransomware
https://thedfirreport.com/2024/08/26/blacksuit-ransomware/

Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

BlackSuit Ransomware

Key Takeaways In December 2023, we observed an intrusion that started with the execution of a Cobalt Strike beacon and ended in the deployment of BlackSuit ransomware. The threat actor leveraged va…

The DFIR Report
securityaffairsAug 15, 2024
#Black #Basta ransomware gang linked to a #SystemBC malware campaign
https://securityaffairs.com/167079/cyber-crime/black-basta-ransomware-systembc-campaign.html
#securityaffairs #hacking
Black Basta ransomware gang linked to a malware campaign

Experts linked an ongoing social engineering campaign, aimed at deploying the malware SystemBC, to the Black Basta ransomware group.

Security Affairs
Trending Tech NieuwsAug 14, 2024
Uw gids voor actueel en betrouwbaar cybersecurity nieuws https://www.trendingtech.news/trending-news/2024/08/28988/uw-gids-voor-actueel-en-betrouwbaar-cybersecurity-nieuws #Cybersecurity nieuws #Datalekken #Cyberaanvallen #Kwetsbaarheden #SystemBC-malware #Trending #News #Nieuws
Uw gids voor actueel en betrouwbaar cybersecurity nieuws

In de complexe wereld van cybersecurity is het essentieel om toegang te hebben tot betrouwbare, actuele informatie. Met meer dan 4,5 miljoen volgers op diverse

Tech Nieuws