James_inthe_boxApr 21, 2025

#malware #opendir ultimately #venomrat + #hvnc:

https://carltonsfile\.com/mor1/ -> https://paste\.ee/d/c7nSA2yM/0

c2: 109.248.144.175:4449

4541fd01a19f1e484f24eff86f42ac36ea9b30686fd405ca0a50f3e517657a61

Show threadJames_inthe_boxFeb 20, 2025

Ultimately #asyncrat and #hvnc:

mathewhvnc.twilightparadox\.com
kjhvnc.duckdns\.org
rtasyn.duckdns\.org
asyncyam.twilightparadox\.com

FunesAug 16, 2024

Been keeping an eye on this registrant registering DGA domains used for #socgholish payloads for a minute and noticed recently they were registering names outside of the usual random format.

These follow a pattern typical of their other next-stage payload servers where they redirect to Google if you navigate to the root dir:
getazurecommand[.]icu
azuregetrequest[.]icu
get-azurecommand[.]icu -> 67.217.228[.]186
azure-getrequest[.]icu -> 64[.]52.80.211

However these host a login page for an #hvnc service called #hvnc_blazor :
testmyws24[.]top -> 23.163.0[.]56
newrelayws24[.]top -> 5.161.234[.]18
testmyrelay[.]top
ws2424[.]top -> 168.100.11[.]52

#ioc #threatintel

mecambioaMac Aug 2, 2023

La empresa de ciberseguridad israelí Guardz identifica el nuevo malware hVNC para macOS

#malware #macOS #hvnc #CyberSecurity #Guardz

https://mecambioamac.com/guardz-identifica-el-nuevo-malware-hvnc-de-macos/

Guardz identifica el nuevo malware hVNC de macOS

Por segunda vez en un mes, el equipo de investigación de la empresa de ciberseguridad isarelí Guardz revela la existencia

mecambioaMac
Tarnkappe.infoMay 2, 2023
📬 Lobshot Malware erlaubt versteckten Fernzugriff auf Windows
#Krypto #Malware #AnyDesk #DLL #GoogleAds #hVNC #KryptoWallets #Lobshot #VNC https://tarnkappe.info/artikel/krypto/lobshot-malware-erlaubt-versteckten-fernzugriff-auf-windows-273916.html
Lobshot Malware erlaubt versteckten Fernzugriff auf Windows

Dank eines hVNC-Moduls können Angreifer einen mit der Lobshot-Malware infizierten Windows-Rechner unbemerkt aus der Ferne steuern.

Tarnkappe.info
securityaffairsMay 2, 2023
New #Lobshot #hVNC #malware spreads via #Google ads
https://securityaffairs.com/145597/malware/lobshot-malware-hvnc.html
#securityaffairs #hacking
New Lobshot hVNC malware spreads via Google ads

The previously undetected LOBSHOT malware is distributed using Google ads and gives operators VNC access to Windows devices. Researchers from Elastic Security Labs spotted a new remote access trojan dubbed LOBSHOT was being distributed through Google Ads. Threat actors are using an elaborate scheme of fake websites through Google Ads to spread their malware, the […]

Security Affairs