216.73.216.6

Unveiling RevC2 and Venom Loader

· Published 10/12/2024 13:45 · Modified 10/12/2024 14:04

Export JSON

Essential information

Published
10/12/2024 13:45
Modified
10/12/2024 14:04
Tags
2024-12-10 revc2 terrastealer venom loader venomlnk
Related entities
11 observables, 1 intrusion sets (apt), 11 techniques (mitre), 7 malware

Description

Between August and October 2024, two new malware families, and , were deployed using Venom Spider's Malware-as-a-Service tools. uses WebSockets for C2 communication and can steal cookies and passwords, proxy network traffic, and enable remote code execution. is customized for each victim, using the computer name to encode the payload. The first campaign used an API documentation lure to deliver , while the second campaign used a cryptocurrency transaction lure to deliver and Retdoor, a JavaScript backdoor. Both campaigns demonstrate sophisticated attack chains and highlight the evolving threat landscape.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references