Go2Tunnel: Remote Access and Network Tunneling Tool
Go2Tunnel is a tool used by Armored Likho for remote access and network tunneling, establishing reverse SSH tunnels to C2 servers. It…
Go2Tunnel is a tool used by Armored Likho for remote access and network tunneling, establishing reverse SSH tunnels to C2 servers. It…
Mapbox is a legitimate mapping service that was abused by ChocoPoC as a dead drop for command and control, using domain-fronting to…
PteroEffigy is a tool used by Gamaredon to fetch the command-and-control server using the GoFile cloud storage service.
GoFile is a cloud storage service used by Gamaredon for C2 server discovery via PteroEffigy.
Microsoft has removed 119 malicious extensions from the Edge Add-ons store that used steganography to hide malware in image and font files.…
SoftEther VPN is an open-source VPN solution that has been co-opted by threat actors like CL-STA-1062 to establish encrypted tunnels for command…
Microsoft has issued a warning about an active phishing campaign targeting hotels and hospitality organizations across Europe and Asia since April 2026.…
TonRAT is a Node.js-based implant used in a phishing campaign targeting hotels. It resolves C2 domains via the TON blockchain API and…
Attackers deployed custom MeshCentral agents disguised as Microsoft Azure binaries for command-and-control.
Tor is an anonymity network. The Atomic Arch stealer uses a Tor onion service for command and control.