Hunting New C2 Frameworks
ID: cffa7547-fd9e-57b0-8aa3-59cecfe56646
STIX ID: report--cffa7547-fd9e-57b0-8aa3-59cecfe56646
Feed Name: On the Hunt
This intelligence brief describes the discovery and technical analysis of two previously undocumented C2 frameworks: ZShell (Windows-oriented, featuring JWT-authenticated APIs, WebSocket beaconing, multiple AV-evasion stager templates, advanced PE execution modes, signing/disguise and broad persistence) and an Android banking/crypto-focused C2 that leverages Accessibility service abuse, automated overlay injection, stealth commands (e.g., screen blackout, silent screenshots), and multi-tenant "criminal SaaS" functionality; the author lists hosting IPs, extracts IOCs, and introduces C2 Hunter to track and publish sightings.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.