prometei

  • An 8-year-old modular botnet is still kicking, spreading a cryptojacker and Web shell on machines spread across multiple continents.

    Read More

  • On the 31 Dec 2023, after trying multiple username/password combination, actor using IP 194.30.53.68 successfully loging to the honeypot and uploaded eight files where 2 of them are protected with a 7zip password (updates1.7z & updates2.7z). Some of  these files have been identified to be related to the Prometei trojan by Virustotal. The file sqhost.exe [6] was last found…

    Read More