SYMBOLCOMMON_NAMEaka. SYNONYMS
py.n3cr0m0rph (Back to overview)

N3Cr0m0rPh

aka: FreakOut

An IRC bot written in (obfuscated) Python code. Distributed in attack campaign FreakOut, written by author Freak/Fl0urite and development potentially dating back as far as 2015.

References
2021-03-18360 netlabJinye, YANG XU
@online{jinye:20210318:necro:e22f5c1, author = {Jinye and YANG XU}, title = {{Necro upgrades again, using Tor + dynamic domain DGA and aiming at both Windows & Linux}}, date = {2021-03-18}, organization = {360 netlab}, url = {https://blog.netlab.360.com/necro-upgrades-again-using-tor-dynamic-domain-dga-and-aiming-at-both-windows-linux/}, language = {English}, urldate = {2021-03-19} } Necro upgrades again, using Tor + dynamic domain DGA and aiming at both Windows & Linux
N3Cr0m0rPh
2021-03-18Github (lacework)lacework-labs
@online{laceworklabs:20210318:dga:9b57724, author = {lacework-labs}, title = {{DGA and decoder scripts for n3cr0morph IRC malware}}, date = {2021-03-18}, organization = {Github (lacework)}, url = {https://github.com/lacework/lacework-labs/tree/master/keksec}, language = {English}, urldate = {2021-03-25} } DGA and decoder scripts for n3cr0morph IRC malware
N3Cr0m0rPh
2021-03-18laceworkChris Hall
@online{hall:20210318:kek:94c6e57, author = {Chris Hall}, title = {{The “Kek Security” Network}}, date = {2021-03-18}, organization = {lacework}, url = {https://www.lacework.com/the-kek-security-network/}, language = {English}, urldate = {2021-03-19} } The “Kek Security” Network
Kaiten N3Cr0m0rPh
2021-03-04360 netlabJinye
@online{jinye:20210304:gafgtyttor:ba71f67, author = {Jinye}, title = {{Gafgtyt_tor and Necro are on the move again}}, date = {2021-03-04}, organization = {360 netlab}, url = {https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/}, language = {English}, urldate = {2021-03-06} } Gafgtyt_tor and Necro are on the move again
Bashlite N3Cr0m0rPh
2021-01-21NetlabJinye
@online{jinye:20210121:necropyinstallerdga:895bc13, author = {Jinye}, title = {{Necro在频繁升级,新版本开始使用PyInstaller和DGA}}, date = {2021-01-21}, organization = {Netlab}, url = {https://blog.netlab.360.com/not-really-new-pyhton-ddos-bot-n3cr0m0rph-necromorph/}, language = {Chinese}, urldate = {2021-01-25} } Necro在频繁升级,新版本开始使用PyInstaller和DGA
N3Cr0m0rPh
2021-01-19CheckpointOmer Ventura, Ori Hamama
@online{ventura:20210119:freakout:f2db200, author = {Omer Ventura and Ori Hamama}, title = {{FreakOut – Leveraging Newest Vulnerabilities for creating a Botnet}}, date = {2021-01-19}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/}, language = {English}, urldate = {2021-01-21} } FreakOut – Leveraging Newest Vulnerabilities for creating a Botnet
N3Cr0m0rPh

There is no Yara-Signature yet.