SYMBOLCOMMON_NAMEaka. SYNONYMS
py.n3cr0m0rph (Back to overview)

N3Cr0m0rPh

aka: FreakOut, Necro

An IRC bot written in (obfuscated) Python code. Distributed in attack campaign FreakOut, written by author Freak/Fl0urite and development potentially dating back as far as 2015.

References
2021-10-13laceworkLacework Labs
“Spytech Necro” – Keksec’s Latest Python Malware
N3Cr0m0rPh
2021-10-11JuniperPaul Kimayong
Necro Python Botnet Goes After Vulnerable VisualTools DVR
N3Cr0m0rPh
2021-06-10laceworkChris Hall
Keksec & Tsunami-Ryuk
N3Cr0m0rPh
2021-06-04Bleeping ComputerSergiu Gatlan
FreakOut malware worms its way into vulnerable VMware servers
N3Cr0m0rPh
2021-06-03TalosCaitlin Huey, Kendall McKay, Vanja Svajcer
Necro Python bot adds new exploits and Tezos mining to its bag of tricks
N3Cr0m0rPh
2021-05-15Twitter (@xuy1202)YANG XU
Tweet on Necro using hardcoded onion address as a gateway for TOR CC
N3Cr0m0rPh
2021-05-11Twitter (@xuy1202)YANG XU
Tweet on necro's new DGA
N3Cr0m0rPh
2021-03-18360 netlabJinye, YANG XU
Necro upgrades again, using Tor + dynamic domain DGA and aiming at both Windows & Linux
N3Cr0m0rPh Keksec
2021-03-18Github (lacework)lacework-labs
DGA and decoder scripts for n3cr0morph IRC malware
N3Cr0m0rPh
2021-03-18laceworkChris Hall
The “Kek Security” Network
Kaiten N3Cr0m0rPh
2021-03-04360 netlabJinye
Gafgtyt_tor and Necro are on the move again
Bashlite N3Cr0m0rPh Keksec
2021-01-22360 netlabJinye
Necro is going to version 3 and using PyInstaller and DGA
N3Cr0m0rPh
2021-01-21NetlabJinye
Necro在频繁升级,新版本开始使用PyInstaller和DGA
N3Cr0m0rPh
2021-01-19CheckpointOmer Ventura, Ori Hamama
FreakOut – Leveraging Newest Vulnerabilities for creating a Botnet
N3Cr0m0rPh

There is no Yara-Signature yet.