Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
A threat actor exploited an unpatched Confluence server using CVE-2023-22527, gaining initial access. They used Metasploit for command and control, then installed AnyDesk for persistent remote access. The attacker performed extensive network discovery, attempted privilege escalation using various techniques, and harvested credentials with tools like Mimikatz. They moved laterally using compromised domain admin credentials, accessing multiple systems via RDP and WMI. The intrusion culminated in the deployment of ELPACO-team ransomware, a Mimic variant, on key servers approximately 62 hours after initial access. While ransomware was deployed and some logs deleted, no significant data exfiltration was observed.
AI Analysis
Technical Summary
This threat involves a sophisticated ransomware attack executed by the ELPACO-team adversary targeting unpatched Atlassian Confluence servers via the CVE-2023-22527 vulnerability. The initial compromise is achieved by exploiting this known vulnerability in Confluence, which allows remote code execution on vulnerable servers. Following initial access, the attacker leveraged Metasploit frameworks for command and control operations, enabling remote execution and control over the compromised environment. To maintain persistence, the attacker installed AnyDesk, a legitimate remote desktop application, which facilitates stealthy long-term access. The attacker conducted extensive internal reconnaissance to map the network and identify valuable targets. Privilege escalation was attempted using multiple techniques, including credential harvesting with Mimikatz, a well-known tool for extracting plaintext credentials and hashes from memory. Using harvested domain administrator credentials, the attacker moved laterally across the network via Remote Desktop Protocol (RDP) and Windows Management Instrumentation (WMI), gaining control over multiple critical systems. Approximately 62 hours after initial access, the attacker deployed ELPACO-team ransomware, a variant of the Mimic ransomware family, on key servers. The ransomware encrypted files to disrupt operations and demanded ransom payments. The attacker also deleted some logs to hinder forensic investigations. Notably, no significant data exfiltration was observed during this intrusion, indicating the primary objective was disruption and ransom rather than data theft. The attack chain demonstrates a high level of operational sophistication, combining exploitation of a known vulnerability, use of legitimate tools for persistence and lateral movement, and deployment of ransomware to maximize impact.
Potential Impact
For European organizations, this threat poses a significant risk to operational continuity, particularly for those relying on Atlassian Confluence for collaboration and documentation. The exploitation of an unpatched Confluence server can lead to full network compromise, enabling attackers to encrypt critical data and disrupt business processes. The use of legitimate tools like AnyDesk and Metasploit complicates detection and response efforts. The lateral movement using domain admin credentials increases the scope of impact, potentially affecting multiple systems and services. Although no data exfiltration was observed in this case, the deletion of logs impedes incident response and forensic analysis, prolonging recovery times. Organizations in sectors with high reliance on Confluence, such as technology, finance, and government, may face severe operational disruptions, reputational damage, and financial losses due to ransom payments or downtime. Additionally, the attack highlights the risk of unpatched vulnerabilities and the need for robust internal monitoring to detect lateral movement and credential theft. Given the ransomware nature, availability is primarily impacted, but confidentiality and integrity are also at risk due to credential harvesting and potential unauthorized access.
Mitigation Recommendations
1. Immediate patching of all Confluence servers to remediate CVE-2023-22527 and related vulnerabilities is critical. 2. Implement strict network segmentation to limit lateral movement, especially restricting RDP and WMI access to essential systems only. 3. Deploy and enforce multi-factor authentication (MFA) for all administrative and remote access accounts to reduce the risk of credential misuse. 4. Monitor for the installation and use of remote access tools like AnyDesk, especially if not authorized, using endpoint detection and response (EDR) solutions. 5. Enhance logging and ensure log integrity by forwarding logs to centralized, tamper-resistant systems to prevent deletion or alteration by attackers. 6. Conduct regular credential audits and implement privileged access management (PAM) to minimize exposure of domain admin credentials. 7. Utilize behavioral analytics to detect unusual network discovery activities and lateral movement patterns indicative of attacker reconnaissance. 8. Maintain offline, tested backups of critical data to enable recovery without paying ransom. 9. Conduct regular security awareness training focusing on recognizing lateral movement and persistence techniques. 10. Employ threat hunting exercises specifically targeting known tools like Mimikatz and Metasploit usage within the environment.
Affected Countries
Germany, United Kingdom, France, Netherlands, Sweden, Italy
Indicators of Compromise
- ip: 45.227.254.124
- cve: CVE-2020-1472
- cve: CVE-2021-34527
- cve: CVE-2023-22518
- cve: CVE-2023-22527
- hash: 09ba9214257381231934a0115d7af8be
- hash: 0a50081a6cd37aea0945c91de91c5d97
- hash: 127fe6658efb06e77b674fdb9db7d6d5
- hash: 1b1e95ea1d26da394688f4c8883721d1
- hash: 30a6cd2673ef5b2cb18f142780a5b4a3
- hash: 35893c46af1af2089498b062379c039f
- hash: 3e872ca0ac6261b85dd9524a8f3a83db
- hash: 3f7d6e5a541aad1a52beb823f1576f6a
- hash: 44c031e3c922e711f7e3784f6d90b10f
- hash: 47e001253af2003985f15282cdc90a1c
- hash: 53e2e8ce119e2561bb6065b1a42f1085
- hash: 54daad58cce5003bee58b28a4f465f49
- hash: 597de376b1f80c06d501415dd973dcec
- hash: 6fbf6350c52d2f2e6f61530d05148562
- hash: 77ef2cad0de20482a6bb6cfcdc5d94d1
- hash: 91625f7f5d590534949ebe08cc728380
- hash: 92fd70f19771360bd820091025107382
- hash: 96a1e516cef1ff4791d8785886d56cce
- hash: 96ec8798bba011d5be952e0e6398795d
- hash: 96fc8c743f6ba38a69bf866b7fa9e4d1
- hash: 9a875116622272a7f0fb32ce6cc12040
- hash: a75de4c4fd88d94642ad30310c641252
- hash: be8f00c11010e4e6078d383026833c07
- hash: c9bc430ea5bd0289cf3a6acdb69efac4
- hash: e703ffdf065094f30b8b9c107a64736b
- hash: e7aa5608c81ba4fcd8d166501b90fc06
- hash: ee8d08b380bf3d3fe9961a0ab428549f
- hash: f635d1c916a7c56678f08d1d998e7ce4
- hash: 02c264691764f3c7ab9492dcb443e52b0ee66229
- hash: 1217a97009eb86249e6c8010d3024f050f62c40d
- hash: 162b08b0b11827cc024e6b2eed5887ec86339baa
- hash: 1e0ec6994400413c7899cd5c59bdbd6397dea7b5
- hash: 238424b26da6e53738aa28a46ba007a195ad608c
- hash: 241f9d2495b0b437813d8cf31fe4e4de8be203ec
- hash: 32f9259285bb3425b67633d73bc74b93859f40a7
- hash: 35ff55bcf493e1b936dc6e978a981ee2a75543a1
- hash: 4790bde7c2d233c07165caaab0f5b7d69a60c950
- hash: 5bef86615c8bd715c794505127a6d5245bba9206
- hash: 5c714fda5b78726541301672a44eaf886728f88c
- hash: 5f13d476e9fabdf2ac6f805a98d62f3027c473c2
- hash: 629c9649ced38fd815124221b80c9d9c59a85e74
- hash: 69519da0edeb9ad6ed739982a05b638d3fee20fb
- hash: 6ee6664df9bfb47d97090492b6cde68bf056a42a
- hash: 7314f85595ab4496abe02c48b476f57cb6b96804
- hash: 755309c6d9fa4cd13b6c867cde01cc1e0d415d00
- hash: 79d3fbde198ffa575904998b92285e3815a860c2
- hash: 8900b1ef864eb390bf99b801d78a0b8dbd5d90b6
- hash: 89e3247d2940d78ab13f060761f0c79afa806f39
- hash: 9e22f5e394ffd8df94b1601fe73f2ae14df731ba
- hash: af7c73c47c62d70c546b62c8e1cc707841ec10e3
- hash: b8551ef02737bc7801d2077d7d8aca168eb79b0d
- hash: bf1b0ab5a2c49bde5b5dbe828df3e69af5d724c2
- hash: d01f72d0a4609be76a83ac76a760485d29be854b
- hash: dda90a452cc1540657606e5d40d304b1e58da751
- hash: f46fa1fbab35f0d697ea896e81c4504de0487e57
- hash: f7e11585ee968ad256be5a2e4c43a73c07034759
- hash: 085ad59bb8d32981ea590a7884da55d4b0a3f5e89a9632530c0c8ef2f379e471
- hash: 0b83f2667abff814bb724808c404396e6ad417591165f1762a8e99ec108d4996
- hash: 14f0c4ce32821a7d25ea5e016ea26067d6615e3336c3baa854ea37a290a462a8
- hash: 15348e1401fe18b83e30a7e7f6b4de40b9981a0e133c22958324a89c188f2c49
- hash: 22436fe549d791caa3007b567d28d51c8c75869519019c40564af4de53490fa2
- hash: 28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063
- hash: 2c656109db6d2059c41a50e623ceb5e656ff764c44b1e1dbf41131f0206f8238
- hash: 36d3b20e9380aaaac9151280b4ac3e047a0871efbb158f04344946ff67176a48
- hash: 3c300726a6cdd8a39230f0775ea726c2d42838ac7ff53bfdd7c58d28df4182d5
- hash: 3e92ca5b4069eba89d9fcfd7885924282fdf6ca26d0ff8d0502973d9c9bc1fef
- hash: 4f4864a1d5f19a3c5552d80483526f3413497835549dce8c61fef116b666fa09
- hash: 51f2d5fba3d02cba1c99cf2dfd9968b98d0047f501b54b9531e7ad2719706e47
- hash: 5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992
- hash: 6492e765829974c4a636bff0e305261b18eea92fcb1df6fff69890366efc972d
- hash: 6606d759667fbdfaa46241db7ffb4839d2c47b88a20120446f41e916cad77d0b
- hash: 6b93e585479a3c5b9a8edbe2b11a8371cb028e8b196acb1c16a425e8d8530cd7
- hash: 6e5a6629b5ec2eea276fe93553d31f3d23885b214db0a4c2c9201f65180d767f
- hash: 90cdcf54bbaeb9c5c4afc9b74b48b13e293746ee8858c033fc9d365fd4074018
- hash: 9875d1947b8d18974c938721c273d9322fc9af36be96e0ec696daac2929bb802
- hash: 9b1df0db16b3b73fe3549856fb4a74414faecffabee0d001865e05b93dda14ec
- hash: 9e18fcc595d4e158ac7aa9250e45145445b31018b35d6ed91239da2b931b5c37
- hash: a710ed9e008326b981ff0fadb1c75d89deca2b52451d4677a8fd808b4ac0649b
- hash: abbe5619e1d7a08f807b57d0949a7f97108a546a415778f25ed35f31ee2cd2f5
- hash: c3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37
- hash: c7440e621d1c5e90ca4963a4b3b52d27bac05a44248ca88dd51510489d1171bb
- hash: d5746d9f3284dadf60180f7f7332a08895c609520e0c2327918f259d182cbaf6
- hash: e5f985b5a1f4f351616516553295e1224a02219825c35e3c64b55ecdc8a0d699
- hash: f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446
- hash: ff547a7803cd989f9f09a22323ec3f7079266b9a20a07f2c6f353547318ff172
- ip: 109.160.16.68
- ip: 91.191.209.46
- domain: delete.me
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
Description
A threat actor exploited an unpatched Confluence server using CVE-2023-22527, gaining initial access. They used Metasploit for command and control, then installed AnyDesk for persistent remote access. The attacker performed extensive network discovery, attempted privilege escalation using various techniques, and harvested credentials with tools like Mimikatz. They moved laterally using compromised domain admin credentials, accessing multiple systems via RDP and WMI. The intrusion culminated in the deployment of ELPACO-team ransomware, a Mimic variant, on key servers approximately 62 hours after initial access. While ransomware was deployed and some logs deleted, no significant data exfiltration was observed.
AI-Powered Analysis
Technical Analysis
This threat involves a sophisticated ransomware attack executed by the ELPACO-team adversary targeting unpatched Atlassian Confluence servers via the CVE-2023-22527 vulnerability. The initial compromise is achieved by exploiting this known vulnerability in Confluence, which allows remote code execution on vulnerable servers. Following initial access, the attacker leveraged Metasploit frameworks for command and control operations, enabling remote execution and control over the compromised environment. To maintain persistence, the attacker installed AnyDesk, a legitimate remote desktop application, which facilitates stealthy long-term access. The attacker conducted extensive internal reconnaissance to map the network and identify valuable targets. Privilege escalation was attempted using multiple techniques, including credential harvesting with Mimikatz, a well-known tool for extracting plaintext credentials and hashes from memory. Using harvested domain administrator credentials, the attacker moved laterally across the network via Remote Desktop Protocol (RDP) and Windows Management Instrumentation (WMI), gaining control over multiple critical systems. Approximately 62 hours after initial access, the attacker deployed ELPACO-team ransomware, a variant of the Mimic ransomware family, on key servers. The ransomware encrypted files to disrupt operations and demanded ransom payments. The attacker also deleted some logs to hinder forensic investigations. Notably, no significant data exfiltration was observed during this intrusion, indicating the primary objective was disruption and ransom rather than data theft. The attack chain demonstrates a high level of operational sophistication, combining exploitation of a known vulnerability, use of legitimate tools for persistence and lateral movement, and deployment of ransomware to maximize impact.
Potential Impact
For European organizations, this threat poses a significant risk to operational continuity, particularly for those relying on Atlassian Confluence for collaboration and documentation. The exploitation of an unpatched Confluence server can lead to full network compromise, enabling attackers to encrypt critical data and disrupt business processes. The use of legitimate tools like AnyDesk and Metasploit complicates detection and response efforts. The lateral movement using domain admin credentials increases the scope of impact, potentially affecting multiple systems and services. Although no data exfiltration was observed in this case, the deletion of logs impedes incident response and forensic analysis, prolonging recovery times. Organizations in sectors with high reliance on Confluence, such as technology, finance, and government, may face severe operational disruptions, reputational damage, and financial losses due to ransom payments or downtime. Additionally, the attack highlights the risk of unpatched vulnerabilities and the need for robust internal monitoring to detect lateral movement and credential theft. Given the ransomware nature, availability is primarily impacted, but confidentiality and integrity are also at risk due to credential harvesting and potential unauthorized access.
Mitigation Recommendations
1. Immediate patching of all Confluence servers to remediate CVE-2023-22527 and related vulnerabilities is critical. 2. Implement strict network segmentation to limit lateral movement, especially restricting RDP and WMI access to essential systems only. 3. Deploy and enforce multi-factor authentication (MFA) for all administrative and remote access accounts to reduce the risk of credential misuse. 4. Monitor for the installation and use of remote access tools like AnyDesk, especially if not authorized, using endpoint detection and response (EDR) solutions. 5. Enhance logging and ensure log integrity by forwarding logs to centralized, tamper-resistant systems to prevent deletion or alteration by attackers. 6. Conduct regular credential audits and implement privileged access management (PAM) to minimize exposure of domain admin credentials. 7. Utilize behavioral analytics to detect unusual network discovery activities and lateral movement patterns indicative of attacker reconnaissance. 8. Maintain offline, tested backups of critical data to enable recovery without paying ransom. 9. Conduct regular security awareness training focusing on recognizing lateral movement and persistence techniques. 10. Employ threat hunting exercises specifically targeting known tools like Mimikatz and Metasploit usage within the environment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware"]
- Adversary
- ELPACO-team
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip45.227.254.124 | — | |
ip109.160.16.68 | — | |
ip91.191.209.46 | — |
Cve
| Value | Description | Copy |
|---|---|---|
cveCVE-2020-1472 | — | |
cveCVE-2021-34527 | — | |
cveCVE-2023-22518 | — | |
cveCVE-2023-22527 | — |
Hash
| Value | Description | Copy |
|---|---|---|
hash09ba9214257381231934a0115d7af8be | — | |
hash0a50081a6cd37aea0945c91de91c5d97 | — | |
hash127fe6658efb06e77b674fdb9db7d6d5 | — | |
hash1b1e95ea1d26da394688f4c8883721d1 | — | |
hash30a6cd2673ef5b2cb18f142780a5b4a3 | — | |
hash35893c46af1af2089498b062379c039f | — | |
hash3e872ca0ac6261b85dd9524a8f3a83db | — | |
hash3f7d6e5a541aad1a52beb823f1576f6a | — | |
hash44c031e3c922e711f7e3784f6d90b10f | — | |
hash47e001253af2003985f15282cdc90a1c | — | |
hash53e2e8ce119e2561bb6065b1a42f1085 | — | |
hash54daad58cce5003bee58b28a4f465f49 | — | |
hash597de376b1f80c06d501415dd973dcec | — | |
hash6fbf6350c52d2f2e6f61530d05148562 | — | |
hash77ef2cad0de20482a6bb6cfcdc5d94d1 | — | |
hash91625f7f5d590534949ebe08cc728380 | — | |
hash92fd70f19771360bd820091025107382 | — | |
hash96a1e516cef1ff4791d8785886d56cce | — | |
hash96ec8798bba011d5be952e0e6398795d | — | |
hash96fc8c743f6ba38a69bf866b7fa9e4d1 | — | |
hash9a875116622272a7f0fb32ce6cc12040 | — | |
hasha75de4c4fd88d94642ad30310c641252 | — | |
hashbe8f00c11010e4e6078d383026833c07 | — | |
hashc9bc430ea5bd0289cf3a6acdb69efac4 | — | |
hashe703ffdf065094f30b8b9c107a64736b | — | |
hashe7aa5608c81ba4fcd8d166501b90fc06 | — | |
hashee8d08b380bf3d3fe9961a0ab428549f | — | |
hashf635d1c916a7c56678f08d1d998e7ce4 | — | |
hash02c264691764f3c7ab9492dcb443e52b0ee66229 | — | |
hash1217a97009eb86249e6c8010d3024f050f62c40d | — | |
hash162b08b0b11827cc024e6b2eed5887ec86339baa | — | |
hash1e0ec6994400413c7899cd5c59bdbd6397dea7b5 | — | |
hash238424b26da6e53738aa28a46ba007a195ad608c | — | |
hash241f9d2495b0b437813d8cf31fe4e4de8be203ec | — | |
hash32f9259285bb3425b67633d73bc74b93859f40a7 | — | |
hash35ff55bcf493e1b936dc6e978a981ee2a75543a1 | — | |
hash4790bde7c2d233c07165caaab0f5b7d69a60c950 | — | |
hash5bef86615c8bd715c794505127a6d5245bba9206 | — | |
hash5c714fda5b78726541301672a44eaf886728f88c | — | |
hash5f13d476e9fabdf2ac6f805a98d62f3027c473c2 | — | |
hash629c9649ced38fd815124221b80c9d9c59a85e74 | — | |
hash69519da0edeb9ad6ed739982a05b638d3fee20fb | — | |
hash6ee6664df9bfb47d97090492b6cde68bf056a42a | — | |
hash7314f85595ab4496abe02c48b476f57cb6b96804 | — | |
hash755309c6d9fa4cd13b6c867cde01cc1e0d415d00 | — | |
hash79d3fbde198ffa575904998b92285e3815a860c2 | — | |
hash8900b1ef864eb390bf99b801d78a0b8dbd5d90b6 | — | |
hash89e3247d2940d78ab13f060761f0c79afa806f39 | — | |
hash9e22f5e394ffd8df94b1601fe73f2ae14df731ba | — | |
hashaf7c73c47c62d70c546b62c8e1cc707841ec10e3 | — | |
hashb8551ef02737bc7801d2077d7d8aca168eb79b0d | — | |
hashbf1b0ab5a2c49bde5b5dbe828df3e69af5d724c2 | — | |
hashd01f72d0a4609be76a83ac76a760485d29be854b | — | |
hashdda90a452cc1540657606e5d40d304b1e58da751 | — | |
hashf46fa1fbab35f0d697ea896e81c4504de0487e57 | — | |
hashf7e11585ee968ad256be5a2e4c43a73c07034759 | — | |
hash085ad59bb8d32981ea590a7884da55d4b0a3f5e89a9632530c0c8ef2f379e471 | — | |
hash0b83f2667abff814bb724808c404396e6ad417591165f1762a8e99ec108d4996 | — | |
hash14f0c4ce32821a7d25ea5e016ea26067d6615e3336c3baa854ea37a290a462a8 | — | |
hash15348e1401fe18b83e30a7e7f6b4de40b9981a0e133c22958324a89c188f2c49 | — | |
hash22436fe549d791caa3007b567d28d51c8c75869519019c40564af4de53490fa2 | — | |
hash28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063 | — | |
hash2c656109db6d2059c41a50e623ceb5e656ff764c44b1e1dbf41131f0206f8238 | — | |
hash36d3b20e9380aaaac9151280b4ac3e047a0871efbb158f04344946ff67176a48 | — | |
hash3c300726a6cdd8a39230f0775ea726c2d42838ac7ff53bfdd7c58d28df4182d5 | — | |
hash3e92ca5b4069eba89d9fcfd7885924282fdf6ca26d0ff8d0502973d9c9bc1fef | — | |
hash4f4864a1d5f19a3c5552d80483526f3413497835549dce8c61fef116b666fa09 | — | |
hash51f2d5fba3d02cba1c99cf2dfd9968b98d0047f501b54b9531e7ad2719706e47 | — | |
hash5748bfb17e662fb6d197886a69df47f1071052c3381eb1c609a2bc5dba8c2992 | — | |
hash6492e765829974c4a636bff0e305261b18eea92fcb1df6fff69890366efc972d | — | |
hash6606d759667fbdfaa46241db7ffb4839d2c47b88a20120446f41e916cad77d0b | — | |
hash6b93e585479a3c5b9a8edbe2b11a8371cb028e8b196acb1c16a425e8d8530cd7 | — | |
hash6e5a6629b5ec2eea276fe93553d31f3d23885b214db0a4c2c9201f65180d767f | — | |
hash90cdcf54bbaeb9c5c4afc9b74b48b13e293746ee8858c033fc9d365fd4074018 | — | |
hash9875d1947b8d18974c938721c273d9322fc9af36be96e0ec696daac2929bb802 | — | |
hash9b1df0db16b3b73fe3549856fb4a74414faecffabee0d001865e05b93dda14ec | — | |
hash9e18fcc595d4e158ac7aa9250e45145445b31018b35d6ed91239da2b931b5c37 | — | |
hasha710ed9e008326b981ff0fadb1c75d89deca2b52451d4677a8fd808b4ac0649b | — | |
hashabbe5619e1d7a08f807b57d0949a7f97108a546a415778f25ed35f31ee2cd2f5 | — | |
hashc3405d9c9d593d75d773c0615254e69d0362954384058ee970a3ec0944519c37 | — | |
hashc7440e621d1c5e90ca4963a4b3b52d27bac05a44248ca88dd51510489d1171bb | — | |
hashd5746d9f3284dadf60180f7f7332a08895c609520e0c2327918f259d182cbaf6 | — | |
hashe5f985b5a1f4f351616516553295e1224a02219825c35e3c64b55ecdc8a0d699 | — | |
hashf47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446 | — | |
hashff547a7803cd989f9f09a22323ec3f7079266b9a20a07f2c6f353547318ff172 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domaindelete.me | — |
Threat ID: 682c992c7960f6956616a0c6
Added to database: 5/20/2025, 3:01:00 PM
Last enriched: 6/19/2025, 5:48:50 PM
Last updated: 8/7/2025, 3:48:32 AM
Views: 25
Related Threats
ThreatFox IOCs for 2025-08-14
MediumOn Going Malvertising Attack Spreads New Crypto Stealing PS1Bot Malware
MediumWhen Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers
HighA Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode
MediumPhantomCard: New NFC-driven Android malware emerging in Brazil
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.