New Blog Post | Phorpiex morphs: How a longstanding botnet thrives in the current threat environment

%3CLINGO-SUB%20id%3D%22lingo-sub-2373050%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Phorpiex%20morphs%3A%20How%20a%20longstanding%20botnet%20thrives%20in%20the%20current%20threat%20environment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2373050%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22JasonCohen1892_0-1621532144011.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F282320i295507235B7B4647%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22JasonCohen1892_0-1621532144011.png%22%20alt%3D%22JasonCohen1892_0-1621532144011.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F05%2F20%2Fphorpiex-morphs-how-a-longstanding-botnet-persists-and-thrives-in-the-current-threat-environment%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPhorpiex%20morphs%3A%20How%20a%20longstanding%20botnet%20persists%20and%20thrives%20in%20the%20current%20threat%20environment%20-%20Microsoft%20Security%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EThe%20Phorpiex%20botnet%20has%20a%20reputation%20for%20being%20simplistic%20and%20lacking%20robustness%2C%20and%20it%20has%20been%20hijacked%20by%20security%20researchers%20in%20the%20past.%20Its%20tactics%2C%20techniques%2C%20and%20procedures%20(TTPs)%20have%20remained%20largely%20static%2C%20with%20common%20commands%2C%20filenames%2C%20and%20execution%20patterns%20nearly%20unchanged%20from%20early%202020%20to%202021.%20To%20support%20its%20expansion%2C%20however%2C%20Phorpiex%20has%20shifted%20some%20of%20its%20previous%20command-and-control%20(C2)%20architecture%20away%20from%20its%20traditional%20hosting%2C%20favoring%20domain%20generation%20algorithm%20(DGA)%20domains%20over%20branded%20and%20static%20domains.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2373050%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%20Defender%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

JasonCohen1892_0-1621532144011.png

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment - ...

The Phorpiex botnet has a reputation for being simplistic and lacking robustness, and it has been hijacked by security researchers in the past. Its tactics, techniques, and procedures (TTPs) have remained largely static, with common commands, filenames, and execution patterns nearly unchanged from early 2020 to 2021. To support its expansion, however, Phorpiex has shifted some of its previous command-and-control (C2) architecture away from its traditional hosting, favoring domain generation algorithm (DGA) domains over branded and static domains.

0 Replies