Top Tweets for #SystemBC
The Gentlemen RaaS grows rapidly in 2026, targeting 320+ victims with multi-OS lockers in Go & C, using SystemBC and Cobalt Strike to control a 1,570+ host botnet via GPO deployment and lateral movement. #TheGentlemen #SystemBC #MalwareAnalysis
https://t.co/gdkxNpUiYe
In May 2024, #OperationEndgame took down multiple malware families. Europol called it the “largest ever operation against botnets, which play a major role in the deployment of ransomware.” https://t.co/sbrSDg34Xz
#IcedID #Bumblebee #SystemBC #Pikabot #SmokeLoader
![Jane_0sint's tweet photo. Written on GO #Proxy #malware "COMMAND RAKETA" on ex.#SystemBC server network traffic details
towerbingobongoboom[.]com:8080
https://t.co/7jKwULIGsv https://t.co/lDf2JGqnVA](https://pbs.twimg.com/media/Gpt-IcrWkAAX9H0.jpg)
3⃣PowerShell IEX, TA attempted to download Cobalt Strike payload from continental-contact-center.]com.
4⃣PowerShell IEX, TA downloaded #SystemBC connecting with 📡88.214.25.]251
5⃣Additional activity included writing RMM AnyDesk and SoftEther VPN.
Another day, another #Amadey 📅👀 This time dropping #SystemBC ⤵️
Amadey botnet C2:
📡cobolrationumelawrtewarms .com
📡107.189.27.66 (AS14956 ROUTERHOSTING 🇳🇱)
Dropping SystemBC from the following URL:
🌐https://t.co/8bqwLduYeV
SystemBC payload:
📄https://t.co/Gj6LAxkLaU
SystemBC botnet C2:
📡towerbingobongoboom .com
📡213.209.150.137:4086 (AS42821 RAPIDNET 🇩🇪)
🚨 #SystemBC malware is evolving.
Previously a Windows-only #RAT, it's now targeting Linux via #phishing & exploit kits. Attackers use it to evade detection, deploy #ransomware, & steal data.
🔍 Track samples & stay ahead with PolySwarm. Learn more: https://t.co/ZTOQEYYf8d
☠️ Fake online shops stealing payment credentials, Linux version of #SystemBC #RAT, and YouTube #phishing redirects
Check out analysis of the most dangerous #cyberthreats of January 2025 👇
https://t.co/z3ebDi0vM9
🚨 ALERT: A new #SystemBC #RAT is targeting Linux-based platforms – #ExploreWithANYRUN
The Linux variant of SystemBC proxy implant is potentially designed for internal corporate services. It is commonly used to target corporate networks, cloud servers, and even #IoT devices
⚙️ A proxy implant within a victim's infrastructure is a crucial tool for attackers, allowing for lateral movement and pivoting without deploying additional detectable tools, further evading detection on the host
⚠️ This version is more stealthy and far more dangerous. Samples do not have clear family detection by security vendors
💡 This Remote Access #Trojan is designed to maintain encrypted communication with #C2 servers, using the same custom protocol, ensuring connection to a unified infrastructure of both Windows and Linux implants.
👨💻 To respond effectively, use #ANYRUN’s Linux VM and quickly detect #malicious communication with in-depth network traffic insights, powered by advanced #Suricata rules made by our experts
Take a look at the Linux version analysis:
https://t.co/z8uWTqWTyp
#IOCs:
cluster[.]amazonaws[.]work
0e1b714ff0ea13e64b302c48cb12c9bf
3d544d6b9086da758f17149cf1ac2e81
8601c30e1c5ba28541c8b164a879bfcb
a1cc04b62c048cdbb25d027ab5dea111
🔍 Decrypted traffic and configuration analysis of SystemBC: Linux vs. Windows
🐧 Linux traffic: https://t.co/soxHrx7Qtb
🪟 Windows traffic:
https://t.co/DNM390osIu
🐧 Linux config:
https://t.co/5eW6vNwtXK
🪟 Windows config:
https://t.co/8tdDIWtYJ7
More samples analyzed in #ANYRUN Interactive Sandbox:
https://t.co/5dZoUg9z2W
https://t.co/0aGe3nkom0
https://t.co/fqBuYRjCxL
🔍 Use this TI Lookup search query to find more sandbox sessions and improve the precision and efficiency of your organization's security response:
https://t.co/d0tSv28pAC
Analyze latest malware and #phishing threats with #ANYRUN 🚀
![anyrun_app's tweet photo. 🚨 ALERT: A new #SystemBC #RAT is targeting Linux-based platforms – #ExploreWithANYRUN
The Linux variant of SystemBC proxy implant is potentially designed for internal corporate services. It is commonly used to target corporate networks, cloud servers, and even #IoT devices
⚙️ A proxy implant within a victim's infrastructure is a crucial tool for attackers, allowing for lateral movement and pivoting without deploying additional detectable tools, further evading detection on the host
⚠️ This version is more stealthy and far more dangerous. Samples do not have clear family detection by security vendors
💡 This Remote Access #Trojan is designed to maintain encrypted communication with #C2 servers, using the same custom protocol, ensuring connection to a unified infrastructure of both Windows and Linux implants.
👨💻 To respond effectively, use #ANYRUN’s Linux VM and quickly detect #malicious communication with in-depth network traffic insights, powered by advanced #Suricata rules made by our experts
Take a look at the Linux version analysis:
https://t.co/z8uWTqWTyp
#IOCs:
cluster[.]amazonaws[.]work
0e1b714ff0ea13e64b302c48cb12c9bf
3d544d6b9086da758f17149cf1ac2e81
8601c30e1c5ba28541c8b164a879bfcb
a1cc04b62c048cdbb25d027ab5dea111
🔍 Decrypted traffic and configuration analysis of SystemBC: Linux vs. Windows
🐧 Linux traffic: https://t.co/soxHrx7Qtb
🪟 Windows traffic:
https://t.co/DNM390osIu
🐧 Linux config:
https://t.co/5eW6vNwtXK
🪟 Windows config:
https://t.co/8tdDIWtYJ7
More samples analyzed in #ANYRUN Interactive Sandbox:
https://t.co/5dZoUg9z2W
https://t.co/0aGe3nkom0
https://t.co/fqBuYRjCxL
🔍 Use this TI Lookup search query to find more sandbox sessions and improve the precision and efficiency of your organization's security response:
https://t.co/d0tSv28pAC
Analyze latest malware and #phishing threats with #ANYRUN 🚀](https://pbs.twimg.com/media/GiYM4y_WkAI9zgD.jpg)
![naumovax's tweet photo. 🌐Interesting C2 communication of the proxy #backdoor #SystemBC :
➡️1st TCP stream: 4 bytes request & 4 bytes response
➡️2nd stream: 40 bytes request
C2: 78.41.139[.]3:[4000,4739,5152,5337,5338,5339,5348..]
https://t.co/KVq9C6yyBa
https://t.co/95pKnY0ymr
https://t.co/9d2NIwnzfT https://t.co/JuKE4cfCbK](https://pbs.twimg.com/media/GffTdLpXEAAYyln.jpg)
4 /⚠️ Entangled Ransomware Networks:
💥Further pivots on the same fingerprint uncovered IP 141.98.82.225 linked to #Play Ransomware Group and activity with #Smokeloader, #Redline, and #SystemBC !
💥#BlackBasta Group’s presence at IP 179.60.149.235 was also detected, previously reported by #Bridewell.
💥IP 147.78.47.178 traced directly to #BlackSuit Ransomware, as reported in the recent #DFIR report !
All under the same ssh fingerprint!!🕵️♂️
"AESUMON SOFTWARE Incorporated" (@globalsign given cert) signed, close to FUD "AntispamConnectUS.exe" sample: c69ab262ac3f73277c4b9a777a408f57feb618e2e00bc2e66e8d97274083c742
Our report sheds light on how the #RasS program works, a breakdown of their TTPs using #SystemBC, #CobaltStrike and different scanning tools, and an in-depth analysis of their ransom variants. #ThreatIntel #DFIR
#Black #Basta ransomware gang linked to a #SystemBC malware campaign
https://t.co/ynmaWs0qL5
#securityaffairs #hacking
#Black #Basta ransomware gang linked to a #SystemBC malware campaign
https://t.co/ynmaWs0qL5
#securityaffairs #hacking
#ThreatProtection: #Ngrok, #SystemBC, #Sliver, and #PoshC2 leveraged by threat actors to compromise both Windows and Linux systems, read more about Symantec's protection: https://t.co/0G5cYje8yp #CyberSecurity
Last Seen Hashtags on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers