SystemBC Malware Activity , (Sun, Aug 20th)

This post was originally published on this site

This month, my DShield sensor captured for the first time this request: /systembc/password.php. I checked back for the past 6 months and only have noticed this request this 5 times this month from 4 different sources. According to some references, this is likely the SystemBC Remote Access Trojan (RAT), all 4 IPs are part of the Digital Ocean ASN and only one has been reported as likely malicious. Several samples have been reported to this month. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.