In this post, we’ll look at Viper’s widespread use across countries and ASNs, detail some approaches to detecting its login pages, and discuss other tools used alongside Viper, such as Cobalt Strike, Sliver, and Yakit. Furthermore, our scanning efforts indicate that over half of the Viper infrastructure observed by Hunt is hosted on Tencentandapos;s servers, predominantly utilizing the default port of 60000.
Disclaimer: This article is part of X-Force OSINT Advisories automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Reference:
https://hunt.io/blog/into-the-vipers-nest-observations-from-hunts-scanning
Sample Indicators of Compromise:
124.71.84.658.210.32.15www.microsoftupdate.fun43.139.67.72185.230.228.136
