Benoit ANCELinCSIS TechBlogChapter 1 — From Gozi to ISFB: The history of a mythical malware family.Illustrating ISFBs journey from the early start over the leak of Gozi 1 to their recent mutation into LDR4 and its relations to other…Oct 24, 2022Oct 24, 2022
Benoit ANCELinCSIS TechBlogAn inside view of domain anonymization as-a-service — the BraZZZerSFF infrastructureOne, if not the main, challenge with producing good intelligence is to have access to the right information at the right moment. The right…Aug 8, 2022Aug 8, 2022
Benoit ANCELinCSIS TechBlogThe Nemty affiliate modelAlmost a year after the end of the operations of Nemty ransomware, we are going to try here to present some internal details of their…Jan 25, 20211Jan 25, 20211
Benoit ANCELinCSIS TechBlogGCleaner, Garbage provider since 2019How malware actually ends up on millions of endpointsJan 18, 2021Jan 18, 2021
Benoit ANCELinCSIS TechBlogThe end of Dreambot? Obituary for a loved piece of GoziDreambot seems to finally be out of service after +6 years of activity. The back-end servers of the botnet are down for a few weeks now…May 1, 2020May 1, 2020
Benoit ANCELinCSIS TechBlogInstallCapital — When AdWare Becomes Pay-per-Install Cyber-Crime.Traffic exchange is probably one of the oldest types of grey-hat business on the Internet. Different companies compete to buy or resell…Feb 7, 2020Feb 7, 2020