New activity of DoubleGuns Group, control hundreds of thousands of bots via public cloud service
released on 2020-05-26 @ 05:45:34 PM
Recently, our DNS data based threat monitoring system DNSmon flagged a suspicious domain pro.csocools.com. The system estimates the scale of infection may well above hundreds of thousands of users. By analyzing the related samples and C2s,
We traced its family back to the ShuangQiang (double gun) campaign, in the past, this campaign has been exposed by multiple security vendors, but it has revived and come back with new methods and great force.