grep -rl "Shodan" ./posts

#Shodan

1 match

One Tweet, Sixteen Servers: Pivoting the Chopi RAT Vishing Operation

A WsgiDAV opendir gave me staging payloads and a leaked debug log. AES config RE confirmed all six C2 IPs and the full encrypted capability set. PE build timestamp forensics revealed two back-to-back build sessions; the operator's dropper cluster leaked their build-system path on VirusTotal. Neo4j graph of 70 nodes across 3 cloud providers. YARA rules included.

2026-06-30 · 32 min

← back to listing