Ben H

https://echo01409.github.io//Ben HA minimal, responsive and feature-rich Jekyll theme for technical writing. 2026-04-03T13:37:50+01:00 Ben Hopkins https://echo01409.github.io// Jekyll © 2026 Ben Hopkins /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png Mustang Panda - When Operationalising IoCs Don't Go To Plan2026-01-28T00:00:00+00:00 2026-01-28T00:00:00+00:00 https://echo01409.github.io//posts/mustang-panda/ Ben Hopkins

Overview Recently I’ve been looking to improve my threat actor infrastructure tracking capabilities, and dust off my IOC pivoting skills—given I’ve spent considerable time lately building infrastructure as code and exploring AI capabilities rather than pure threat analysis full time. To that end, I found a great writeup by Kaspersky where they explored one of the latest campaigns conducted by ...

XenoRAT - Builder Analysis2026-01-24T00:00:00+00:00 2026-01-24T00:00:00+00:00 https://echo01409.github.io//posts/xenorat/ Ben Hopkins

Overview So, its been a few weeks since I’ve done any analysis given we’ve just come off the christmas break. Before then, I was neck deep into North Korean malware. Coming off the back of Christmas, I wanted to warm myself back up and get this blog rolling properly. I routinely scan dark web sources for new remote access trojan (RAT) leaks, data leaks, and any high quality information that I ...

Return of the Phemedrone Stealer - Part Two2025-07-13T00:00:00+01:00 2025-07-13T00:00:00+01:00 https://echo01409.github.io//posts/phenedrome-part-2/ Ben Hopkins

Overview In the last blog, I covered a campaign that was being conducted by a cybercriminal using the Phenedrome stealer, which hasn’t been seen in a while. In the last blog, I covered the fake AnyDesk website stood up by the threat actor, and how that was used to socially engineer a victim into downloaded a loader for Phenedrome. If you want to read that blog first, feel free to go to the lin...

Return of the Phemedrone Stealer - Part One2025-06-20T00:00:00+01:00 2025-06-20T00:00:00+01:00 https://echo01409.github.io//posts/phenedrome-part-1/ Ben Hopkins

Overview A few days ago, I was scrolling X (formally Twitter) where I follow other people in the cyber community, and came across a post about a threat actor impersonating the AnyDesk website to socially engineer victims into downloading malware. AnyDesk is a remote mangement and monitoring (RMM) tool that has platform-independant remote access solutions that IT support can use to service user...

Async RAT - Analysis2025-02-15T00:00:00+00:00 2025-06-15T16:54:38+01:00 https://echo01409.github.io//posts/async-rat/ Ben Hopkins

Overview AsyncRAT is a remote access trojan (RAT) built to remotely monitor and control other computers through a secure, encrypted connection. The name “AsyncRAT” comes from its core functionality—’async’ means it performs its operations asynchronously, which means it is capable of executing several tasks simultaneously. AsyncRAT has been observed as being bought, sold, and deployed for years...