Join Team Cymru for an in-depth webinar on Raccoon Stealer with host Josh Hopkins, S2 Threat Research Lead, on Friday, September 22, 2023, at 12:00 PM noon EST.

From proactively hunting for unknown attacker infrastructure to placing the exploitation of vulnerabilities on a timeline often obscured by significant spikes in activity, we'll explore ways to enrich our understanding of the threat landscape beyond that shared in threat feeds and reports.

Key elements of the Raccoon infrastructure identified, including the likely location of victim data storage, a Tor.onion control panel, and a Telegram update server. Providing a snapshot into threat actor TTPs with regards to ‘internal’ architecture.

Pivoting from these key elements identified threat actor infrastructure located in Kharkiv, Ukraine, likely used to operate the service (MaaS).

Attribution of the CC2BTC marketplace to the Raccoon operators, a business model that allowed the threat actors to profit twice from the theft of victim data.