433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (727) 493-2351
This month, my DShield sensor captured for the first time this request: /systembc/password.php. I checked back for the past 6 months and only have noticed this request this 5 times this month from 4 different sources. According to some references, this is likely the SystemBC Remote Access Trojan (RAT), all 4 IPs are part of the Digital Ocean ASN and only one has been reported as likely malicious. Several samples have been reported to Any.run this month.
http://news.poseidon-us.com/Stwsts