Fluxxy Dissection

Botconf 2020
2023-04-25 | 13:30 – 14:00

Matthieu Kaczmarek 🗣

The first reference to Fluxxy is due to N. Summerlin and B. Porter in 2013 [1]. They describe a network of proxy dedicated to cybercrime operations. While this rogue hosting service has been running for nine years, its intelligence coverage remains low. Fluxxy is a notorious bulletproof hosting network that has been in operation for ten years. Notably, many high-end cyber-crime actors were or are still Fluxxy customers such as Nymaim, GandCrab, TheFreshstuff, or UncleSam. Rival to Avalanche, its design is more evolved and gained traction after the takedown of the Avalanche botnet. Fluxxy has been named Dark cloud, SandiFlux, or Furtim in different research. However, detailed intel on its inner workings remains sparse. The present research improves the understanding of this threat through several contributions.

Paper Link Icon

Scroll to Top