Your Privacy Matters

We use cookies to enhance your experience on our site and to support our marketing efforts. Please view our Privacy Policy for more information.

Manage Preferences

Active Threats - Aug. 24th


August 24, 2023

Active Threats


Over the past 3-4 weeks, Boltive has detected an increase in DCCBoost-related threat activity across all platforms. Boltive has observed DCCBoost run high-volume but short-term campaigns, typically lasting a few weeks. Threat campaign will load a very simple but deeply integrated loader which loads a second stage. Second stage will then perform various fingerprinting, send telemetry (if criteria met), perform ad-quality-vendor checks, and finally redirect if their targeting criteria is satisfied

Techniques Deployed

Fingerprinting, telemetry (1%/configurable), multistage loader, DGA and frequently rotating loader/payload/redirect domains, multiple delays, event based triggers
Propagation: Creatopy/Adspeed/Bannerwise

Affected Platforms


Example Ad

Boltive Active Threats - 8-24 - Sample Ad

Landing Page

Boltive Active Threats - 8-24  LP

Variant #1

Boltive Active Threats - 8-24 - Variant_1

Variant #2

Boltive Active Threats - 8-24 - Variant_2

Variant #3

Boltive Active Threat - 8-24 - Variant_3
Subscribe to our Newslettter
Subscribe to our Newslettter
Subscribe to our Newslettter
Subscribe to our Newslettter

Previous Post

No more posts...

We're fresh out of content!

All Posts

Next Post

You're all caught up!

All the news that's fit to print.

All Posts