All attack reports
Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA
Lumma Stealer, a sophisticated information-stealing malware, has evolved its tactics to employ fake CAPTCHA verification for payload delivery. The malware exploits legitimate software and uses multi-stage fileless techniques to evade detection. Its infection chain involves PowerShell scripts, proce…
Downloadable IOCs 23
Stealers on the rise: Kral, AMOS, Vidar and ACR
This intelligence report analyzes the increasing prevalence of information stealers, focusing on Kral, AMOS, Vidar, and ACR. Kral, delivered by its downloader, targets cryptocurrency wallets and browser data. AMOS, a macOS stealer, spreads through malvertising impersonating Homebrew. Vidar distribu…
Downloadable IOCs 0
Crystal Rans0m: Hybrid ransomware with stealer capabilities
Crystal Rans0m is a newly discovered hybrid ransomware family developed in Rust, first observed in September 2023. It combines file encryption with data stealing capabilities, doubling its leverage over victims. The malware targets browser data, Discord tokens, Steam files, and Riot Games data. It …
Downloadable IOCs 5
Fog Ransomware – Technical Analysis
A new ransomware called Fog has been identified, affecting education and recreation centers in the United States. The threat actors gain access through compromised VPN credentials, disable Windows Defender, and deploy the ransomware. Fog is a 32-bit EXE file compiled using Microsoft Visual C/C++. I…
Downloadable IOCs 1
New Bumblebee Loader Infection Chain Signals Possible Resurgence
A new infection chain for the Bumblebee loader malware has been discovered, potentially indicating its resurgence after Operation Endgame. The sophisticated downloader, first identified in March 2022, is used by cybercriminals to access corporate networks and deliver payloads like Cobalt Strike bea…
Downloadable IOCs 11
Inside the Latrodectus Malware Campaign
The Latrodectus malware campaign employs a combination of traditional phishing techniques and innovative payload delivery methods to target financial, automotive, and healthcare sectors. The attack chain begins with compromised emails containing malicious PDF or HTML attachments, which redirect use…
Downloadable IOCs 20
The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer
This analysis examines three emerging malware threats: Divulge Stealer, DedSec Stealer, and Duck Stealer. These stealers, often promoted on platforms like GitHub and Telegram, target browser data, game information, and sensitive personal details. Divulge Stealer, a successor to Umbral Stealer, feat…
Downloadable IOCs 3
The Mobile Malware Chronicles: Necro.N - Volume 101
Zimperium's zLabs researchers have been tracking Necro.N, a highly intrusive mobile malware campaign, since July. This malware, potentially succeeding Joker, uses obfuscation and steganography to hide malicious payloads within images. It downloads payloads from C2 servers, enabling remote code exec…
Downloadable IOCs 6
THREAT ANALYSIS: Beast Ransomware
The Beast Ransomware group, active since 2022, offers a Ransomware-as-a-Service (RaaS) platform with constant updates. It supports Windows, Linux, and ESXi systems, providing affiliates with customizable binary options. Beast employs advanced encryption methods, including Elliptic-curve and ChaCha2…
Downloadable IOCs 0
Tricks and Treats: New Pixel-Level Deception
GHOSTPULSE malware has evolved to embed malicious data within pixel structures of PNG files, replacing its previous IDAT chunk technique. Recent campaigns involve social engineering tactics, tricking victims with CAPTCHA validations that trigger malicious commands through keyboard shortcuts. The ma…
Downloadable IOCs 9
ClickFix tactic: The Phantom Meet
This analysis explores the ClickFix social engineering tactic that emerged in 2024, focusing on a cluster impersonating Google Meet pages to distribute malware. The tactic tricks users into running malicious code by displaying fake error messages. The investigated cluster targets both Windows and m…
Downloadable IOCs 171
Analyzing the familiar tools used by the Crypt Ghouls hacktivists
The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …
Downloadable IOCs 1