All attack reports
Credential Flusher Research
This intelligence report describes a technique employed by threat actors to compel victims into entering their credentials into a browser, thereby enabling the credentials to be stolen from the browser's credential store using traditional credential-stealing malware. The method involves launching t…
Downloadable IOCs 8
Observes Targeted Attacks Amid FBI Warnings
The report details targeted attacks observed by Jamf Threat Labs that align with FBI warnings about the Democratic People's Republic of Korea (DPRK) targeting individuals in the crypto industry through social engineering tactics for malware delivery. It outlines attack scenarios involving malicious…
Downloadable IOCs 8
A Network of Harm: Gigabud Threat and Its Associates
An investigation reveals a significant connection between Gigabud and Spynote malware families, targeting over 50 financial apps including banks and cryptocurrency platforms. The campaign utilizes sophisticated distribution methods, including 11 command and control servers and 79 phishing websites …
Downloadable IOCs 116
Unpacking the unpleasant FIN7 gift: PackXOR
This analysis delves into PackXOR, a private packer associated with FIN7's AvNeutralizer tool. PackXOR employs a two-section structure with XOR encryption and LZNT1 compression. The packer utilizes Run-Time Dynamic Linking and encrypts API function names. Notably, PackXOR has been observed packing …
Downloadable IOCs 12
ShrinkLocker Malware: Abusing BitLocker to Lock Your Data
ShrinkLocker is a new ransomware strain that exploits Windows BitLocker to encrypt targeted data. Unlike typical ransomware, it abuses this legitimate feature to create a secure boot partition, locking users out unless a ransom is paid. The malware performs system checks, modifies registry entries,…
Downloadable IOCs 2
From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking
Two campaigns targeting Selenium Grid, a popular web testing tool, have been identified. The attacks exploit misconfigured instances lacking authentication to deploy cryptominers and proxyjacking tools. The first campaign injects a base64 encoded Python script to download and execute a reverse shel…
Downloadable IOCs 18
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Gomorrah Stealer: An In-Depth Analysis of a .NET-Based Malware
This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…
Downloadable IOCs 6
ACSC - Malicious URLS High Confidence
This pulse contains malicious URLs provided by the ACSC (Australian Cybersecurity Center). This pulse contains high-confidence malicious URLs.
Downloadable IOCs 1
Hadooken Malware Targets Weblogic Applications
Aqua Nautilus researchers identified a Linux malware, named Hadooken, targeting Oracle WebLogic servers. Upon gaining initial access through an exploited weak password, Hadooken deploys a cryptominer and the Tsunami malware. The report details the attack flow, techniques employed by the threat acto…
Downloadable IOCs 4
A SOC Team’s Guide to Detecting macOS Atomic Stealers
This article provides an analysis of the Atomic Infostealer malware family, which has been targeting macOS users throughout 2024. It discusses the various evolving variants, such as Amos, Banshee, Cthulu, Poseidon, and RodrigoStealer, developed and distributed by competing threat actor groups. The …
Downloadable IOCs 3