All attack reports
DragonRank, a Chinese-speaking SEO manipulator service provider
Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.
Downloadable IOCs 35
Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics
From February to July 2024, an analysis of over 500 popular domains revealed more than 10,000 malicious lookalike domains employing typosquatting and brand impersonation techniques. Google, Microsoft, and Amazon were the most targeted brands, accounting for nearly 75% of phishing domains. Almost ha…
Downloadable IOCs 10
Targeted Iranian Attacks Against Iraqi Government Infrastructure
Check Point Research uncovered a new malware campaign targeting Iraqi government entities, employing custom tools named Veaty and Spearal. The attack utilizes various techniques including passive IIS backdoors, DNS tunneling, and C2 communication via compromised email accounts. The malware shows co…
Downloadable IOCs 16
19 Websites Identified as Part of an Iranian Global Influence Operation
An investigation has uncovered a network of 19 websites created by Iran as part of a global influence operation. These sites, presenting themselves as independent sources of opinion and analysis, target audiences across the United States, Europe, the Middle East, the Caucasus, and South America. Tw…
Downloadable IOCs 19
New RansomHub attack uses TDSKiller and LaZagne, disables EDR
A recent analysis by the ThreatDown MDR team has uncovered a novel attack method employed by the RansomHub ransomware gang. The attackers are utilizing two tools: TDSSKiller, a legitimate Kaspersky rootkit removal utility, to disable endpoint detection and response (EDR) systems, and LaZagne, a cre…
Downloadable IOCs 2
Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries
The Scattered Spider cybercriminal group is targeting cloud infrastructures in the insurance and financial sectors using advanced techniques. They exploit leaked authentication tokens, conduct phishing and smishing campaigns, and leverage SIM swapping to bypass multi-factor authentication. The grou…
Downloadable IOCs 12
Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware
Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…
Downloadable IOCs 8
BLX STEALER
Identified as a sophisticated dropper binary designed to deploy an information stealer dubbed BLX Stealer or XLABB Stealer, this malware has been actively promoted on Telegram and Discord platforms. It targets credentials, browser data, cryptocurrency wallets, and other sensitive personal informati…
Downloadable IOCs 5
There's Something About CryptBot: Yet Another Silly Stealer
This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…
Downloadable IOCs 13
Earth Preta Evolves its Attacks with New Malware and Strategies
Trend Micros discusses analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.
Downloadable IOCs 41
Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401
A critical security flaw in the Open Geospatial Consortium (OGC) GeoServer server has been exploited by cyber-attackers to gain control of vulnerable systems, according to FortiGuard Labs.
Downloadable IOCs 75
Threat Assessment: North Korean Threat Groups
This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10…
Downloadable IOCs 58