All attack reports

The report details attempts by threat actors to compromise smartphones and tablets belonging to military personnel by distributing malicious APK files disguised as legitimate software for military systems like GRISELDA and "Eyes". The malware, named HYDRA and a modified version of "Eyes", was desig…

Downloadable IOCs 15

The report provides insights into the evolving tactics and infrastructure of a threat group referred to as the 'Quad7 botnet operators.' It details the discovery of new staging servers, implants, and botnet clusters associated with this group. The operators appear to be compromising various router …

Downloadable IOCs 11

The report provides insights into the evolving tactics and infrastructure of a threat group referred to as the 'Quad7 botnet operators.' It details the discovery of new staging servers, implants, and botnet clusters associated with this group. The operators appear to be compromising various router …

Downloadable IOCs 0

The report discusses the Atomic macOS Stealer (AMOS), an infostealer malware targeting macOS systems. It is designed to steal sensitive information like passwords, cookies, cryptocurrency wallets, and other data from infected machines. The malware is distributed through malvertising, SEO poisoning,…

Downloadable IOCs 17

In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious Google Chrome browser extension. The attack leveraged DLL side-loading to execute a loader delivering the malware and a PowerShell script that installed the extension. T…

Downloadable IOCs 7

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

Kaspersky researchers discovered a previously unknown Loki backdoor, utilized in a series of targeted attacks. Analysis revealed that Loki is a private version of an agent compatible with the open-source Mythic framework. The malware employs techniques like memory encryption, indirect system API ca…

Downloadable IOCs 7

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible…

Downloadable IOCs 50

Group-ib explored the growing threats posed by the Lazarus Group's financially-driven campaign against developers. Group-ib examined their recent Python scripts, including the CivetQ and BeaverTail malware variants, along with their updated versions in Windows and Python releases. Additionally, the…

Downloadable IOCs 85

The article discusses the importance of keeping enrichment data up-to-date for analyzing honeypot attacks. Various sources like Internet Storm Center, URLhaus, SPUR, and VirusTotal are used to enrich data collected from honeypots. The author examines how frequently this data changes and its accurac…

Downloadable IOCs 5

Latin America is experiencing a surge in sophisticated phishing attacks targeting financial systems, with banking Trojans like Mekotio, BBTok, and Grandoreiro re-emerging. These attacks use business transaction and judicial-related lures to compromise victims. Mekotio is expanding its targets beyon…

Downloadable IOCs 9