All attack reports
BlackSuit Ransomware
The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of BlackSuit ransomware approximately 15 days later. The threat actor demonstrated an array of tactics, leveraging tools like Cobalt Strike, Sharphound, and SystemBC, alongside…
Downloadable IOCs 16
AppDomainManager Injection Technique Used to Execute Malware on Windows
Cybersecurity specialists have observed an escalation in attacks employing the AppDomainManager Injection technique, which exploits the .NET Framework's version redirection feature to manipulate legitimate EXE files and load malicious DLLs. These attacks commonly begin with a ZIP file containing a …
Downloadable IOCs 9
Iranian backed group steps up phishing campaigns against Israel, U.S.
An Iranian government-backed threat group known as APT42 has significantly intensified its phishing campaigns targeting high-profile individuals in Israel and the United States over the past six months. The group, associated with Iran's Islamic Revolutionary Guard Corps, has focused on current and …
Downloadable IOCs 38
BORN Group Supply Chain Breach: In-Depth Analysis of Jenkins Exploitation
This analysis examines a substantial supply chain assault on the IT service provider BORN Group. The cybercriminal Intelbroker leveraged a vulnerability (CVE-2024-23897) to breach BORN Group's infrastructure, leading to the exfiltration of sensitive information from various clients. Furthermore, In…
Downloadable IOCs 5
Threat Tracking: Analysis of Lilith RAT ported to AutoIt Script
In April 2024, S2W's Threat Research and Intelligence Center TALON analyzed a malicious LNK file disguised as a list of tax evasion explanatory documents. The LNK file executed a PowerShell command to download and run an AutoIt script-based Lilith RAT malware from an attacker's server, which establ…
Downloadable IOCs 33
Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules
Stroz Friedberg discovered sedexp, a stealthy Linux malware that utilizes udev rules to achieve persistence and evade detection. It provides reverse shell capabilities and advanced concealment tactics. Employed by a financially motivated threat actor, sedexp hides credit card scraping code, indicat…
Downloadable IOCs 3
How Managed Detection and Response Pressed Pause on a Play Ransomware Attack
This report details how Trend Micro's Managed Detection and Response (MDR) service successfully thwarted a sophisticated ransomware attack orchestrated by the notorious Play ransomware group. Through continuous monitoring and expert analysis, the MDR team swiftly identified and contained the intrus…
Downloadable IOCs 1
From the Depths: Analyzing the Cthulhu Stealer Malware for macOS
This report analyzes Cthulhu Stealer, a malware-as-a-service targeting macOS users to steal credentials and cryptocurrency wallets. It explores the malware's functionality, including prompting users for passwords, dumping keychain data, and exfiltrating stolen information. The analysis compares Cth…
Downloadable IOCs 9
Decoding the Stealthy Memory-Only Malware
This intelligence report provides an in-depth analysis of a complex, multi-stage malware campaign called PEAKLIGHT. It details the infection chain, starting with movie lure ZIP files containing malicious LNK files that initiate a JavaScript dropper. This dropper then executes a PowerShell downloade…
Downloadable IOCs 23
Hundreds of online stores hacked in new campaign
A cybersecurity report details a malware campaign targeting numerous e-commerce websites running the popular Magento platform. Threat actors exploited a vulnerability to inject malicious code that skims payment data from online shoppers during checkout. The skimmer code is loaded from attacker-cont…
Downloadable IOCs 15
Report on Ukraine government attack campaign
Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…
Downloadable IOCs 33
Technical Analysis of Copybara
This report presents a comprehensive technical analysis of a newly discovered variant of the Copybara Android malware. The malware, which emerged in November 2021, is primarily spread through voice phishing attacks. It utilizes the MQTT protocol for command-and-control communication and abuses Andr…
Downloadable IOCs 107