Today > 1 Critical | 3 High | 6 Medium vulnerabilities - You can now download lists of IOCs here!
DPRK-associated threat actors are targeting tech industry job seekers through fake recruitment campaigns, installing malware on their devices. The campaign, named CL-STA-240 Contagious Interview, uses social engineering to lure victims into online interviews where they are convinced to download mal…
Over the past year, the delivery of Lua malware appears to have undergone simplification, possibly to reduce exposure to detection mechanisms. The malware is frequently delivered using obfuscated Lua scripts instead of compiled Lua bytecode, as the latter can trigger suspicion more easily.
A new stealthy Linux malware called perfctl has been analyzed. The malware runs two processes: perfctl and a disguised process mimicking known Linux processes. It uses Tor for external communications and local sockets for inter-process communication. After 30 minutes, the attacker drops scripts to …
LemonDuck malware has evolved into a versatile threat, targeting both Windows and Linux systems. It exploits SMB vulnerabilities, particularly EternalBlue, to gain network access. The malware uses brute-force attacks, creates hidden administrative shares, and executes malicious actions via batch fi…
MisterioLNK is a newly discovered open-source loader builder that generates LNK, BAT, CMD, and VBS loader files designed to download and execute remote files. Available on GitHub, it poses a significant challenge to security defenses due to minimal detection rates. The tool supports multiple loader…
The Dark Angels ransomware group, active since April 2022, operates with sophisticated strategies targeting large companies for substantial ransom demands. They focus on stealthy attacks, avoiding outsourcing to third-party brokers. The group uses various ransomware payloads, including Babuk and Re…
Recent research reveals adversaries increasingly using the Havoc post-exploitation framework to bypass cybersecurity systems. Two campaigns utilizing this framework were analyzed. The first campaign involved phishing emails with malicious archives containing ISO files and LNK files, which downloade…
This analysis explores the application of Generative AI, specifically Google's Gemini Advanced, in malware analysis. The experiment focuses on analyzing executable files, particularly a RisePro Stealer sample. The methodology involves decompiling the malware using Ghidra and IDA Pro, then using spe…
Mamba 2FA is a newly discovered adversary-in-the-middle (AiTM) phishing kit being sold as phishing-as-a-service (PhaaS). It features capabilities similar to other popular AiTM phishing services, including handling two-step verifications for non-phishing-resistant MFA methods, supporting various aut…
This report delves into the technical aspects of the NOOPDOOR and NOOPLDR malwares employed by the APT10 threat actor in the Cuckoo Spear campaign. The analysis reveals how these tools operate and the potential risks they pose, helping cybersecurity professionals better understand and defend agains…
Yunit Stealer is a sophisticated malware targeting sensitive user data through credential theft and system manipulation. It employs advanced evasion techniques to bypass security measures, maintaining persistence on compromised systems. The malware performs comprehensive data extraction, including …
A new campaign by the Awaken Likho APT group targeting Russian government agencies and industrial enterprises was discovered in June 2024. The group has significantly changed its attack methods, now preferring the MeshCentral platform agent instead of UltraVNC for remote access. The implant is deli…