All attack reports
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed
This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting ste…
Downloadable IOCs 27
Echoes of Braodo Tales from the Cyber Underworld
This report provides an in-depth analysis of a Vietnamese-based information stealer, known as Braodo Stealer. It is a Python-based malware that stealthily infiltrates victims' systems to harvest sensitive information, including credentials and banking data, leading to identity theft and financial l…
Downloadable IOCs 1
Daggerfly: Espionage Group Makes Major Update to Toolset
An advanced persistent threat (APT) group, known as Daggerfly or Evasive Panda, has significantly updated its malware arsenal. The group has introduced new versions of its modular backdoor framework MgBot for multiple platforms, including Windows, Linux, macOS, and Android. Symantec researchers hav…
Downloadable IOCs 20
Solving the 7777 Botnet enigma: A cybersecurity quest
Sekoia.io investigated the mysterious 7777 botnet (aka Quad7 botnet), which compromised TP-Link routers to relay password spraying attacks against Microsoft 365 accounts. The investigation involved intercepting network communications and malware deployed on a compromised router in France. The findi…
Downloadable IOCs 4
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
ESET researchers discovered a vulnerability named EvilVideo that allows attackers to share malicious Android payloads disguised as video files through Telegram for Android. The exploit makes the malicious files appear as multimedia content, tricking users into installing malware. The vulnerability …
Downloadable IOCs 1
Global Outage - Threat Actor Activity and Risk Mitigation Strategies
On July 19th, 2024, a faulty update from CrowdStrike caused kernel instability and Blue Screen of Death (BSOD) loops on millions of Windows devices worldwide, leading to major disruptions across industries. While affected parties work on remediation, threat actors are exploiting the situation throu…
Downloadable IOCs 30
New Play Ransomware Linux Variant Targets ESXi Shows Ties
The Play ransomware group, known for double-extortion tactics and advanced evasion techniques, has developed a new Linux variant specifically designed to target VMware ESXi environments. This variant aims to encrypt virtual machines (VMs) and associated files, potentially causing significant operat…
Downloadable IOCs 2
Fake Browser Updates Lead to BOINC Volunteer Computing Software
This report details a recent malware campaign involving the infamous SocGholish/FakeUpdates malware, which tricks users into downloading fake browser updates. However, instead of installing common remote access tools (RATs) as the final payload, some infections resulted in the installation of the l…
Downloadable IOCs 17
HotPage: Story of a signed, vulnerable, ad-injecting driver
This report investigates a sophisticated Chinese browser injector called HotPage, capable of injecting code into remote processes and intercepting network traffic to modify requested web pages, redirect users, or open new tabs based on rules. Despite claims of being a security solution, HotPage lev…
Downloadable IOCs 5
Warning Against the Distribution of Malware Disguised as Software Cracks
This advisory cautions about the distribution of malware masquerading as crack programs for software. The malicious actors aim to prevent the installation of V3 Lite, an anti-malware solution, by terminating its installation process. This tactic allows them to maintain persistence and continue upda…
Downloadable IOCs 1
Private HTS Program Continuously Used in Attacks
This report outlines a continuous campaign where a threat actor distributes malware, including Quasar RAT, through a private home trading system (HTS) named HPlus. The malware is initially delivered via an MSI installer, and users who request remote assistance inadvertently execute the AnyDesk soft…
Downloadable IOCs 1
FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks
This report provides an in-depth analysis of the FIN7 cybercrime group's evolving tactics, techniques, and procedures. It highlights the group's adoption of automated SQL injection attacks, the development of specialized tools like AvNeutralizer for evading security solutions, and the use of multip…
Downloadable IOCs 99