All attack reports
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
Microsoft has identified Moonstone Sleet, a new North Korean threat actor that employs various tactics, including creating fake companies, distributing trojanized legitimate tools, developing a malicious game, and deploying custom ransomware. This actor combines methods used by other North Korean g…
Downloadable IOCs 20
Side Loading through IObit against Colombia
In May 2024, researchers detected a phishing campaign impersonating the Colombian Attorney General's Office, aiming to infect systems with AsyncRAT malware. The attack employs a ZIP file containing legitimate IObit antivirus software and malicious files, utilizing DLL side-loading for execution. Wh…
Downloadable IOCs 3
Werewolf Sharpening Known Stealer for New Attacks
An analysis reveals that threat actors have developed custom malware based on the open-source SapphireStealer to harvest credentials from employees of Russian companies. The malicious operation involves deploying a modified version of the stealer malware, specifically tailored to target organizatio…
Downloadable IOCs 3
Kiteshield Packer is Being Abused by Linux Cyber Threat Actors
This analysis uncovers the use of Kiteshield packer by various cybercriminal groups to evade detection on Linux platforms. The researchers reverse-engineered samples from APT group Winnti, cybercrime group DarkMosquito, and a script kiddie operation, revealing Kiteshield's anti-debugging techniques…
Downloadable IOCs 4