All attack reports
D3F@ck Loader, the New MaaS Loader
In March 2024, eSentire's Threat Response Unit (TRU) discovered multiple instances of D3F@ck Loader infections being propagated via Google Ads. This new loader, which debuted on hacking forums in January 2024 (Figure 1), can allegedly bypass several key security features such as Google Chrome, Edge…
Downloadable IOCs 3
Ikaruz Red Team | Hacktivist Group Leverages Ransomware for Attention Not Profit
SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.
Downloadable IOCs 1
Samstealer Attacking Windows Systems To Steal Sensitive Data
A new .NET malware named “SamsStealer” spreads through Telegram with the aim of stealing sensitive files on Windows. It creates a temp folder and then proceeds to steal passwords, cookies, and other information from different browsers such as Chrome, Edge, and cryptocurrency wallets.
Downloadable IOCs 9
From Document to Script: Insides of DarkGate's Campaign
Forcepoint researchers identified a DarkGate malware campaign where victims were sent PDF lures impersonating Intuit QuickBooks invoices from a compromised email.
Downloadable IOCs 11
Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
This comprehensive analysis delves into the continuous evolution and refinement of sophisticated malware entities employed by a persistent cyberespionage group targeting organizations in the Asia-Pacific region. The malware, known as Waterbear and its latest iteration, Deuterbear, have undergone si…
Downloadable IOCs 29
Attackers exploiting new critical vulnerabilities on Kubernetes clusters
Microsoft security researchers have uncovered an attack campaign exploiting recently disclosed critical vulnerabilities in the OpenMetadata platform to gain unauthorized access to Kubernetes clusters, followed by reconnaissance and the deployment of crypto-mining malware. The vulnerabilities, affec…
Downloadable IOCs 6
APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan)
A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs disguised as documents. Microsoft OneDrive cloud service was used to host the malicious MSC file, which communicated with C2 servers and deployed Reconshark malware associ…
Downloadable IOCs 46
Master of Puppets: Uncovering the pro-Russian influence campaign
The DoppelGänger campaign is an ongoing influence operation attributed to Russian entities Structura and the Social Design Agency. Its primary goal is to diminish support for Ukraine and foster divisions within supporting nations. It targets audiences in several Western countries through a network …
Downloadable IOCs 588
Void Manticore Destructive Activities in Israel
This analysis details the destructive operations carried out by the Iranian threat actor Void Manticore, also known as Storm-842, against Israeli organizations. The group utilizes various techniques, including custom wipers for Windows and Linux, manual file deletion, and partition table corruption…
Downloadable IOCs 0
GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure
In recent research, Recorded Future's Insikt Group uncovered a sophisticated cybercriminal campaign led by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). These threat actors leveraged a GitHub profile to impersonate legitimate software applications like 1Password,…
Downloadable IOCs 76
New Antidot Android Banking Trojan Masquerading as Fake Google Play Updates
The "Antidot" Android Banking Trojan Masquerades As A Google Play Update App. It Strategically Targets Android Users Across Various Regions And Employs VNC And Overlay Techniques To Harvest Credentials.
Downloadable IOCs 14
Analysis of APT attack cases targeting domestic companies using Dora RAT (Andariel Group)
AhnLab Security Intelligence Center (ASEC) recently confirmed that the Andariel group carried out APT attacks on domestic companies and institutions. The targeted organizations included manufacturing companies, construction firms, and educational institutions. The attackers employed backdoors, keyl…
Downloadable IOCs 10