All attack reports
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack
The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software. The attackers are distributing a variety of malware, including downloaders, coin miners, remote access tools (RATs), pr…
Downloadable IOCs 12
Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation
Juniper Threat Labs has observed attempts to exploit Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities (CVE-2023-46805 and CVE-2024-21887), leading to the delivery of Mirai botnet payloads. This analysis explores the vulnerabilities, exploitation methods, observed …
Downloadable IOCs 23
Profiling Trafficers: Cerberus
This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the Commonwealth of Independent States (CIS) region. It provides insights into their operations, tactics, and the evolution o…
Downloadable IOCs 24
New Campaigns from Scattered Spider
Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various industries, particularly the finance and insurance sectors. Their tactics involve creating convincing lookalike domains and login pages to lure victims into revealing cr…
Downloadable IOCs 118
macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge
This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spyware. It describes Cuckoo Stealer's main features, logic, and provides indicators of compromise to assist threat hunters and defenders. The malware employs techniques lik…
Downloadable IOCs 4
Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four
This comprehensive analysis provides a thorough examination of the REMCOS Remote Access Trojan (RAT), a prominent malware threat that gained significant prevalence in 2024. The analysis delves into the malware's configuration structure, command and control capabilities, persistence mechanisms, and …
Downloadable IOCs 34
Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin
A recent surge of malicious JavaScript code has been observed targeting websites using vulnerable versions of the LiteSpeed Cache plugin for WordPress. The malware injects code into critical WordPress files or the database, creating unauthorized admin users like 'wpsupp-user.' It exploits the vulne…
Downloadable IOCs 6
Tracking the Surge in Non-PE Cyber Threats
This intelligence report details a sophisticated infection chain that culminates in the deployment of AsyncRAT, a potent malware designed to breach computer systems and steal confidential data. The meticulous analysis unravels the intricate sequence, commencing with a spam email containing a malici…
Downloadable IOCs 13
APT28 campaign against Polish government institutions
The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which has been targeting Polish government institutions in the past year and is believed to be linked to the GRU.
Downloadable IOCs 74
Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
Downloadable IOCs 6
Code Emulation and Cybercrime Infrastructure Discovery
This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…
Downloadable IOCs 76
Stealer Distributed via Crafted Minecraft Source Pack
This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…
Downloadable IOCs 23