All attack reports
Uncorking Old Wine: Zero-Day from 2017 + Loader in Unholy Alliance
An analysis uncovered a suspected malicious campaign targeting entities in Ukraine. The attack employed an old vulnerability from 2017, CVE-2017-8570, as the initial entry vector. The operation utilized a customized loader to deliver the Cobalt Strike Beacon payload. While the specific threat actor…
Downloadable IOCs 6
From IcedID to Dagon Locker Ransomware in 29 Days
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.
Downloadable IOCs 33
Discovers Multiyear Sophisticated Chinese DNS Operation
This report unveils a previously undisclosed multiyear operation conducted by a sophisticated actor called Muddling Meerkat. The operation employs Domain Name System (DNS) queries, open DNS resolvers, and interacts with China's Great Firewall. The tactics demonstrate the actor's ability to conduct …
Downloadable IOCs 10