Tag: 2024-05-05

19 Attack Reports | 32 Vulnerabilities

Attack reports

Threat Actors Hack YouTube Channels to Distribute Infostealers

This analysis reveals that malicious groups have been exploiting popular YouTube channels, including some with over 800,000 subscribers, to distribute various infostealer malware strains like Vidar and LummaC2. The attackers upload videos promoting cracked software with links to malicious payloads …
lummac2
malware distribution
2024-05-05
2024-05-06
2024-05-07
2024-05-08
vidar
youtube
infostealers
compromised accounts
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 13

Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack

The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versions of Microsoft Office and other popular software. The attackers are distributing a variety of malware, including downloaders, coin miners, remote access tools (RATs), pr…
obfuscation
rat
xmrig
persistence
2024-05-05
2024-05-06
2024-05-07
2024-05-08
purecrypter
cryptominer
3proxy
antiav
orcusrat
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 12

Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation

Juniper Threat Labs has observed attempts to exploit Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities (CVE-2023-46805 and CVE-2024-21887), leading to the delivery of Mirai botnet payloads. This analysis explores the vulnerabilities, exploitation methods, observed …
botnet
2024-05-05
2024-05-06
2024-05-07
2024-05-08
mirai
ivanti
CVE-2024-21887
CVE-2023-46805
2024-05-09
2024-05-10
Published: May 10, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805
Downloadable IOCs: 23

Profiling Trafficers: Cerberus

This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the Commonwealth of Independent States (CIS) region. It provides insights into their operations, tactics, and the evolution o…
malware
infostealer
russia
2024-05-05
2024-05-06
2024-05-07
lumma stealer
2024-05-08
aurora stealer
redline
hacking
cybercrime
rhadamanthys stealer
casbaneiro
metamorfo
dracula stealer (samurai)
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 24

New Campaigns from Scattered Spider

Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various industries, particularly the finance and insurance sectors. Their tactics involve creating convincing lookalike domains and login pages to lure victims into revealing cr…
phishing
social engineering
2024-05-05
2024-05-06
2024-05-07
2024-05-08
credential theft
telecom targeting
lookalike domains
2024-05-09
2024-05-10
Published: May 10, 2024
Linked vulnerabilities : CVE-2024-22024
Downloadable IOCs: 118

macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge

This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spyware. It describes Cuckoo Stealer's main features, logic, and provides indicators of compromise to assist threat hunters and defenders. The malware employs techniques lik…
obfuscation
infostealer
persistence
macos
spyware
2024-05-05
2024-05-06
2024-05-07
2024-05-08
cuckoo stealer
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 4

Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four

This comprehensive analysis provides a thorough examination of the REMCOS Remote Access Trojan (RAT), a prominent malware threat that gained significant prevalence in 2024. The analysis delves into the malware's configuration structure, command and control capabilities, persistence mechanisms, and …
rat
evasion
persistence
remcos
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
credential theft
remote access
2024-05-09
Published: May 9, 2024
Downloadable IOCs: 34

Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin

A recent surge of malicious JavaScript code has been observed targeting websites using vulnerable versions of the LiteSpeed Cache plugin for WordPress. The malware injects code into critical WordPress files or the database, creating unauthorized admin users like 'wpsupp-user.' It exploits the vulne…
vulnerability
javascript
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
wordpress
litespeed
plugin
2024-05-09
Published: May 9, 2024
Downloadable IOCs: 6

Tracking the Surge in Non-PE Cyber Threats

This intelligence report details a sophisticated infection chain that culminates in the deployment of AsyncRAT, a potent malware designed to breach computer systems and steal confidential data. The meticulous analysis unravels the intricate sequence, commencing with a spam email containing a malici…
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
asyncrat
analysis
spam
infection chain
2024-05-09
Published: May 9, 2024
Downloadable IOCs: 13

APT28 campaign against Polish government institutions

The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which has been targeting Polish government institutions in the past year and is believed to be linked to the GRU.
phishing
apt28
russia
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
government
microsoft edge
webhook
bat script
mocky
headlace
poland
campaign
Published: May 8, 2024
Downloadable IOCs: 74

Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers

Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
rootkit
windows
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
explorer
dll path
ntfs
payload dll
ime file
ioctl
ata bus
tdl4
rovnix
mebroot
tidserv
findwindow
mbr
guntior
Published: May 8, 2024
Downloadable IOCs: 6

Code Emulation and Cybercrime Infrastructure Discovery

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…
loader
ransomware
stealer
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
socgholish
matanbuchus
emulation
bulletproof
Published: May 8, 2024
Downloadable IOCs: 76

Stealer Distributed via Crafted Minecraft Source Pack

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…
stealer
persistence
anti-analysis
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
screenshots
zeus panda
minecraft
Published: May 8, 2024
Downloadable IOCs: 23

Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server

This report examines a malware strain distributed to web servers in South Korea that redirects users to an illegal gambling site. The threat actor installed a Meterpreter backdoor, a port forwarding tool, and an IIS module malware on a compromised web server. The IIS module inspects HTTP headers an…
korea
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
meterpreter
webserver
iismodulemalware
gamblingredirect
Published: May 8, 2024
Downloadable IOCs: 8

RemcosRAT Distributed Using Steganography

Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganography techniques. The attack starts with a malicious Word document exploiting template injection, leading to the download of an RTF file that leverages an equation editor…
obfuscation
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
steganography
remcosrat
process-hollowing
malicious-documents
Published: May 8, 2024
Downloadable IOCs: 4

HijackLoader Updates

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…
rat
evasion
rhadamanthys
stealer
remcos
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
amadey
lumma stealer
injection
modular
racoon stealer v2
malware loader
meta stealer
Published: May 7, 2024
Downloadable IOCs: 11

LNK File Disguised as Certificate Distributing RokRAT Malware

This analysis delves into the continuous distribution of malicious shortcut files (*.LNK) targeting South Korean users, particularly those related to North Korea. These LNK files contain legitimate documents, script code, and encoded malware data. When executed, they create and run a document file …
backdoor
lnk
rokrat
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
Published: May 7, 2024
Downloadable IOCs: 4

New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware

CYFIRMA researchers identified an Android malware campaign, active for over a year, targeting Indian defense personnel by an unidentified Pakistan-based cyber espionage group. The threat actor utilized Spynote or a modified version called Craxs Rat, obfuscating the app with high complexity. Through…
malware
espionage
android
pakistan
2024-05-03
2024-05-04
2024-05-05
2024-05-06
india
spynote
defense
craxs rat
Published: May 6, 2024
Downloadable IOCs: 3

Smart-sex-toy users targeted by clicker trojan

Virus analysts at Doctor Web uncovered an Android application containing a clicker trojan that silently opens advertising sites and clicks on webpages. Such trojans can be used to stealthily display ads, generate click fraud, sign up unsuspecting victims for paid subscriptions or launch DDoS attack…
2024-05-03
2024-05-04
2024-05-05
2024-05-06
clicker trojan
Published: May 6, 2024
Downloadable IOCs: 13
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-4491

8.8
    Tenda i21
Published: May 5, 2024

CVE-2024-4492

8.8
    Tenda i21
Published: May 5, 2024

CVE-2024-4493

8.8
    Tenda i21
Published: May 5, 2024

CVE-2024-4494

8.8
    Tenda i21
Published: May 5, 2024

CVE-2024-4495

8.8
    Tenda i21
Published: May 5, 2024

CVE-2024-4496

8.8
    Tenda i21
Published: May 5, 2024

CVE-2024-4497

8.8
    Tenda i21
Published: May 5, 2024

CVE-2024-34510

7.5
    Gradio
Published: May 5, 2024

CVE-2024-34511

6.5
    Gradio
Published: May 5, 2024

CVE-2024-4500

6.3
    SourceCodester Prison Management System
Published: May 5, 2024

CVE-2024-4501

4.7
    Ruijie RG-UAC
Published: May 5, 2024

CVE-2024-4502

4.7
    Ruijie RG-UAC
Published: May 5, 2024

CVE-2024-4503

4.7
    Ruijie RG-UAC
Published: May 5, 2024

CVE-2024-34475

None
    Open5GS
Published: May 5, 2024

CVE-2024-34476

None
    Open5GS
Published: May 5, 2024

CVE-2024-34478

None
    btcd
Published: May 5, 2024

CVE-2024-34483

None
    Faucet SDN Ryu
Published: May 5, 2024

CVE-2024-34484

None
    Faucet SDN Ryu
Published: May 5, 2024

CVE-2024-34486

None
    Faucet SDN Ryu
Published: May 5, 2024

CVE-2024-34487

None
    Faucet SDN Ryu
Published: May 5, 2024

CVE-2024-34488

None
    Faucet SDN Ryu
Published: May 5, 2024

CVE-2024-34489

None
    Faucet SDN Ryu
Published: May 5, 2024

CVE-2024-34490

None
    Maxima
Published: May 5, 2024

CVE-2024-34474

None
    Clario Desktop
Published: May 5, 2024

CVE-2024-34500

None
    MediaWiki
Published: May 5, 2024

CVE-2024-34502

None
    MediaWiki
Published: May 5, 2024

CVE-2024-34506

None
    MediaWiki
Published: May 5, 2024

CVE-2024-34507

None
    MediaWiki
Published: May 5, 2024

CVE-2024-34508

None
    DCMTK
Published: May 5, 2024

CVE-2024-34509

None
    DCMTK
Published: May 5, 2024

CVE-2024-34515

None
    image-optimizer
Published: May 5, 2024

CVE-2024-34519

None
    Avantra Server
Published: May 5, 2024
Click here to see more Vulnerabilities