Tag: 2024-05-30
10 attack reports | 177 vulnerabilities
Attack reports
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9
Operation Endgame: Up In Smoke
A detailed technical analysis of Smoke malware loader, also known as SmokeLoader or Dofoil, which has been operational since 2011. Smoke is primarily used to deliver second-stage malware payloads like trojans, ransomware, and information stealers, and can also deploy custom plugins for various mali…
Downloadable IOCs 12
Analysis of APT Attack Cases Using Dora RAT Against Companies
This analysis discusses an APT campaign by the Andariel threat group targeting Korean companies and educational institutions. The campaign employed various malware strains, including Nestdoor backdoor, Dora RAT, keyloggers, infostealers, and proxy tools. The attackers exploited vulnerabilities, suc…
Downloadable IOCs 7
Unmasking AsukaStealer: The $80 Malware Threatening Digital Security
AsukaStealer, a malware offered for $80 on a Russian cybercrime forum, is designed to infiltrate popular browsers and extract sensitive data like credentials, cookies, and extension data. It also targets cryptocurrency wallets, messaging platforms, and gaming software. The malware employs customiza…
Downloadable IOCs 4
The stealthy trilogy of PurpleInk, InkBox and InkLoader
A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and…
Downloadable IOCs 4
XWorm v5.6 Malware Being Distributed via Webhards
Researchers discovered a campaign distributing the XWorm v5.6 malware disguised as adult games through Korean file-sharing platforms called webhards. The malware employs tactics like downloading encrypted components from command-and-control servers, injecting itself into legitimate processes, and c…
Downloadable IOCs 3
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470
LightSpy: Implant for macOS
A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private dat…
Downloadable IOCs 43
'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered
A report detailing the analysis of the CryptoChameleon phishing kit, which is used to harvest sensitive information from employees and customers across various platforms. Silent Push Threat Analysts conducted research that revealed a large number of fast flux Indicators of Future Attack (IOFAs) tar…
Downloadable IOCs 30
Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
The report analyzes a campaign where threat actors distribute various malware strains like RATs, coinminers, and loaders disguised as cracked versions of popular software. South Korean systems are heavily targeted, with malware persisting via scheduled tasks and evading security products. Detailed …
Downloadable IOCs 11
Decoding Water Sigbin's Latest Obfuscation Tricks
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade detection. It exploited CVE-2017-3506 and CVE-2023-21839 to deploy a PowerShell script executing a miner. The script utilized complex encoding, environment variables to hi…
Downloadable IOCs 9