Tag: 2024-06-11
5 attack reports | 232 vulnerabilities
Attack reports
Search & Spoof: Abuse of Windows Search to Redirect to Malware
Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in HTML code to deploy malware. The campaign initiates with a suspicious email containing an HTML attachment masquerading as a routine document like an invoice. Once opened,…
Downloadable IOCs 2
Update: CVE-2024-4577 quickly weaponized to distribute Ransomware
The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. The attackers use the vulnerability to execute arbitrary PHP code and run a malicious HTML application that loads a .NET variant of the ransomware into memory. Upon executi…
Downloadable IOCs 5
RAT Distributed as UUEncoding (UUE) File
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated through phishing emails containing an attachment exploiting the Unix-to-Unix Encoding (UUE) technique. The encoded file loads an obfuscated VBScript that fetches additional mal…
Downloadable IOCs 3
APT Attacks Using Cloud Storage
The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to distribute malware and collect user information. The attack process starts with a malicious shortcut file (LNK) that executes PowerShell scripts to download decoy documen…
Downloadable IOCs 1
SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
This report details a series of attacks targeting South Korean companies, particularly defense contractors, automobile part manufacturers, and semiconductor manufacturers. The threat actor initially deployed malware strains associated with the Kimsuky group, such as MultiRDP and Meterpreter, but la…
Downloadable IOCs 19
Search & Spoof: Abuse of Windows Search to Redirect to Malware
Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in HTML code to deploy malware. The campaign initiates with a suspicious email containing an HTML attachment masquerading as a routine document like an invoice. Once opened,…
Downloadable IOCs 2
Update: CVE-2024-4577 quickly weaponized to distribute Ransomware
The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. The attackers use the vulnerability to execute arbitrary PHP code and run a malicious HTML application that loads a .NET variant of the ransomware into memory. Upon executi…
Downloadable IOCs 5
RAT Distributed as UUEncoding (UUE) File
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated through phishing emails containing an attachment exploiting the Unix-to-Unix Encoding (UUE) technique. The encoded file loads an obfuscated VBScript that fetches additional mal…
Downloadable IOCs 3
APT Attacks Using Cloud Storage
The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to distribute malware and collect user information. The attack process starts with a malicious shortcut file (LNK) that executes PowerShell scripts to download decoy documen…
Downloadable IOCs 1
SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
This report details a series of attacks targeting South Korean companies, particularly defense contractors, automobile part manufacturers, and semiconductor manufacturers. The threat actor initially deployed malware strains associated with the Kimsuky group, such as MultiRDP and Meterpreter, but la…
Downloadable IOCs 19
Search & Spoof: Abuse of Windows Search to Redirect to Malware
Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in HTML code to deploy malware. The campaign initiates with a suspicious email containing an HTML attachment masquerading as a routine document like an invoice. Once opened,…
Downloadable IOCs 2
Update: CVE-2024-4577 quickly weaponized to distribute Ransomware
The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. The attackers use the vulnerability to execute arbitrary PHP code and run a malicious HTML application that loads a .NET variant of the ransomware into memory. Upon executi…
Downloadable IOCs 5
RAT Distributed as UUEncoding (UUE) File
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated through phishing emails containing an attachment exploiting the Unix-to-Unix Encoding (UUE) technique. The encoded file loads an obfuscated VBScript that fetches additional mal…
Downloadable IOCs 3
APT Attacks Using Cloud Storage
The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to distribute malware and collect user information. The attack process starts with a malicious shortcut file (LNK) that executes PowerShell scripts to download decoy documen…
Downloadable IOCs 1
SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
This report details a series of attacks targeting South Korean companies, particularly defense contractors, automobile part manufacturers, and semiconductor manufacturers. The threat actor initially deployed malware strains associated with the Kimsuky group, such as MultiRDP and Meterpreter, but la…
Downloadable IOCs 19
Search & Spoof: Abuse of Windows Search to Redirect to Malware
Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in HTML code to deploy malware. The campaign initiates with a suspicious email containing an HTML attachment masquerading as a routine document like an invoice. Once opened,…
Downloadable IOCs 2
Update: CVE-2024-4577 quickly weaponized to distribute Ransomware
The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. The attackers use the vulnerability to execute arbitrary PHP code and run a malicious HTML application that loads a .NET variant of the ransomware into memory. Upon executi…
Downloadable IOCs 5
RAT Distributed as UUEncoding (UUE) File
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated through phishing emails containing an attachment exploiting the Unix-to-Unix Encoding (UUE) technique. The encoded file loads an obfuscated VBScript that fetches additional mal…
Downloadable IOCs 3
APT Attacks Using Cloud Storage
The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to distribute malware and collect user information. The attack process starts with a malicious shortcut file (LNK) that executes PowerShell scripts to download decoy documen…
Downloadable IOCs 1
SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
This report details a series of attacks targeting South Korean companies, particularly defense contractors, automobile part manufacturers, and semiconductor manufacturers. The threat actor initially deployed malware strains associated with the Kimsuky group, such as MultiRDP and Meterpreter, but la…
Downloadable IOCs 19
Search & Spoof: Abuse of Windows Search to Redirect to Malware
Trustwave SpiderLabs has uncovered a sophisticated malicious campaign that exploits the Windows search functionality embedded in HTML code to deploy malware. The campaign initiates with a suspicious email containing an HTML attachment masquerading as a routine document like an invoice. Once opened,…
Downloadable IOCs 2
Update: CVE-2024-4577 quickly weaponized to distribute Ransomware
The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. The attackers use the vulnerability to execute arbitrary PHP code and run a malicious HTML application that loads a .NET variant of the ransomware into memory. Upon executi…
Downloadable IOCs 5
RAT Distributed as UUEncoding (UUE) File
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated through phishing emails containing an attachment exploiting the Unix-to-Unix Encoding (UUE) technique. The encoded file loads an obfuscated VBScript that fetches additional mal…
Downloadable IOCs 3
APT Attacks Using Cloud Storage
The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to distribute malware and collect user information. The attack process starts with a malicious shortcut file (LNK) that executes PowerShell scripts to download decoy documen…
Downloadable IOCs 1
SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
This report details a series of attacks targeting South Korean companies, particularly defense contractors, automobile part manufacturers, and semiconductor manufacturers. The threat actor initially deployed malware strains associated with the Kimsuky group, such as MultiRDP and Meterpreter, but la…
Downloadable IOCs 19