Tag: 2024-07-31
4 attack reports | 105 vulnerabilities
Attack reports
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT
This analysis examines a recent malware campaign involving a dropper dubbed Gh0stGambit, which is employed to retrieve and execute encrypted payloads, specifically a variant of the notorious Gh0st Remote Access Trojan (RAT). The report details the multi-stage infection process, including the use of…
Downloadable IOCs 6
Threat actor impersonates Google via fake ad for Authenticator
An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…
Downloadable IOCs 5
Mint Stealer: A Comprehensive Study of a Python-Based Information Stealer
At Cyfirma, this report offers a comprehensive analysis of Mint Stealer, an information-stealing malware operating within a malware-as-a-service (MaaS) framework. Mint Stealer targets sensitive data and uses sophisticated techniques to evade detection. This in-depth study explores Mint Stealer's ev…
Downloadable IOCs 10
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT
This analysis examines a recent malware campaign involving a dropper dubbed Gh0stGambit, which is employed to retrieve and execute encrypted payloads, specifically a variant of the notorious Gh0st Remote Access Trojan (RAT). The report details the multi-stage infection process, including the use of…
Downloadable IOCs 6
Threat actor impersonates Google via fake ad for Authenticator
An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…
Downloadable IOCs 5
Mint Stealer: A Comprehensive Study of a Python-Based Information Stealer
At Cyfirma, this report offers a comprehensive analysis of Mint Stealer, an information-stealing malware operating within a malware-as-a-service (MaaS) framework. Mint Stealer targets sensitive data and uses sophisticated techniques to evade detection. This in-depth study explores Mint Stealer's ev…
Downloadable IOCs 10
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT
This analysis examines a recent malware campaign involving a dropper dubbed Gh0stGambit, which is employed to retrieve and execute encrypted payloads, specifically a variant of the notorious Gh0st Remote Access Trojan (RAT). The report details the multi-stage infection process, including the use of…
Downloadable IOCs 6
Threat actor impersonates Google via fake ad for Authenticator
An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…
Downloadable IOCs 5
Mint Stealer: A Comprehensive Study of a Python-Based Information Stealer
At Cyfirma, this report offers a comprehensive analysis of Mint Stealer, an information-stealing malware operating within a malware-as-a-service (MaaS) framework. Mint Stealer targets sensitive data and uses sophisticated techniques to evade detection. This in-depth study explores Mint Stealer's ev…
Downloadable IOCs 10
Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which …
Downloadable IOCs 5
Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT
This analysis examines a recent malware campaign involving a dropper dubbed Gh0stGambit, which is employed to retrieve and execute encrypted payloads, specifically a variant of the notorious Gh0st Remote Access Trojan (RAT). The report details the multi-stage infection process, including the use of…
Downloadable IOCs 6
Threat actor impersonates Google via fake ad for Authenticator
An unknown threat actor created a deceptive advertisement that appeared as if it was from a reputable company, enticing users to click on it and visit a malicious website. The site hosted a digitally signed malicious file disguised as a popular multi-factor authentication application. Upon executio…
Downloadable IOCs 5
Mint Stealer: A Comprehensive Study of a Python-Based Information Stealer
At Cyfirma, this report offers a comprehensive analysis of Mint Stealer, an information-stealing malware operating within a malware-as-a-service (MaaS) framework. Mint Stealer targets sensitive data and uses sophisticated techniques to evade detection. This in-depth study explores Mint Stealer's ev…
Downloadable IOCs 10