Tag: 2024-09-03
3 attack reports | 72 vulnerabilities
Attack reports
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
Multiple Microsoft Office documents generated by the MacroPack framework have been discovered, likely used by malicious actors to deploy various payloads. These documents, uploaded to VirusTotal between May and July 2024, originated from different countries including China, Pakistan, Russia, and th…
Downloadable IOCs 16
Zharkbot Strings
Zharkbot is a C++ downloader with extensive anti-analysis and anti-sandbox features. It uses in-line string encryption and API calls, making static and emulation analysis challenging. The malware performs sandbox detection by checking for specific usernames and hypervisors. It installs itself in th…
Downloadable IOCs 2
Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders
A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved…
Downloadable IOCs 46
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
Multiple Microsoft Office documents generated by the MacroPack framework have been discovered, likely used by malicious actors to deploy various payloads. These documents, uploaded to VirusTotal between May and July 2024, originated from different countries including China, Pakistan, Russia, and th…
Downloadable IOCs 16
Zharkbot Strings
Zharkbot is a C++ downloader with extensive anti-analysis and anti-sandbox features. It uses in-line string encryption and API calls, making static and emulation analysis challenging. The malware performs sandbox detection by checking for specific usernames and hypervisors. It installs itself in th…
Downloadable IOCs 2
Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders
A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved…
Downloadable IOCs 46
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads
Multiple Microsoft Office documents generated by the MacroPack framework have been discovered, likely used by malicious actors to deploy various payloads. These documents, uploaded to VirusTotal between May and July 2024, originated from different countries including China, Pakistan, Russia, and th…
Downloadable IOCs 16
Zharkbot Strings
Zharkbot is a C++ downloader with extensive anti-analysis and anti-sandbox features. It uses in-line string encryption and API calls, making static and emulation analysis challenging. The malware performs sandbox detection by checking for specific usernames and hypervisors. It installs itself in th…
Downloadable IOCs 2
Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders
A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved…
Downloadable IOCs 46