Tag: 2024-10-03
4 attack reports | 56 vulnerabilities
Attack reports
Stonefly: Extortion Attacks Continue Against U.S. Targets
In several of the attacks, Stonefly’s custom malware Backdoor.Preft (aka Dtrack, Valefor) was deployed. This tool is exclusively associated with the group. In addition to this, several Stonefly indicators of compromise recently documented by Microsoft were found on the compromised networks. The att…
Downloadable IOCs 50
XWorm: Analysis of Latest Version and Execution Flow
XWorm, a versatile tool discovered in 2022, enables attackers to access sensitive information, gain remote access, and deploy additional malware. The latest version's infection chain begins with a Windows Script File downloading a PowerShell script from paste.ee. This script creates multiple files,…
Downloadable IOCs 8
The Dark Knight Returns: Joker malware analysis
The report details sophisticated command and control (C2) techniques employed by the APT41 threat group. APT41 uses custom malware and legitimate tools to maintain persistent access to compromised networks while evading detection. Key techniques include DNS tunneling, domain fronting, and steganogr…
Downloadable IOCs 8
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
This intelligence report details a sophisticated malware campaign targeting multiple industries across various countries. The threat actor employs advanced tactics, techniques, and procedures (TTPs) to infiltrate networks, maintain persistence, and exfiltrate sensitive data. The malware used in thi…
Downloadable IOCs 16