Tag: 2024-11-05
5 attack reports | 219 vulnerabilities
Attack reports
Supply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform Malware
A sophisticated supply chain attack has been discovered targeting the NPM ecosystem. The malicious package 'jest-fet-mock' impersonates popular testing utilities and uses Ethereum smart contracts for command-and-control operations. This cross-platform malware affects Windows, Linux, and macOS, exec…
Downloadable IOCs 4
Investigating a SharePoint Compromise: IR Tales from the Field
An incident response investigation uncovered an attacker who exploited a SharePoint vulnerability (CVE-2024-38094) to gain initial access. The attacker remained undetected for two weeks, moving laterally across the network and compromising the entire domain. Key tactics included installing Horoung …
Downloadable IOCs 8
Attempts to disrupt Russian businesses with MetaStealer
A previously unknown threat actor, Venture Wolf, has been targeting Russian businesses since November 2023. The group uses multiple loaders to deliver MetaStealer, a malware that focuses on manufacturing, construction, IT, and telecommunications industries. The campaign involves disseminating archi…
Downloadable IOCs 20
Python RAT with a Nice Screensharing Feature
A Python Remote Access Trojan (RAT) with advanced capabilities, including a notable screensharing feature, has been discovered. The RAT, based on a two-year-old script, has a low detection rate on VirusTotal. It offers numerous functions to control the victim's computer, such as shell access, webca…
Downloadable IOCs 1
Automatically Detecting DNS Hijacking in Passive DNS
This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking …
Downloadable IOCs 37