Tag: 2024-11-06
8 attack reports | 95 vulnerabilities
Attack reports
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
A large-scale phishing campaign deploying the latest version of Rhadamanthys stealer (0.7) has been discovered. The campaign, dubbed CopyRh(ight)adamantys, uses copyright infringement claims to target various regions globally. It impersonates numerous companies, mainly from Entertainment/Media and …
Downloadable IOCs 0
RunningRAT’s Next Move: From Remote Access to Crypto Mining for Profit
RunningRAT, a remote access trojan initially observed in 2018 targeting the Pyeongchang Winter Olympics, has evolved its capabilities to include cryptocurrency mining. This shift indicates an expansion of the malware's operational focus. The analysis reveals the discovery of RunningRAT samples in o…
Downloadable IOCs 11
New Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps
A command-and-control framework called Winos 4.0 is being distributed through gaming-related applications, targeting Chinese-speaking users. The malware, rebuilt from Gh0st RAT, uses a multi-stage infection process involving fake BMP files, DLLs, and shellcode. It can harvest system information, ca…
Downloadable IOCs 2
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
A new Gootloader variant has been discovered using search engine optimization (SEO) poisoning to target Australian Bengal cat enthusiasts. The campaign uses Google search results for 'Are Bengal Cats legal in Australia?' to deliver malicious payloads. When users click on compromised links, a zip fi…
Downloadable IOCs 14
New Trend in MSI File Abuse: New Use of MST Files to Deliver Tromas
The New OceanLotus group has reactivated after a year, employing a novel tactic of MSI file misuse. This APT campaign, targeting a domestic governmental enterprise, marks the first observed use of the MSI TRANSFORMS technique by an APT group. The attack utilizes a legitimate Microsoft installation …
Downloadable IOCs 0
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
A new Android banking Trojan called ToxicPanda has emerged, targeting Europe and Latin America. Originating from Chinese-speaking threat actors, it has infected over 1500 devices across Italy, Portugal, Spain, and other countries. ToxicPanda exploits accessibility services for account takeovers and…
Downloadable IOCs 19
Analysis of Cyber Reconnaissance Activities Behind APT37 Threats
The report analyzes the covert cyber reconnaissance activities of the state-sponsored APT37 group targeting South Korea. The group uses spear-phishing emails with malicious LNK files to deploy the RoKRAT malware, collecting sensitive information from victims' devices. The attackers employ various t…
Downloadable IOCs 20
North Korean remote workers landing jobs in the West
North Korean threat actors are utilizing Contagious Interview and WageMole campaigns to secure remote employment in Western countries, evading financial sanctions. The Contagious Interview campaign has been updated with improved script obfuscation and multi-platform support, targeting over 100 devi…
Downloadable IOCs 56