Today > 1 Critical | 10 High | 25 Medium vulnerabilities - You can now download lists of IOCs here!
3 attack reports | 0 vulnerabilities
LegionLoader, also known as Satacom, CurlyGate, and RobotDropper, is an active downloader malware that has gained significant traction recently, amassing over 2,000 samples in weeks. The campaign appears to have started on December 19, 2024, with Brazil being the most affected country. The malware …
This analysis examines HeartCrypt, a new packer-as-a-service (PaaS) used to protect malware. Developed since July 2023 and launched in February 2024, HeartCrypt charges $20 per file to pack Windows x86 and .NET payloads. It is primarily used by malware operators of families like LummaStealer, Remco…
Zharkbot is a C++ downloader with extensive anti-analysis and anti-sandbox features. It uses in-line string encryption and API calls, making static and emulation analysis challenging. The malware performs sandbox detection by checking for specific usernames and hypervisors. It installs itself in th…