Title |
Published |
Tags |
Description |
Number of indicators |
Targeted Iranian Attacks Against Iraqi Government Infrastructure |
Sept. 12, 2024, 8:21 a.m. |
|
Check Point Research uncovered a new malware campaign targeting Iraqi government entities, employing custom tools named Veaty and… |
16 |
Loki: a new private agent for the popular Mythic framework |
Sept. 9, 2024, 9:22 a.m. |
|
Kaspersky researchers discovered a previously unknown Loki backdoor, utilized in a series of targeted attacks. Analysis revealed … |
7 |
Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders |
Sept. 3, 2024, 8:02 a.m. |
|
A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least f… |
46 |
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations |
Aug. 30, 2024, 5:46 p.m. |
|
Between April and July 2024, Iranian state-sponsored threat actor Peach Sandstorm deployed a new custom multi-stage backdoor call… |
9 |
HZ Rat backdoor for macOS harvests data from WeChat and DingTalk |
Aug. 27, 2024, 3:12 p.m. |
|
A version of the HZ Rat backdoor targeting users of China’s WeChat and DingTalk was uploaded to VirusTotal in July 2023 and was n… |
10 |
A Dive into Latest Campaign |
Aug. 9, 2024, 8:15 p.m. |
|
Earth Baku, an advanced persistent threat actor, has broadened its operations from the Indo-Pacific region to Europe, the Middle … |
30 |
Hackers Leveraging OneDrive Or Google Drive To Hide Malicious Traffic |
Aug. 7, 2024, 4:11 p.m. |
|
Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Dr… |
20 |
Fighting Ursa Luring Targets With Car for Sale |
Aug. 5, 2024, 8:30 a.m. |
|
This analysis examines a campaign attributed to the Russian threat actor Fighting Ursa, also known as APT28, Fancy Bear, and Sofa… |
6 |
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor |
Aug. 2, 2024, 9:57 a.m. |
|
Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service … |
8 |
Patch or Peril: A Veeam vulnerability incident |
July 12, 2024, 5:31 p.m. |
|
While the vulnerability CVE-2023-27532 was made public in March 2023 and subsequently patched by Veeam for versions 12/11a and la… |
2 |
MoonWalk |
July 12, 2024, 4:11 p.m. |
|
This blog post examines MoonWalk, a new backdoor employed by APT41, a China-based threat actor known for campaigns in Southeast A… |
3 |
Turla: A Master of Deception |
July 8, 2024, 10:45 a.m. |
|
This report details a recent campaign by the Turla threat group involving malicious LNK files that deliver a fileless backdoor. T… |
10 |
Attack Case against HFS (HTTP File Server) Server (Suspected CVE-2024-23692) |
July 3, 2024, 11:39 a.m. |
|
A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute mal… |
14 |
Appearance of Kimsuky group's new backdoor (HappyDoor) |
July 1, 2024, 10:37 a.m. |
|
Asec Ahnlab analyzes a new backdoor malware called HappyDoor used by the North Korean hacking group Kimsuky in recent email attac… |
16 |
Malicious npm package targets AWS users |
June 27, 2024, 7:58 a.m. |
|
ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked … |
3 |
North Korean based backdoor packs a punch |
June 21, 2024, 6:47 a.m. |
|
This report analyzes a new threat campaign discovered in late May, featuring multiple layers and ultimately delivering a previous… |
20 |
Sustained Campaign Using Chinese Espionage Tools Targets Telcos |
June 20, 2024, 4:46 p.m. |
|
Attackers using tools associated with Chinese espionage groups have breached multiple telecom operators in a single Asian country… |
47 |
Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework |
June 19, 2024, 11:37 a.m. |
|
Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows … |
46 |
SolarMarker Impersonates Job Employment Website |
June 18, 2024, 9:45 p.m. |
|
On April 2024, Cyber Analysts responded to a SolarMarker infection event. The infection occurred through a drive-by download when… |
6 |
Dipping into Danger: The WARMCOOKIE backdoor |
June 12, 2024, 10:41 a.m. |
|
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCO… |
6 |
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment |
June 10, 2024, 11:03 a.m. |
|
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial a… |
33 |
Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor |
June 6, 2024, 12:27 p.m. |
|
Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module… |
11 |
Wineloader - Analysis of the Infection Chain |
June 6, 2024, 8:13 a.m. |
|
The analysis examines the Wineloader backdoor, a modular malware attributed to the APT29 threat group, which allows further tools… |
9 |
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack |
May 24, 2024, 1:29 p.m. |
|
Rapid7 discovered that version 8.3.7 of the JAVS Viewer software from Justice AV Solutions contained a backdoor installer allowin… |
10 |
Springtail: New Linux Backdoor Added to Toolkit |
May 16, 2024, 4:46 p.m. |
|
Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage… |
20 |
To the Moon and back(doors): Lunar landing in diplomatic missions |
May 16, 2024, 9:35 a.m. |
|
ESET researchers discovered two previously unknown backdoors – LunarWeb and LunarMail – compromising a European ministry of forei… |
12 |
LNK File Disguised as Certificate Distributing RokRAT Malware |
May 7, 2024, 8:32 a.m. |
|
This analysis delves into the continuous distribution of malicious shortcut files (*.LNK) targeting South Korean users, particula… |
4 |
Playing Possum: What's the Backdoor Up To? |
May 3, 2024, 10:47 a.m. |
|
This report analyzes the Wpeeper backdoor targeting Android systems. Wpeeper utilizes compromised WordPress sites as relay C2 ser… |
98 |