Tag: cobaltstrike

The report discusses recent attacks by APT-C-00 (OceanLotus), a state-sponsored hacking group. It analyzes two types of loaders used in their 2024 campaigns: a double loader and a VMP-protected version. The double loader consists of two modules: an MSVC DLL for initial information gathering and a G…

Downloadable IOCs 1

A Chinese Advanced Persistent Threat (APT) group has been exploiting MSC files using a new diskless shellcode technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia, focusing on the Philippines, Vietnam, and Taiwan. The attack chain involves down…

Downloadable IOCs 30

The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of BlackSuit ransomware approximately 15 days later. The threat actor demonstrated an array of tactics, leveraging tools like Cobalt Strike, Sharphound, and SystemBC, alongside…

Downloadable IOCs 16

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, …

Downloadable IOCs 14

This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contact…

Downloadable IOCs 4

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer inject…

Downloadable IOCs 11

The report discusses recent attacks by APT-C-00 (OceanLotus), a state-sponsored hacking group. It analyzes two types of loaders used in their 2024 campaigns: a double loader and a VMP-protected version. The double loader consists of two modules: an MSVC DLL for initial information gathering and a G…

Downloadable IOCs 1

A Chinese Advanced Persistent Threat (APT) group has been exploiting MSC files using a new diskless shellcode technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia, focusing on the Philippines, Vietnam, and Taiwan. The attack chain involves down…

Downloadable IOCs 30

The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of BlackSuit ransomware approximately 15 days later. The threat actor demonstrated an array of tactics, leveraging tools like Cobalt Strike, Sharphound, and SystemBC, alongside…

Downloadable IOCs 16

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, …

Downloadable IOCs 14

This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contact…

Downloadable IOCs 4

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer inject…

Downloadable IOCs 11

The report discusses recent attacks by APT-C-00 (OceanLotus), a state-sponsored hacking group. It analyzes two types of loaders used in their 2024 campaigns: a double loader and a VMP-protected version. The double loader consists of two modules: an MSVC DLL for initial information gathering and a G…

Downloadable IOCs 1

A Chinese Advanced Persistent Threat (APT) group has been exploiting MSC files using a new diskless shellcode technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia, focusing on the Philippines, Vietnam, and Taiwan. The attack chain involves down…

Downloadable IOCs 30

The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of BlackSuit ransomware approximately 15 days later. The threat actor demonstrated an array of tactics, leveraging tools like Cobalt Strike, Sharphound, and SystemBC, alongside…

Downloadable IOCs 16

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, …

Downloadable IOCs 14

This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contact…

Downloadable IOCs 4

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer inject…

Downloadable IOCs 11

The report discusses recent attacks by APT-C-00 (OceanLotus), a state-sponsored hacking group. It analyzes two types of loaders used in their 2024 campaigns: a double loader and a VMP-protected version. The double loader consists of two modules: an MSVC DLL for initial information gathering and a G…

Downloadable IOCs 1

A Chinese Advanced Persistent Threat (APT) group has been exploiting MSC files using a new diskless shellcode technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia, focusing on the Philippines, Vietnam, and Taiwan. The attack chain involves down…

Downloadable IOCs 30

The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of BlackSuit ransomware approximately 15 days later. The threat actor demonstrated an array of tactics, leveraging tools like Cobalt Strike, Sharphound, and SystemBC, alongside…

Downloadable IOCs 16

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, …

Downloadable IOCs 14

This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contact…

Downloadable IOCs 4

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer inject…

Downloadable IOCs 11

The report discusses recent attacks by APT-C-00 (OceanLotus), a state-sponsored hacking group. It analyzes two types of loaders used in their 2024 campaigns: a double loader and a VMP-protected version. The double loader consists of two modules: an MSVC DLL for initial information gathering and a G…

Downloadable IOCs 1

A Chinese Advanced Persistent Threat (APT) group has been exploiting MSC files using a new diskless shellcode technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia, focusing on the Philippines, Vietnam, and Taiwan. The attack chain involves down…

Downloadable IOCs 30

The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of BlackSuit ransomware approximately 15 days later. The threat actor demonstrated an array of tactics, leveraging tools like Cobalt Strike, Sharphound, and SystemBC, alongside…

Downloadable IOCs 16

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, …

Downloadable IOCs 14

This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contact…

Downloadable IOCs 4

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer inject…

Downloadable IOCs 11

The report discusses recent attacks by APT-C-00 (OceanLotus), a state-sponsored hacking group. It analyzes two types of loaders used in their 2024 campaigns: a double loader and a VMP-protected version. The double loader consists of two modules: an MSVC DLL for initial information gathering and a G…

Downloadable IOCs 1

A Chinese Advanced Persistent Threat (APT) group has been exploiting MSC files using a new diskless shellcode technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia, focusing on the Philippines, Vietnam, and Taiwan. The attack chain involves down…

Downloadable IOCs 30

The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of BlackSuit ransomware approximately 15 days later. The threat actor demonstrated an array of tactics, leveraging tools like Cobalt Strike, Sharphound, and SystemBC, alongside…

Downloadable IOCs 16

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, …

Downloadable IOCs 14

This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contact…

Downloadable IOCs 4

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer inject…

Downloadable IOCs 11

The report discusses recent attacks by APT-C-00 (OceanLotus), a state-sponsored hacking group. It analyzes two types of loaders used in their 2024 campaigns: a double loader and a VMP-protected version. The double loader consists of two modules: an MSVC DLL for initial information gathering and a G…

Downloadable IOCs 1

A Chinese Advanced Persistent Threat (APT) group has been exploiting MSC files using a new diskless shellcode technique. The campaign primarily targets government agencies and critical infrastructure in Southeast Asia, focusing on the Philippines, Vietnam, and Taiwan. The attack chain involves down…

Downloadable IOCs 30

The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of BlackSuit ransomware approximately 15 days later. The threat actor demonstrated an array of tactics, leveraging tools like Cobalt Strike, Sharphound, and SystemBC, alongside…

Downloadable IOCs 16

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…

Downloadable IOCs 13

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, …

Downloadable IOCs 14

This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the CobaltStrike penetration testing tool. The attack commences with an obfuscated JScript loader distributed through suspected phishing campaigns. Upon execution, it contact…

Downloadable IOCs 4

Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. The compromised installer was distributed through a typo-squatted domain and appeared in search results for the legitimate software. When executed, the installer inject…

Downloadable IOCs 11