Tag: cybercrime

47 Attack Reports | 0 Vulnerabilities

Attack reports

Booking.com Phishing Campaign Targeting Hotels and Customers

A sophisticated phishing campaign is targeting the hospitality industry, specifically Booking.com partners and their customers. The attackers first compromise hotel administrators' systems using malware like PureRAT, gaining access to booking management accounts. They then use this access to conduc…
phishing
social engineering
cybercrime
clickfix
hospitality
booking.com
purerat
2025-11-07
Published: November 7, 2025
Downloadable IOCs: 100

Malicious Infrastructure Finds Stability with aurologic GmbH

German hosting provider aurologic GmbH has become a central hub for high-risk hosting networks, providing upstream transit to multiple threat activity enablers. These include sanctioned entities like Aeza Group and other providers associated with cybercrime and disinformation campaigns. aurologic's…
cobalt strike
amadey
asyncrat
cybercrime
rhadamanthys stealer
vidar
phorpiex
dcrat
sliver
latrodectus
disinformation
bianlian
stealc
redline stealer
lumma
meduza stealer
infrastructure
quasarrat
systembc
remcos rat
risepro stealer
darkcomet
dark crystal rat
svcstealer
hosting
castleloader
2025-11-06
moobot
neutrality
transit
sanctions
thc hydra
upstream
tinyloader
abuse
aurologic
destiny stealer
aurotun
castlerat
Published: November 6, 2025
Downloadable IOCs: 23

Remote access, real cargo: cybercriminals targeting trucking and logistics

Cybercriminals are targeting trucking and logistics companies to steal cargo freight through elaborate attack chains. They compromise companies and use their access to bid on cargo shipments, which they then steal and sell. The threat actors typically deliver remote monitoring and management (RMM) …
screenconnect
phishing
social engineering
supply chain
lumma stealer
cybercrime
danabot
netsupport
stealc
simplehelp
fleetdeck
n-able
pdq connect
logistics
2025-11-03
cargo theft
logmein resolve
trucking
remote monitoring tools
Published: November 3, 2025
Downloadable IOCs: 39

UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud

A Chinese-speaking cybercrime group, UAT-8099, is targeting high-value Internet Information Services (IIS) servers for search engine optimization fraud and data theft. The group focuses on reputable servers in India, Thailand, Vietnam, Canada, and Brazil, affecting universities, tech firms, and tel…
data theft
cobalt strike
cybercrime
badiis
chinese-speaking
web shells
seo fraud
2025-10-02
iis servers
Published: October 2, 2025
Downloadable IOCs: 80

SystemBC – Bringing the Noise

The SystemBC botnet, composed of over 80 C2s and 1,500 daily victims, primarily targets VPS systems from commercial providers. It creates proxies enabling high volumes of malicious traffic for various criminal threat groups. The network is used by multiple proxy services, including REM Proxy, which…
ransomware
icedid
botnet
cybercrime
proxy
infrastructure
ngioweb
systembc
morpheus
trickbot
transferloader
vps
2025-09-25
avoslocker
rem proxy
malicious traffic
Published: September 25, 2025
Downloadable IOCs: 158

The Most Powerful Ever? Inside the 11.5Tbps-Scale Mega Botnet AISURU

The AISURU botnet has emerged as a formidable threat, capable of launching massive DDoS attacks reaching 11.5 Tbps. First disclosed in 2024, it expanded significantly in 2025 by compromising a router firmware update server. The botnet, with approximately 300,000 nodes, is operated by a group of thr…
encryption
ddos
botnet
router
cybercrime
proxy
CVE-2022-35733
CVE-2023-50381
vulnerabilities
firmware
airashi
aisuru
CVE-2024-3721
2025-09-25
CVE-2017-5259
CVE-2013-5948
CVE-2013-1599
CVE-2023-28771
CVE-2022-44149
CVE-2013-3307
Published: September 25, 2025
Linked vulnerabilities : CVE-2023-50381 (CVSS 7.2), CVE-2023-28771, CVE-2024-3721, CVE-2022-35733, CVE-2013-1599, CVE-2022-44149, CVE-2013-5948, CVE-2013-3307, CVE-2017-5259
Downloadable IOCs: 11

Under the Pure Curtain: From RAT to Builder to Coder

Check Point Research conducted a forensic analysis of a ClickFix campaign that deployed multiple tools, including a Rust Loader, PureHVNC RAT, and the Sliver command-and-control framework. The analysis provided comprehensive insights into PureHVNC RAT, including its commands and plugins. The invest…
rat
cybercrime
purecrypter
github
purelogs
clickfix
purehvnc
purerat
2025-09-16
rust loader
pureminer
purehvnc rat
blue loader
Published: September 16, 2025
Downloadable IOCs: 0

Massive IPTV Piracy Network Uncovered

A large-scale Internet Protocol Television (IPTV) piracy network has been discovered, spanning over 1,000 domains and 10,000 IP addresses. Two companies, XuiOne and Tiyansoft, were identified as profiting from hosting pirated content. The network affects more than 20 major brands, including Prime V…
cybercrime
2025-09-05
piracy
iptv
xuione
digital content
infrastructure mapping
streaming
brand protection
tiyansoft
Published: September 5, 2025
Downloadable IOCs: 11

Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers

Proofpoint researchers have observed an increase in cybercriminals using Stealerium-based malware, an open-source infostealer available on GitHub. Multiple stealers share code with Stealerium, including Phantom Stealer. Campaigns delivering Stealerium have used various lures and file types, targeti…
infostealer
anti-analysis
cybercrime
data exfiltration
snake keylogger
stealerium
2025-09-04
warp stealer
phantom stealer
Published: September 4, 2025
Downloadable IOCs: 8

Behind the Curtain: How Lumma Affiliates Operate

This analysis reveals the complex operations of Lumma affiliates within a vast information-stealing ecosystem. Affiliates utilize various tools and services, including proxy networks, VPNs, anti-detect browsers, and crypting services. The investigation uncovered previously undocumented tools and sh…
infostealer
cybercrime
vidar
proxy
vpn
stealc
lumma
meduza stealer
affiliate
craxsrat
underground forums
2025-08-20
crypting
anti-detect browser
Published: August 20, 2025
Downloadable IOCs: 0

"Click to Allow" Robot Exposes Online Fraud Empire

VexTrio, a cybercriminal organization, has been exposed for running a vast online fraud empire involving scams, spam, and malicious apps. Their operations include fake dating sites, cryptocurrency scams, and deceptive apps that have been downloaded millions of times. VexTrio uses sophisticated traf…
spam
cybercrime
scams
traffic distribution
cryptocurrency fraud
affiliate marketing
malicious apps
2025-08-12
dating scams
Published: August 12, 2025
Downloadable IOCs: 28

DanaBot C2 Server Memory Leak Bug

A critical vulnerability named DanaBleed was discovered in DanaBot's C2 server, causing memory leaks from June 2022 to early 2025. This bug, introduced in version 2380, exposed sensitive information including threat actor details, server data, and victim credentials. The leak resulted from uninitia…
vulnerability
cybercrime
danabot
malware-as-a-service
c2 server
smokeloader
operation endgame
information theft
2025-06-10
danableed
banking fraud
memory leak
Published: June 10, 2025
Downloadable IOCs: 2

Danabot: Analyzing a fallen empire

ESET Research shares insights into Danabot, an infostealer recently disrupted by law enforcement. The malware, tracked since 2018, evolved from a banking trojan to a versatile tool for data theft and malware distribution. Operated as a malware-as-a-service, Danabot offered features like data steali…
infostealer
lockbit
data theft
darkgate
zloader
botnet
lumma stealer
matanbuchus
cybercrime
danabot
latrodectus
malware-as-a-service
smokeloader
banking trojan
systembc
buran
rescoms
recordbreaker
ursnif
2025-05-23
2025-05-25
nonransomware
proxy servers
crisis
c&c infrastructure
malware-as-service
Published: May 25, 2025
Downloadable IOCs: 1

Where to Find Aspiring Hackers

This analysis focuses on Proton66, a bulletproof hosting network enabling cybercrime operations and serving as a hub for aspiring cybercriminals. It examines the activities of a threat actor known as 'Coquettte,' who is linked to the Horrid hacking group. The investigation reveals a fake cybersecur…
amadey
lumma stealer
cybercrime
vidar
infostealers
penguish
rugmi
2025-04-04
rescoms
proton66
bulletproof hosting
recordbreaker
horrid hacking group
amateur hackers
fake cybersecurity
rugmi malware
Published: April 4, 2025
Downloadable IOCs: 0

Money Laundering 101, and why there is concern

This newsletter discusses the process of money laundering in the context of cybercrime, particularly ransomware attacks. It explains the three basic steps of money laundering: placement, layering, and integration. The author expresses concern about regulatory changes that might facilitate easier mo…
malware
ransomware
cryptocurrency
spam
cybercrime
email security
w32.file.malparent
coinminer:mbt.26mw.in14.talos
2025-03-28
trojan.generickd.33515991
money laundering
simple_custom_detection
regulatory changes
Published: March 28, 2025
Downloadable IOCs: 0

VanHelsing: New RaaS in Town

VanHelsing RaaS, a new ransomware-as-a-service program launched on March 7, 2025, has quickly gained traction in the cybercrime world. With a low $5,000 deposit for affiliates, it offers an 80% cut of ransom payments. The service provides a user-friendly control panel and targets multiple platforms…
encryption
cybercrime
ransomware-as-a-service
evasion techniques
multi-platform
2025-03-23
vanhelsing
affiliate program
Published: March 23, 2025
Downloadable IOCs: 0

Dragon RaaS | Pro-Russian Hacktivist Group Aims to Build on "The Five Families" Cybercrime Reputation

Dragon RaaS is a ransomware group that emerged in July 2024 as an offshoot of Stormous, part of a larger cybercrime syndicate known as 'The Five Families'. The group markets itself as a sophisticated Ransomware-as-a-Service operation but often conducts defacements and opportunistic attacks rather t…
ransomware
cybercrime
CVE-2024-3806
CVE-2024-3807
CVE-2024-3808
CVE-2024-3809
hacktivism
webshell
vulnerability exploitation
CVE-2024-47374
2025-03-19
defacement
stormcry
CVE-2022-0073
CVE-2023-2359
CVE-2023-6925
dragon raas
CVE-2023-47784
CVE-2022-0074
pro-russian
Published: March 19, 2025
Downloadable IOCs: 0

Remote Monitoring and Management (RMM) Tooling Increasingly an Attacker's First Choice

Threat actors are increasingly using legitimate remote monitoring and management (RMM) tools as initial payloads in email campaigns. This trend aligns with a decrease in the use of traditional loaders and botnets by initial access brokers. RMMs can be exploited for data collection, financial theft,…
screenconnect
rmm
remcos
lumma stealer
asyncrat
remote access
cybercrime
grandoreiro
email campaigns
netsupport
astaroth
initial access
2025-03-12
guildma
atera
mispadu
bluetrait
fleetdeck
Published: March 12, 2025
Downloadable IOCs: 15

2024 Malicious Infrastructure Insights: Key Trends and Threats

The report highlights significant trends in malicious infrastructure for 2024, including the rise of malware-as-a-service infostealers, continued dominance of Cobalt Strike among offensive security tools, and increased use of legitimate services by threat actors. Key findings include LummaC2's domi…
lummac2
plugx
cobalt strike
asyncrat
cybercrime
infostealers
dcrat
latrodectus
botnets
mobile malware
malicious infrastructure
quasarrat
hook
gobrat
brute ratel c4
remote access trojans
2025-02-28
traffic distribution systems
mozi botnet
state-sponsored groups
command-and-control servers
solarmarker rat
offensive security tools
Published: February 28, 2025
Downloadable IOCs: 0

Finance Report: Who Targets Financial Institutions?

This report provides an overview of key cybercrime and state-sponsored threat actors targeting the financial sector in 2024. It highlights the critical role of Initial Access Brokers in enabling large-scale attacks, the persistent threat of ransomware and extortion groups, and the increasing sophis…
apt
phishing
ransomware
cybercrime
ransomhub
edrkillshifter
rustbucket
goldpickaxe
financial sector
2025-02-20
catb
initial access brokers
jsoutprox
tradertraitor
golddigger
state-sponsored threats
goldkefu
tycoon 2fa
banking trojans
sneaky 2fa
golddiggerplus
Published: February 20, 2025
Downloadable IOCs: 0

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

A malicious botnet called Socks5Systemz is operating a proxy service named PROXY.AM, utilizing over 85,000 compromised devices. The botnet, active since 2013, aims to turn infected systems into proxy exit nodes for cybercriminals seeking to obscure their attack sources. Initially boasting around 25…
botnet
amadey
cybercrime
smokeloader
proxy service
socks5systemz
2024-12-09
privateloader
exit nodes
hacked devices
proxy.am
Published: December 9, 2024
Downloadable IOCs: 2

One Sock Fits All: The use and abuse of the NSOCKS botnet

The ngioweb botnet serves as the foundation for the NSOCKS criminal proxy service, maintaining over 35,000 bots daily across 180 countries. The botnet primarily targets SOHO routers and IoT devices, with two-thirds of proxies based in the U.S. NSOCKS utilizes over 180 'backconnect' C2 nodes to obsc…
ddos
botnet
cybercrime
ngioweb
2024-11-19
nsocks
proxy service
soho routers
shopsocks5
iot devices
vn5socks
Published: November 19, 2024
Downloadable IOCs: 59

Telekopye transitions to targeting tourists via hotel booking scam

ESET researchers have discovered that Telekopye, a Telegram-based toolkit used by cybercriminals to scam people on online marketplaces, has expanded its operations to target users of popular accommodation booking platforms like Booking.com and Airbnb. The scammers, referred to as Neanderthals, now …
phishing
cybercrime
scam
telegram
2024-11-17
telekopye
tourism
booking
marketplace
accommodation
Published: November 17, 2024
Downloadable IOCs: 0

Life on a crooked RedLine: Analyzing the infamous infostealer's backend

This article provides an in-depth analysis of RedLine Stealer, a notorious information-stealing malware. The research focuses on previously undocumented backend modules and the control panel used by affiliates. Key findings include the identification of over 1,000 unique IP addresses hosting RedLin…
infostealer
data theft
meta stealer
cybercrime
malware-as-a-service
redline stealer
2024-11-17
control panel
windows communication framework
backend analysis
Published: November 17, 2024
Downloadable IOCs: 0

DDoS-for-Hire Platform dstat[.]cc Disrupted; Suspects Arrested

German law enforcement authorities have successfully disrupted dstat[.]cc, a criminal service facilitating distributed denial-of-service (DDoS) attacks. The platform provided recommendations and evaluations of stresser services, making DDoS attacks accessible to users without advanced technical ski…
ddos
botnet
cybercrime
2024-11-04
law enforcement
stresser services
drug trafficking
Published: November 4, 2024
Downloadable IOCs: 1

Booking.com Phishers May Leave You With Reservations

A recent spear-phishing campaign targeted a California hotel after its Booking.com credentials were stolen. The scam involved sending targeted messages within the Booking mobile app, claiming additional information was required for anti-fraud purposes. Booking.com confirmed a security incident affe…
phishing
credential theft
cybercrime
2024-11-02
2fa
hospitality
booking.com
travel
Published: November 2, 2024
Downloadable IOCs: 0

Over 10 Million Personal And Corporate Devices Infected By Information Stealers

A significant increase in data-stealing malware infections has been observed, with nearly 10 million devices compromised in 2023, marking a 643% rise over three years. Cybercriminals are using sophisticated distribution methods, including malvertising and YouTube comment spam. On average, 50.9 logi…
data theft
credential theft
redline
cybercrime
vidar
malware-as-a-service
lumma
amos
information stealers
2024-10-22
raccoon
vidar/acr
kral stealer
Published: October 22, 2024
Downloadable IOCs: 0

The Mongolian Skimmer: different clothes, equally dangerous

This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
obfuscation
cybercrime
malicious
skimming
underground
2024-10-14
Published: October 14, 2024
Downloadable IOCs: 13

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…
ransomware
extortion
exfiltration
encryption
cybercrime
2024-09-11
cicada3301
Published: September 11, 2024
Linked vulnerabilities : CVE-2024-1709, CVE-2024-1708
Downloadable IOCs: 8

Threat Assessment: North Korean Threat Groups

This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes their organizational structure, objectives, and the diverse malware families employed in their recent campaigns targeting various industries worldwide. The analysis covers 10…
malware
espionage
cybercrime
northkorea
rats
comebacker
rustbucket
kandykorn
2024-09-10
collectionrat
fullhouse
poolrat
odicloader
objcshellz
pondrat
smoothoperator
Published: September 10, 2024
Downloadable IOCs: 58

2024 Paris Olympic Games Infrastructure Attack Report

This report examines the malicious activities surrounding the 2024 Paris Olympic Games, where adversaries set up fraudulent social media profiles, online stores, ticketing systems, and cryptocurrencies to exploit the event's popularity. Researchers analyzed newly registered domains (NRDs) before th…
phishing
cryptocurrency
cybercrime
fraud
olympics
2024-08-16
Published: August 16, 2024
Downloadable IOCs: 148

FIN7: The Truth Doesn't Need to be so STARK

In this collaborative effort, cybersecurity researchers from Silent Push, Stark Industries Solutions, and Team Cymru have identified and disrupted infrastructure associated with the financially motivated threat group FIN7. The analysis uncovered two clusters of potential FIN7 activity communicating…
cybercrime
2024-08-16
cybersecurity collaboration
financially motivated
threat group
malicious infrastructure
Published: August 16, 2024
Downloadable IOCs: 103

A Dive into Latest Campaign

Earth Baku, an advanced persistent threat actor, has broadened its operations from the Indo-Pacific region to Europe, the Middle East, and Africa, targeting countries like Italy, Germany, UAE, and Qatar. The group leverages public-facing applications like IIS servers as entry points, deploying soph…
backdoor
loader
apt
espionage
cobalt strike
cybercrime
godzilla
stealthvector
2024-08-09
stealthreacher
megacmd
sneakcross
tailscale
rakshasa
Published: August 9, 2024
Downloadable IOCs: 30

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

TrendMicro highlights the dangers of internet-facing routers and elaborates on Pawn Storm's exploitation of EdgeRouters, complementing the FBI's advisory from February 27, 2024. Cybercriminals and nation-state actors share an interest in compromised routers used as an anonymization layer, with cybe…
espionage
botnet
cybercrime
proxy
2024-08-07
routers
ngioweb
sshdoor
Published: August 7, 2024
Downloadable IOCs: 64

Solving the 7777 Botnet enigma: A cybersecurity quest

Sekoia.io investigated the mysterious 7777 botnet (aka Quad7 botnet), which compromised TP-Link routers to relay password spraying attacks against Microsoft 365 accounts. The investigation involved intercepting network communications and malware deployed on a compromised router in France. The findi…
iot
botnet
cybercrime
2024-07-23
microsoft 365
password spraying
xlogin
microsocks
Published: July 23, 2024
Downloadable IOCs: 4

BianLian Ransomware Group: 2024 Activity Analysis

The intelligence report delves into the evolving tactics and operations of the BianLian ransomware group, which has emerged as one of the top three most active ransomware groups. It details the group's shift from encryption tactics to a steal-and-extort model after a decryptor was released. The ana…
ransomware
extortion
cybercrime
bianlian
2024-07-12
data breach
Published: July 12, 2024
Downloadable IOCs: 8

Analysis of Suspected APT Attack Activities by “Silver Fox”

This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and tax entities but has now shifted its focus towards impersonating national institutions and security companies. The analysis involves a phishing website, Winos remote contr…
malware
obfuscation
apt
phishing
cybercrime
winos
2024-07-10
updatedll
Published: July 10, 2024
Downloadable IOCs: 7

How do cryptocurrency drainer phishing scams work?

Cryptodrainer phishing scams have emerged as a significant threat, targeting unsuspecting individuals through deceptive tactics to steal their digital assets. These scams lure victims with promises of profits while covertly siphoning their cryptocurrency. Attackers employ social engineering techniq…
phishing
social engineering
cryptocurrency
financial fraud
cybercrime
2024-07-10
Published: July 10, 2024
Downloadable IOCs: 14

ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution

This intelligence report analyzes the ONNX Store, a phishing-as-a-service platform targeting financial institutions through embedded QR codes in PDF attachments redirecting victims to phishing sites. The report details the platform's features, including two-factor authentication bypass, realistic M…
phishing
credential theft
cybercrime
2024-07-02
onnx store
qrcode
caffeine
fintech
Published: July 2, 2024
Downloadable IOCs: 25

The Digital Legacy of Botnet 911 S5

The report provides an in-depth analysis of the notorious Botnet 911 S5, revealing its origins, operations, and digital remnants. It traces the botnet's evolution, from its inception in 2014 to its eventual demise in 2024, after a joint law enforcement operation. The botnet leveraged free VPN softw…
botnet
cybercrime
2024-06-14
dewvpn
paladinvpn
shield vpn
maskvpn
shinevpn
proxygate
Published: June 14, 2024
Downloadable IOCs: 35

Cybercriminals attack banking customers in EU with V3B phishing kit

An analysis reveals that a cybercriminal group is distributing sophisticated phishing kits to target banking customers in the European Union. These kits, designed to steal sensitive information like credentials and OTP codes, utilize social engineering tactics to deceive victims into revealing pers…
phishing
cybercrime
fraud
social-engineering
banking
2024-06-10
Published: June 10, 2024
Downloadable IOCs: 44

Crimeware report: Acrid, ScarletStealer and Sys01 stealers

This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, employing the 'Heaven's Gate' technique to bypass security controls. ScarletStealer downloads additional executables and Chrome extensions to facilitate data theft. Sys01, …
malware
stealer
data-theft
cybercrime
2024-05-22
acrid
scarletstealer
crimeware
sys01
newb
Published: May 22, 2024
Downloadable IOCs: 5

Deserialization of VIEWSTATE: how an “unpatched” vulnerability plays into the hands of pro-government groups

At the end of 2023, the Solar 4RAYS team was investigating an attack on a Russian telecom company by an Asian advanced persistent threat (APT) group named Obstinate Mogwai (translated as "Stubborn Demon" in English). This group was persistent, repeatedly infiltrating the network until all entry poi…
apt
cybercrime
2024-05-20
asp
viewstate
telco
Published: May 20, 2024
Downloadable IOCs: 9

From Document to Script: Insides of Campaign

This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
obfuscation
phishing
darkgate
campaign
cybercrime
malicious
payload
2024-05-17
autoit
java
Published: May 17, 2024
Downloadable IOCs: 11

Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID

LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolvi…
malware
loader
icedid
cybercrime
2024-05-17
latrodectus
financially-motivated
Published: May 17, 2024
Downloadable IOCs: 7

ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information

This analysis focuses on the recent activities of the ViperSoftX malware strain, which controls infected systems and steals user information. The malware is known to install additional malware payloads, including Quasar RAT and a new infostealer called TesseractStealer. TesseractStealer utilizes th…
malware
cybercrime
infostealers
2024-05-17
quasar rat
tesseractstealer
malware-distribution
vipersoftx
crypto-targeting
Published: May 17, 2024
Downloadable IOCs: 8

Profiling Trafficers: Cerberus

This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the Commonwealth of Independent States (CIS) region. It provides insights into their operations, tactics, and the evolution o…
malware
infostealer
russia
2024-05-05
2024-05-06
2024-05-07
lumma stealer
2024-05-08
aurora stealer
redline
hacking
cybercrime
rhadamanthys stealer
casbaneiro
metamorfo
dracula stealer (samurai)
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 24
Click here to see more Attack Reports