Tag: email campaigns

5 Attack Reports | 0 Vulnerabilities

Attack reports

(Don't) TrustConnect: It's a RAT in an RMM hat

A new malware-as-a-service (MaaS) called TrustConnect has been discovered masquerading as a legitimate remote monitoring and management (RMM) tool. The malware, classified as a remote access trojan (RAT), uses a fake business website as its command and control center and MaaS portal. Priced at $300…
cybercrime
malware-as-a-service
email campaigns
remote access trojan
c2 infrastructure
digital signatures
rmm abuse
2026-02-19
docconnect
trustconnect
trustconnect rat
Published: February 19, 2026
Downloadable IOCs: 10

Can't stop, won't stop: TA584 innovates initial access

TA584, a prominent initial access broker targeting organizations globally, demonstrated significant changes in attack strategies throughout 2025. The actor expanded its global targeting, adopted ClickFix social engineering techniques, and began delivering new malware called Tsundere Bot. TA584's op…
xworm
social engineering
cobalt strike
cybercrime
dcrat
email campaigns
warmcookie
clickfix
initial access broker
malware delivery
xeno rat
ursnif
tsundere bot
2026-01-28
ldr4
Published: January 28, 2026
Downloadable IOCs: 7

Remote Monitoring and Management (RMM) Tooling Increasingly an Attacker's First Choice

Threat actors are increasingly using legitimate remote monitoring and management (RMM) tools as initial payloads in email campaigns. This trend aligns with a decrease in the use of traditional loaders and botnets by initial access brokers. RMMs can be exploited for data collection, financial theft,…
screenconnect
rmm
remcos
lumma stealer
asyncrat
remote access
cybercrime
grandoreiro
email campaigns
netsupport
astaroth
initial access
2025-03-12
guildma
atera
mispadu
bluetrait
fleetdeck
Published: March 12, 2025
Downloadable IOCs: 15

Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS)

This analysis explores the Rockstar 2FA phishing-as-a-service kit, focusing on real-world email campaign examples. It highlights various techniques used by attackers, including the abuse of legitimate services for FUD (Fully Undetectable) links, such as Microsoft OneDrive, OneNote, Dynamics 365, At…
phishing
aitm
email campaigns
microsoft 365
2024-12-03
phishing-as-a-service
dadsec
rockstar 2fa
2024-12-04
rockstar
Published: December 4, 2024
Downloadable IOCs: 51

DarkGate switches up its tactics with new payload, email templates

This analysis delves into a recent surge of malicious email campaigns by the DarkGate threat actor, employing novel tactics to distribute malware. These campaigns leverage a technique called 'Remote Template Injection' to bypass security controls and deceive recipients into executing malicious code…
autohotkey
darkgate
malspam
2024-06-06
template injection
email campaigns
in-memory execution
Published: June 6, 2024
Downloadable IOCs: 12
Click here to see more Attack Reports