Tag: evasion techniques

22 Attack Reports | 0 Vulnerabilities

Attack reports

Katz Stealer Threat Analysis

Katz Stealer is a sophisticated credential-stealing malware-as-a-service that targets multiple browsers, cryptocurrency wallets, and communication platforms. It employs advanced evasion techniques like geofencing, VM detection, and process hollowing. The infection chain involves obfuscated JavaScri…
cryptocurrency
process-hollowing
credential-stealer
2025-05-26
katz stealer
uac-bypass
browser-targeting
discord-hijacking
evasion-techniques
Published: May 26, 2025
Downloadable IOCs: 34

Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT

A new PowerShell-based shellcode loader has been discovered, designed to execute a variant of Remcos RAT. The attack chain begins with malicious LNK files in ZIP archives, using mshta.exe for initial execution. The loader employs fileless techniques, executing code directly in memory to evade tradi…
powershell
keylogger
process hollowing
remcos rat
evasion techniques
uac bypass
shellcode loader
2025-05-15
tls communication
fileless execution
Published: May 15, 2025
Downloadable IOCs: 5

New Stealer on the Horizon

SvcStealer 2025 is a novel information stealer delivered through spear phishing email attachments. It harvests sensitive data including machine information, installed software, user credentials, cryptocurrency wallets, and browser data. The malware creates a unique folder, terminates specific proce…
cryptocurrency
information stealer
c2 communication
evasion techniques
spear phishing
data harvesting
svcstealer
2025-04-23
Published: April 23, 2025
Downloadable IOCs: 4

Detecting Multi-Stage Infection Chains Madness

This analysis examines a complex multi-stage attack exploiting a resilient network infrastructure known as 'Cloudflare tunnel infrastructure to deliver multiple RATs' since February 2024. The infection chain involves multiple steps, including phishing emails with malicious attachments, execution of…
phishing
asyncrat
infection chain
multi-stage attack
evasion techniques
2025-04-22
cloudflare tunnel
cyber threat intelligence
detection rules
Published: April 22, 2025
Downloadable IOCs: 15

BRICKSTORM Backdoor Analysis: A Persistent Espionage Threat to European Industries

This analysis examines BRICKSTORM, an espionage backdoor linked to China-nexus cluster UNC5221. It details newly identified Windows variants, expanding on previous Linux presence. The backdoor, used in long-term espionage campaigns, targets European industries of strategic interest to China. BRICKS…
backdoor
espionage
brickstorm
evasion techniques
china-nexus
file management
2025-04-16
network tunneling
european industries
Published: April 16, 2025
Downloadable IOCs: 4

ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor

An Arabic-speaking threat actor has been distributing ViperSoftX malware to Korean victims since April 1, 2025. The malware, typically spread through cracked software or torrents, operates as a PowerShell script and communicates with C&C servers. The campaign involves downloading additional malware…
powershell
purecrypter
quasar rat
vipersoftx
evasion techniques
vbs
2025-04-10
c&c communication
arabic-speaking
Published: April 10, 2025
Downloadable IOCs: 0

Silent Credit Card Thief Uncovered

A sophisticated credit card skimming campaign dubbed 'RolandSkimmer' has been discovered, targeting users in Bulgaria. The attack utilizes malicious browser extensions across Chrome, Edge, and Firefox, initiated through a deceptive LNK file. The malware employs obfuscated scripts to establish persi…
persistence
lnk file
evasion techniques
browser extensions
obfuscated scripts
2025-04-04
credit card skimming
financial data theft
rolandskimmer
bulgaria
Published: April 4, 2025
Downloadable IOCs: 0

Delivering Trojans Via ClickFix Captcha

A new social engineering technique exploiting ClickFix Captcha has emerged as an effective method for delivering various types of malware, including Quakbot. This technique deceives users and bypasses security measures by utilizing a seemingly harmless captcha. The process involves redirecting user…
obfuscation
social engineering
powershell
qbot
banking trojan
evasion techniques
2025-04-01
clickfix captcha
php dropper
quakbot
Published: April 1, 2025
Downloadable IOCs: 0

VanHelsing: New RaaS in Town

VanHelsing RaaS, a new ransomware-as-a-service program launched on March 7, 2025, has quickly gained traction in the cybercrime world. With a low $5,000 deposit for affiliates, it offers an 80% cut of ransom payments. The service provides a user-friendly control panel and targets multiple platforms…
encryption
cybercrime
ransomware-as-a-service
evasion techniques
multi-platform
2025-03-23
vanhelsing
affiliate program
Published: March 23, 2025
Downloadable IOCs: 0

SVC New Stealer on the Horizon

SvcStealer 2025 is a newly discovered information stealer malware distributed through spear phishing emails. It targets sensitive data including machine information, installed software, user credentials, cryptocurrency wallets, and browser data. The malware creates a unique folder, terminates speci…
cryptocurrency
data exfiltration
information stealer
c2 communication
evasion techniques
spear phishing
2025-03-21
svcstealer
Published: March 21, 2025
Downloadable IOCs: 0

Python Bot Delivered Through DLL Side-Loading

A sophisticated malware campaign employs DLL side-loading to deliver a Python bot. The attack begins with a ZIP archive containing a legitimate PDF reader executable and a hidden malicious DLL. When executed, the malicious DLL is loaded instead of the intended Microsoft one, altering the PDF reader…
persistence
dll side-loading
evasion techniques
bitbucket
2025-03-18
code obfuscation
pdf reader
python bot
Published: March 18, 2025
Downloadable IOCs: 0

Deep Dive Into Allegedly AI-Generated FunkSec Ransomware

A new Rust-based ransomware called FunkSec has emerged, claiming to use artificial intelligence in its development. First appearing in 2024, it demonstrates a mix of sophisticated capabilities and developmental inconsistencies. FunkSec implements advanced features like XChaCha20 encryption and comp…
ransomware
persistence
evasion techniques
anti-vm
funksec
2025-03-04
ai-generated
Published: March 4, 2025
Downloadable IOCs: 1

Scalable Vector Graphics files pose a novel phishing threat

Cybercriminals are exploiting the SVG file format to conduct phishing attacks that bypass existing anti-spam and anti-phishing protection. These attacks involve email messages with .svg file attachments, which open in the default browser on Windows computers. The SVG files contain anchor tags and s…
phishing
social engineering
credential theft
evasion techniques
2025-02-05
nymeria
file format abuse
svg
browser-based attacks
troj/autoit-dhb
email attachments
Published: February 5, 2025
Downloadable IOCs: 0

AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again

A new AsyncRAT malware campaign has been identified, utilizing malicious payloads delivered through TryCloudflare quick tunnels and Python packages. The attack chain begins with a phishing email containing a Dropbox URL, leading to a ZIP file with an internet shortcut. This triggers a series of dow…
xworm
phishing
python
dropbox
asyncrat
venomrat
process injection
evasion techniques
trycloudflare
remote access trojan
2025-02-01
Published: February 1, 2025
Downloadable IOCs: 0

Stealthy Cyber Attacks: LNK Files & SSH Commands Playbook

This analysis explores a rising trend in cyber attacks where threat actors leverage LNK files and SSH commands as initial infection vectors. The attackers use meticulously crafted shortcut files, often disguised as legitimate documents, to execute commands using Living-off-the-Land Binaries (LOLBin…
powershell
evasion techniques
lnk files
rundll32
2024-12-19
hackbrowserdata
scp
living-off-the-land binaries
cyber attacks
ssh commands
Published: December 19, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21893
Downloadable IOCs: 6

NodeLoader Exposed: The Node.js Malware Evading Detection

Zscaler ThreatLabz discovered a malware campaign using Node.js applications for Windows to distribute cryptocurrency miners and information stealers. Named NodeLoader, this malware family employs Node.js compiled executables to deliver second-stage payloads like XMRig, Lumma, and Phemedrone Stealer…
social engineering
node.js
lumma stealer
evasion techniques
information stealers
2024-12-13
game streaming
cryptocurrency miners
nodeloader
Published: December 13, 2024
Downloadable IOCs: 0

BabbleLoader

BabbleLoader is a highly evasive malware loader designed to bypass antivirus and sandbox environments to deliver stealers into memory. It employs sophisticated techniques such as junk code insertion, metamorphic transformations, dynamic API resolution, and anti-sandboxing measures. The loader's fea…
loader
stealer
evasion techniques
2024-11-19
babbleloader
dynamic api resolution
anti-sandboxing
whitesnake
meduza
metamorphism
Published: November 19, 2024
Downloadable IOCs: 43

Grandoreiro banking trojan: overview of recent versions and new tricks

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
credential theft
remote access
grandoreiro
banking trojan
brazil
evasion techniques
2024-10-22
financial malware
global threat
Published: October 22, 2024
Downloadable IOCs: 0

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

EDRSilencer, a red team tool designed to interfere with endpoint detection and response (EDR) solutions, has been discovered being abused by threat actors. It leverages the Windows Filtering Platform to block EDR traffic, concealing malicious activity. The tool dynamically identifies running EDR pr…
evasion techniques
2024-10-15
edrsilencer
windows filtering platform
red team tool
endpoint security
Published: October 15, 2024
Downloadable IOCs: 0

Mamba 2FA: A new contender in the AiTM phishing ecosystem

Mamba 2FA is a newly discovered adversary-in-the-middle (AiTM) phishing kit being sold as phishing-as-a-service (PhaaS). It features capabilities similar to other popular AiTM phishing services, including handling two-step verifications for non-phishing-resistant MFA methods, supporting various aut…
phishing
aitm
phaas
microsoft 365
evasion techniques
2024-10-07
socket.io
multi-factor authentication
mamba 2fa
Published: October 7, 2024
Downloadable IOCs: 0

XWorm: Analysis of Latest Version and Execution Flow

XWorm, a versatile tool discovered in 2022, enables attackers to access sensitive information, gain remote access, and deploy additional malware. The latest version's infection chain begins with a Windows Script File downloading a PowerShell script from paste.ee. This script creates multiple files,…
xworm
infection chain
remote access
process injection
2024-10-03
evasion techniques
reflective loading
telegram notification
Published: October 3, 2024
Downloadable IOCs: 8

A Measure of Motive: How Attackers Weaponize Digital Analytics Tools

Threat actors are repurposing digital analytics and advertising tools to evade detection and enhance their malicious campaigns. The report explores how link shorteners, IP geolocation utilities, CAPTCHA systems, and advertising intelligence platforms are being weaponized. It provides insights into …
phishing
malvertising
captcha
2024-09-30
azorult
sockrat
adwind
jsocket
jrat
jfrutas
jbifrost
alienspy
trojan.maljava
frutas
unrecom
geolocation
evasion techniques
kraken ransomware
turkeydrop
friendspeak
dancefloor
link shorteners
digital analytics
advertising tools
mixlabel
Published: September 30, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports