Tag: evasion techniques

11 Attack Reports | 0 Vulnerabilities

Attack reports

Deep Dive Into Allegedly AI-Generated FunkSec Ransomware

A new Rust-based ransomware called FunkSec has emerged, claiming to use artificial intelligence in its development. First appearing in 2024, it demonstrates a mix of sophisticated capabilities and developmental inconsistencies. FunkSec implements advanced features like XChaCha20 encryption and comp…
ransomware
persistence
evasion techniques
anti-vm
funksec
2025-03-04
ai-generated
Published: March 4, 2025
Downloadable IOCs: 1

Scalable Vector Graphics files pose a novel phishing threat

Cybercriminals are exploiting the SVG file format to conduct phishing attacks that bypass existing anti-spam and anti-phishing protection. These attacks involve email messages with .svg file attachments, which open in the default browser on Windows computers. The SVG files contain anchor tags and s…
phishing
social engineering
credential theft
evasion techniques
2025-02-05
nymeria
file format abuse
svg
browser-based attacks
troj/autoit-dhb
email attachments
Published: February 5, 2025
Downloadable IOCs: 0

AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again

A new AsyncRAT malware campaign has been identified, utilizing malicious payloads delivered through TryCloudflare quick tunnels and Python packages. The attack chain begins with a phishing email containing a Dropbox URL, leading to a ZIP file with an internet shortcut. This triggers a series of dow…
xworm
phishing
python
dropbox
asyncrat
venomrat
process injection
evasion techniques
trycloudflare
remote access trojan
2025-02-01
Published: February 1, 2025
Downloadable IOCs: 0

Stealthy Cyber Attacks: LNK Files & SSH Commands Playbook

This analysis explores a rising trend in cyber attacks where threat actors leverage LNK files and SSH commands as initial infection vectors. The attackers use meticulously crafted shortcut files, often disguised as legitimate documents, to execute commands using Living-off-the-Land Binaries (LOLBin…
powershell
evasion techniques
lnk files
rundll32
2024-12-19
hackbrowserdata
scp
living-off-the-land binaries
cyber attacks
ssh commands
Published: December 19, 2024
Downloadable IOCs: 6

NodeLoader Exposed: The Node.js Malware Evading Detection

Zscaler ThreatLabz discovered a malware campaign using Node.js applications for Windows to distribute cryptocurrency miners and information stealers. Named NodeLoader, this malware family employs Node.js compiled executables to deliver second-stage payloads like XMRig, Lumma, and Phemedrone Stealer…
social engineering
node.js
lumma stealer
evasion techniques
information stealers
2024-12-13
game streaming
cryptocurrency miners
nodeloader
Published: December 13, 2024
Downloadable IOCs: 0

BabbleLoader

BabbleLoader is a highly evasive malware loader designed to bypass antivirus and sandbox environments to deliver stealers into memory. It employs sophisticated techniques such as junk code insertion, metamorphic transformations, dynamic API resolution, and anti-sandboxing measures. The loader's fea…
loader
stealer
evasion techniques
2024-11-19
babbleloader
dynamic api resolution
anti-sandboxing
whitesnake
meduza
metamorphism
Published: November 19, 2024
Downloadable IOCs: 43

Grandoreiro banking trojan: overview of recent versions and new tricks

Grandoreiro is a Brazilian banking trojan that has evolved into a global financial threat, targeting over 1,700 banks and 276 crypto wallets in 45 countries. Despite law enforcement efforts, the malware remains active, with new versions featuring enhanced evasion techniques like multiple Domain Gen…
credential theft
remote access
grandoreiro
banking trojan
brazil
evasion techniques
2024-10-22
financial malware
global threat
Published: October 22, 2024
Downloadable IOCs: 0

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

EDRSilencer, a red team tool designed to interfere with endpoint detection and response (EDR) solutions, has been discovered being abused by threat actors. It leverages the Windows Filtering Platform to block EDR traffic, concealing malicious activity. The tool dynamically identifies running EDR pr…
evasion techniques
2024-10-15
edrsilencer
windows filtering platform
red team tool
endpoint security
Published: October 15, 2024
Downloadable IOCs: 0

Mamba 2FA: A new contender in the AiTM phishing ecosystem

Mamba 2FA is a newly discovered adversary-in-the-middle (AiTM) phishing kit being sold as phishing-as-a-service (PhaaS). It features capabilities similar to other popular AiTM phishing services, including handling two-step verifications for non-phishing-resistant MFA methods, supporting various aut…
phishing
aitm
phaas
microsoft 365
evasion techniques
2024-10-07
socket.io
multi-factor authentication
mamba 2fa
Published: October 7, 2024
Downloadable IOCs: 0

XWorm: Analysis of Latest Version and Execution Flow

XWorm, a versatile tool discovered in 2022, enables attackers to access sensitive information, gain remote access, and deploy additional malware. The latest version's infection chain begins with a Windows Script File downloading a PowerShell script from paste.ee. This script creates multiple files,…
xworm
infection chain
remote access
process injection
2024-10-03
evasion techniques
reflective loading
telegram notification
Published: October 3, 2024
Downloadable IOCs: 8

A Measure of Motive: How Attackers Weaponize Digital Analytics Tools

Threat actors are repurposing digital analytics and advertising tools to evade detection and enhance their malicious campaigns. The report explores how link shorteners, IP geolocation utilities, CAPTCHA systems, and advertising intelligence platforms are being weaponized. It provides insights into …
phishing
malvertising
captcha
2024-09-30
azorult
sockrat
adwind
jsocket
jrat
jfrutas
jbifrost
alienspy
trojan.maljava
frutas
unrecom
geolocation
evasion techniques
kraken ransomware
turkeydrop
friendspeak
dancefloor
link shorteners
digital analytics
advertising tools
mixlabel
Published: September 30, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports