Tag: exfiltration

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6

Repellent Scorpius is a new ransomware-as-a-service group distributing Cicada3301 ransomware. It emerged in May 2024 and employs double extortion tactics involving data theft. The report covers a technical analysis of the Cicada3301 ransomware, the group's tactics, connections to historical inciden…

Downloadable IOCs 8

This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Stealer (YASS). It details the delivery chain, involving the MustardSandwich downloader, and dissects the YASS payload's functionalities, including its data gathering, encrypti…

Downloadable IOCs 13

This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems by extracting sensitive browser data including stored credentials, cookies, and browsing history. The stealer utilizes various techniques like placing malicious files in …

Downloadable IOCs 3

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …

Downloadable IOCs 17

CYFIRMA's research team recently identified a sophisticated dropper binary designed to deploy an information stealer, dubbed 'Angry Stealer,' actively advertised on Telegram and other online platforms. The stealer targets sensitive data from browsers, cryptocurrency wallets, VPN credentials, and sy…

Downloadable IOCs 2

Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed around prisoners of war, containing links to download an archive named 'spysok_kursk.zip'. This archive contained a CHM file with JavaScript code that launched an obfusca…

Downloadable IOCs 33

G DATA has detected a novel information-stealing malware, dubbed 'Ailurophile Stealer'. It is a PHP-based stealer offered through a subscription model on its dedicated website. Customers utilize a web panel to generate customized malware variants, specifying features such as the malware name, icon,…

Downloadable IOCs 2

Cyber threat actors, including nation-state groups, are utilizing legitimate cloud services like Microsoft OneDrive and Google Drive for covert operations. These services evade detection by masquerading as trusted entities, enabling data exfiltration and tool deployment. A new Go-based backdoor, Go…

Downloadable IOCs 20

Elastic Security Labs uncovered a new Windows backdoor called BITSLOTH that utilizes the Background Intelligent Transfer Service (BITS) for command-and-control communication. This malware, discovered during an intrusion into a South American government's Foreign Ministry, possesses capabilities for…

Downloadable IOCs 8

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…

Downloadable IOCs 8

An intelligence report outlines a campaign where an unidentified threat actor impersonated a Microsoft recovery manual through a malicious Word document containing macros. Upon execution, the macros downloaded a novel stealer now tracked as Daolpu. This stealer targets credentials stored in web bro…

Downloadable IOCs 6

An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gained initial network access via SSH, exploiting a vulnerability in Veeam backup software, and subsequently exfiltrated critical data before deploying the ransomware payload…

Downloadable IOCs 2

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its maliciou…

Downloadable IOCs 14

The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through various platforms like npm and GitHub. The malicious jQuery variant, containing a modified 'end' function, exfiltrates website form data by sending it to remote URLs controlled…

Downloadable IOCs 67

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …

Downloadable IOCs 37

This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…

Downloadable IOCs 33

The report describes a cyber attack campaign by the UAC-0020 (Vermin) threat group targeting Ukraine's Defense Forces. The attackers utilized the SPECTR malware in tandem with the legitimate SyncThing software to exfiltrate sensitive data. The malicious payload was delivered via a password-protecte…

Downloadable IOCs 33

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with random…

Downloadable IOCs 6

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…

Downloadable IOCs 174

This in-depth analysis examines Fletchen stealer, an advanced information-stealing malware featuring potent anti-analysis capabilities. It explores the malware's tactics for data harvesting from compromised systems, exfiltration methods, and measures to evade detection. The report emphasizes the dy…

Downloadable IOCs 13

A new malware called Vilsa Stealer has emerged on GitHub, notable for its speed and efficiency in extracting sensitive data. This sophisticated tool targets browser credentials, tokens, and various application data. It supports major browsers and over 40 crypto wallets, using Python as its programm…

Downloadable IOCs 3

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

This comprehensive report analyzes Gomorrah Stealer, a sophisticated malware designed to exfiltrate sensitive information from compromised systems. It operates within a malware-as-a-service framework and targets data from web browsers, cryptocurrency wallets, VPNs, and configuration files. The stea…

Downloadable IOCs 6