Tag: icedid
7 attack reports | 0 vulnerabilities
Attack reports
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
This article analyzes four previously undisclosed DNS tunneling campaigns identified through a new campaign monitoring system. The system detects tunneling domains based on common techniques and attributes used in malicious campaigns. Four new campaigns were uncovered: FinHealthXDS (targeting finan…
Downloadable IOCs 0
Latrodectus Rapid Evolution Continues With Latest New Payload Features
This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The rep…
Downloadable IOCs 10
Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023.
Downloadable IOCs 8
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…
Downloadable IOCs 33
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolvi…
Downloadable IOCs 7
Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself
Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and domains purporting to be associated with the United States Postal Service (USPS). Akamai researchers compared five months of DNS traffic to the legitimate domain, usps.com, w…
Downloadable IOCs 34
From IcedID to Dagon Locker Ransomware in 29 Days
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.
Downloadable IOCs 33
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
This article analyzes four previously undisclosed DNS tunneling campaigns identified through a new campaign monitoring system. The system detects tunneling domains based on common techniques and attributes used in malicious campaigns. Four new campaigns were uncovered: FinHealthXDS (targeting finan…
Downloadable IOCs 0
Latrodectus Rapid Evolution Continues With Latest New Payload Features
This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The rep…
Downloadable IOCs 10
Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023.
Downloadable IOCs 8
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…
Downloadable IOCs 33
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolvi…
Downloadable IOCs 7
Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself
Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and domains purporting to be associated with the United States Postal Service (USPS). Akamai researchers compared five months of DNS traffic to the legitimate domain, usps.com, w…
Downloadable IOCs 34
From IcedID to Dagon Locker Ransomware in 29 Days
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.
Downloadable IOCs 33
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
This article analyzes four previously undisclosed DNS tunneling campaigns identified through a new campaign monitoring system. The system detects tunneling domains based on common techniques and attributes used in malicious campaigns. Four new campaigns were uncovered: FinHealthXDS (targeting finan…
Downloadable IOCs 0
Latrodectus Rapid Evolution Continues With Latest New Payload Features
This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The rep…
Downloadable IOCs 10
Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023.
Downloadable IOCs 8
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…
Downloadable IOCs 33
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolvi…
Downloadable IOCs 7
Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself
Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and domains purporting to be associated with the United States Postal Service (USPS). Akamai researchers compared five months of DNS traffic to the legitimate domain, usps.com, w…
Downloadable IOCs 34
From IcedID to Dagon Locker Ransomware in 29 Days
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.
Downloadable IOCs 33
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
This article analyzes four previously undisclosed DNS tunneling campaigns identified through a new campaign monitoring system. The system detects tunneling domains based on common techniques and attributes used in malicious campaigns. Four new campaigns were uncovered: FinHealthXDS (targeting finan…
Downloadable IOCs 0
Latrodectus Rapid Evolution Continues With Latest New Payload Features
This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The rep…
Downloadable IOCs 10
Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023.
Downloadable IOCs 8
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…
Downloadable IOCs 33
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolvi…
Downloadable IOCs 7
Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself
Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and domains purporting to be associated with the United States Postal Service (USPS). Akamai researchers compared five months of DNS traffic to the legitimate domain, usps.com, w…
Downloadable IOCs 34
From IcedID to Dagon Locker Ransomware in 29 Days
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.
Downloadable IOCs 33
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
This article analyzes four previously undisclosed DNS tunneling campaigns identified through a new campaign monitoring system. The system detects tunneling domains based on common techniques and attributes used in malicious campaigns. Four new campaigns were uncovered: FinHealthXDS (targeting finan…
Downloadable IOCs 0
Latrodectus Rapid Evolution Continues With Latest New Payload Features
This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The rep…
Downloadable IOCs 10
Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023.
Downloadable IOCs 8
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…
Downloadable IOCs 33
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolvi…
Downloadable IOCs 7
Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself
Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and domains purporting to be associated with the United States Postal Service (USPS). Akamai researchers compared five months of DNS traffic to the legitimate domain, usps.com, w…
Downloadable IOCs 34
From IcedID to Dagon Locker Ransomware in 29 Days
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.
Downloadable IOCs 33
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
This article analyzes four previously undisclosed DNS tunneling campaigns identified through a new campaign monitoring system. The system detects tunneling domains based on common techniques and attributes used in malicious campaigns. Four new campaigns were uncovered: FinHealthXDS (targeting finan…
Downloadable IOCs 0
Latrodectus Rapid Evolution Continues With Latest New Payload Features
This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The rep…
Downloadable IOCs 10
Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023.
Downloadable IOCs 8
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…
Downloadable IOCs 33
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolvi…
Downloadable IOCs 7
Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself
Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and domains purporting to be associated with the United States Postal Service (USPS). Akamai researchers compared five months of DNS traffic to the legitimate domain, usps.com, w…
Downloadable IOCs 34
From IcedID to Dagon Locker Ransomware in 29 Days
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.
Downloadable IOCs 33
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
This article analyzes four previously undisclosed DNS tunneling campaigns identified through a new campaign monitoring system. The system detects tunneling domains based on common techniques and attributes used in malicious campaigns. Four new campaigns were uncovered: FinHealthXDS (targeting finan…
Downloadable IOCs 0
Latrodectus Rapid Evolution Continues With Latest New Payload Features
This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C2 endpoint, and two new backdoor commands. It provides an in-depth analysis of the new version 1.4, focusing on the new features added or updated in this variant. The rep…
Downloadable IOCs 10
Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023.
Downloadable IOCs 8
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial access, the threat actor deployed ScreenConnect and established Cobalt Strike beacons, enabling remote command execution. They also utilized CSharp Streamer, a capable RAT…
Downloadable IOCs 33
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It offers standard capabilities for deploying payloads and conducting post-exploitation activities. Initially discovered by Walmart researchers in 2023, it continues evolvi…
Downloadable IOCs 7
Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself
Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and domains purporting to be associated with the United States Postal Service (USPS). Akamai researchers compared five months of DNS traffic to the legitimate domain, usps.com, w…
Downloadable IOCs 34
From IcedID to Dagon Locker Ransomware in 29 Days
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized the Prometheus Traffic Direction System (TDS) to deliver the malware and victims were directed to a fraudulent website, mimicking an Azure download portal.
Downloadable IOCs 33