Tag: lockbit

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16

The Crypt Ghouls group is targeting Russian businesses and government agencies with ransomware attacks. They utilize a toolkit including utilities like Mimikatz, XenAllPasswordPro, PingCastle, and others. The group employs LockBit 3.0 and Babuk ransomware as final payloads. Initial access is often …

Downloadable IOCs 1

A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).

Downloadable IOCs 17

The United States has experienced a significant increase in cyber attacks from June to October 2024, with over 800 organizations affected by ransomware across various sectors. Play, RansomHub, Lockbit, Qilin, and Meow have emerged as the most active ransomware groups. Notable incidents include the …

Downloadable IOCs 0

The report examines the BlackJack hacktivist group targeting Russian organizations, focusing on their tools, techniques, and connections to the Twelve group. BlackJack employs freely available software like the Shamoon wiper and LockBit ransomware. Significant overlaps with Twelve include similar m…

Downloadable IOCs 1

Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like …

Downloadable IOCs 52

This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with easy access to sophisticated ransomware builders like LockBit 3.0 and Yashma/Chaos. The accessibility of these tools enables even those with minimal technical skills to lau…

Downloadable IOCs 1

SentinelLabs identified a cybercriminal group, NullBulge, targeting AI- and gaming-focused entities. The group injects malware into public code repositories and gaming mods, leading victims to import malicious libraries. NullBulge uses tools like Async RAT and Xworm before delivering customized Loc…

Downloadable IOCs 9

While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with LockBit accounting for over 20%. The report explores the changing tactics employed by ransomware actors, including the exploitation of vulnerabilities, the use of Bring-Your…

Downloadable IOCs 27

Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of a decryptor tool. Initially discovered in March 2024, this cryptographic weakness was made public at Recon 2024. The ransomware, which has undergone several rebrands sin…

Downloadable IOCs 8

Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizations; one such technique its use of a PowerShell script to bypass Antimalware Scan Interface (AMSI) and abuse of fully undetectable (FUD) obfuscator packers. A new varian…

Downloadable IOCs 3

SentinelOne is the world's leading provider of self-defence and cybersecurity, with a platform powered by artificial intelligence and the power of the Singularity XDR, which aims to protect and respond to cyber attacks at scale.

Downloadable IOCs 1

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…

Downloadable IOCs 16