Tag: malicious
11 attack reports | 0 vulnerabilities
Attack reports
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercrimi…
Downloadable IOCs 1
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
The Mongolian Skimmer: different clothes, equally dangerous
This report details the analysis of a skimming campaign, dubbed the 'Mongolian Skimmer,' which utilizes an obfuscation technique involving unusual Unicode characters for variable and function names. While initially appearing as a novel obfuscation approach, it ultimately employs well-known JavaScri…
Downloadable IOCs 13
New macOS malware gives attackers backdoor access to Macs
A new remote access Trojan (RAT) targeting macOS systems, dubbed HZ RAT, grants remote attackers complete control over infected Macs. The malware collects sensitive data, such as installed apps, user information from WeChat and DingTalk, and Google Password Manager credentials. It's suspected of sp…
Downloadable IOCs 25
Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412
Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideload…
Downloadable IOCs 12
Attackers Exploiting Public Cobalt Strike Profiles
This report discusses recent findings of malicious Cobalt Strike infrastructure and malicious Cobalt Strike samples that leverage publicly available Malleable C2 profiles for evasion. Despite its defensive cybersecurity use, threat actors continue exploiting Cobalt Strike's malleable and evasive na…
Downloadable IOCs 6
Malvertising Campaign Leads to Execution of Oyster Backdoor
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and Microsoft Teams.
Downloadable IOCs 13
Warning Against Phishing Emails Prompting Execution of Commands via Paste
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run malicious PowerShell commands that initiate a multi-stage infection process. The campaign ultimately delivers the DarkGate malware, highlighting the importance of exerci…
Downloadable IOCs 15
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers,…
Downloadable IOCs 14
From Document to Script: Insides of Campaign
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to install Java. Clicking the embedded link leads to downloading a malicious JAR file. The JAR contains commands to fetch additional payloads, including an obfuscated AutoIt …
Downloadable IOCs 11
Payload Trends in Malicious OneNote Samples
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
Downloadable IOCs 550