Title |
Published |
Tags |
Description |
Number of indicators |
There's Something About CryptBot: Yet Another Silly Stealer |
Sept. 11, 2024, 8:02 a.m. |
|
This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Steale… |
13 |
Earth Preta Evolves its Attacks with New Malware and Strategies |
Sept. 10, 2024, 8:58 p.m. |
|
Trend Micros discusses analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and str… |
41 |
Threat Assessment: North Korean Threat Groups |
Sept. 10, 2024, 8:23 a.m. |
|
This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes thei… |
58 |
LummaC2 Malware and Malicious Chrome Extension Delivered |
Sept. 9, 2024, 9:34 a.m. |
|
In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious… |
7 |
Ailurophile Stealer |
Sept. 9, 2024, 9:26 a.m. |
|
This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems … |
3 |
Loki: a new private agent for the popular Mythic framework |
Sept. 9, 2024, 9:22 a.m. |
|
Kaspersky researchers discovered a previously unknown Loki backdoor, utilized in a series of targeted attacks. Analysis revealed … |
7 |
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool |
Aug. 30, 2024, 8:16 a.m. |
|
Cybercriminals are employing a sophisticated two-stage malware campaign masquerading as the Palo Alto GlobalProtect tool to infil… |
5 |
Analyzing the Mekotio Trojan |
Aug. 30, 2024, 8:14 a.m. |
|
The analysis delves into the Mekotio Trojan, a sophisticated malware that employs a PowerShell dropper to execute its payload. Th… |
2 |
Latrodectus Rapid Evolution Continues With Latest New Payload Features |
Aug. 30, 2024, 8:10 a.m. |
|
This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C… |
10 |
Decoding the Stealthy Memory-Only Malware |
Aug. 23, 2024, 9:11 a.m. |
|
This intelligence report provides an in-depth analysis of a complex, multi-stage malware campaign called PEAKLIGHT. It details th… |
23 |
Report on Ukraine government attack campaign |
Aug. 23, 2024, 8:56 a.m. |
|
Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed … |
33 |
NGate Android malware relays NFC traffic to steal cash |
Aug. 22, 2024, 10:36 a.m. |
|
ESET researchers uncovered a crimeware campaign targeting bank customers in Czechia. The NGate Android malware can relay NFC data… |
12 |
GreenCharlie Infrastructure Linked to US Political Campaign Targeting |
Aug. 21, 2024, 10:48 a.m. |
|
An analysis by Insikt Group revealed a significant surge in cyber threat activities from GreenCharlie, an Iran-linked group assoc… |
111 |
Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site |
Aug. 20, 2024, 9:06 a.m. |
|
The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, design… |
15 |
Exploring the D3F@ck Malware-as-a-Service Loader |
Aug. 19, 2024, 1:17 p.m. |
|
This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias S… |
4 |
Ande Loader Leads to 0bj3ctivity Stealer Infection |
Aug. 12, 2024, 11:26 a.m. |
|
In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The … |
2 |
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms |
Aug. 5, 2024, 11:29 a.m. |
|
Volexity detected and responded to multiple incidents involving systems infected with malware linked to StormBamboo, a threat act… |
2 |
Fighting Ursa Luring Targets With Car for Sale |
Aug. 5, 2024, 8:30 a.m. |
|
This analysis examines a campaign attributed to the Russian threat actor Fighting Ursa, also known as APT28, Fancy Bear, and Sofa… |
6 |
MirrorFace Attack against Japanese Organisations |
Aug. 2, 2024, 8:41 a.m. |
|
The report provides in-depth details about the malware used by the threat actor MirrorFace in targeted attacks against Japanese o… |
27 |
Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT |
July 31, 2024, 10:43 a.m. |
|
This analysis examines a recent malware campaign involving a dropper dubbed Gh0stGambit, which is employed to retrieve and execut… |
6 |
Analysis of Golang Payload and Information Theft Campaign |
July 30, 2024, 4:14 p.m. |
|
The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically ta… |
8 |
Secret Message: Steganography Tricks of TA558 Group in Cyber Attacks on Enterprises in Russia and Belarus |
July 30, 2024, 3:54 p.m. |
|
F.A.C.C.T.'s Threat Intelligence analysts have investigated numerous cyberattacks by the TA558 group targeting enterprises, gover… |
74 |
New Mandrake Android spyware version discovered on Google Play |
July 29, 2024, 8:36 p.m. |
|
n April 2024, Securelist discovered a suspicious sample that appeared to be a new version of Mandrake. Ensuing analysis revealed … |
9 |
Fake update puts visitors at risk |
July 24, 2024, 8:09 a.m. |
|
This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguise… |
10 |
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed |
July 24, 2024, 8:02 a.m. |
|
This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass s… |
27 |
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android |
July 23, 2024, 7:49 a.m. |
|
ESET researchers discovered a vulnerability named EvilVideo that allows attackers to share malicious Android payloads disguised a… |
1 |
Warning Against the Distribution of Malware Disguised as Software Cracks |
July 19, 2024, 5:17 a.m. |
|
This advisory cautions about the distribution of malware masquerading as crack programs for software. The malicious actors aim to… |
1 |
Analysis of Suspected APT Attack Activities by “Silver Fox” |
July 10, 2024, 10:19 a.m. |
|
This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and t… |
7 |
Kematian-Stealer: A Deep Dive into a New Information Stealer |
July 10, 2024, 10:08 a.m. |
|
This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on… |
4 |
Persistent npm Campaign Shipping Trojanized jQuery |
July 10, 2024, 9:36 a.m. |
|
The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through variou… |
67 |
Exposing Attack Operations Utilizing PyPI Against Windows, Linux and macOS Platforms |
July 8, 2024, 10:50 a.m. |
|
The report details the APT-C-26 (Lazarus) group's recent attack campaign utilizing malicious Python packages hosted on the PyPI r… |
28 |
Kimsuky Deploys TRANSLATEXT Chrome Extension |
June 28, 2024, 7:46 a.m. |
|
In March 2024, the cybersecurity firm Zscaler observed a new activity from Kimsuky, a North Korean state-sponsored hacker group. … |
10 |
Malvertising Campaign Leads to Execution of Oyster Backdoor |
June 24, 2024, 6:48 p.m. |
|
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software su… |
13 |
Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework |
June 19, 2024, 11:37 a.m. |
|
Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows … |
46 |
FHAPPI Campaign APT10 FreeHosting APT PowerSploit Poison Ivy |
June 19, 2024, 7:24 a.m. |
|
This analysis details a malicious campaign dubbed 'FHAPPI' by the researcher, which utilized compromised Geocities Japan accounts… |
5 |
From Clipboard to Compromise: A PowerShell Self-Pwn |
June 17, 2024, 11:23 a.m. |
|
This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to co… |
14 |
Dipping into Danger: The WARMCOOKIE backdoor |
June 12, 2024, 10:41 a.m. |
|
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCO… |
6 |
New Agent Tesla Campaign Targeting Spanish-Speaking People |
June 10, 2024, 11:24 a.m. |
|
This report analyzes a phishing campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal … |
6 |
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers |
June 7, 2024, 7:48 a.m. |
|
This report details a cryptojacking campaign exploiting exposed Docker remote API servers. Threat actors employ the cmd.cat/chatt… |
7 |
Operation ControlPlug: Targeted attack campaign using MSC files |
June 6, 2024, 2:55 p.m. |
|
An investigation revealed that the threat group DarkPeony, also known as Operation ControlPlug, employed a novel technique involv… |
14 |
Operation Crimson Palace: A Technical Deep Dive |
June 6, 2024, 7:55 a.m. |
|
Sophos Managed Detection and Response initiated a threat hunt across customers after detecting abuse of a vulnerable VMware execu… |
138 |
Malware botnet installing NiceRAT |
June 6, 2024, 7:28 a.m. |
|
This report discusses a botnet that has been active since 2019, distributing various malware such as NiceRAT, Nitol, and NanoCore… |
24 |
Excel File Deploys Cobalt Strike at Ukraine |
June 4, 2024, 5:24 p.m. |
|
A sophisticated multi-stage cyberattack was identified, utilizing an Excel file embedded with a VBA macro designed to deploy a DL… |
10 |
Vidar Stealer: An In-depth Analysis of an Information-Stealing Malware |
June 4, 2024, 1:17 p.m. |
|
Vidar Stealer is a potent malware written in C++, capable of stealing a wide range of data from the compromised system. Vidar Ste… |
6 |
Disrupting FlyingYeti's campaign targeting Ukraine |
May 31, 2024, 12:19 p.m. |
|
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Rus… |
8 |
Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea |
May 24, 2024, 8:21 a.m. |
|
An investigation by Bitdefender Labs uncovered a previously unidentified cyber threat actor called Unfading Sea Haze. This group … |
47 |
Crimeware report: Acrid, ScarletStealer and Sys01 stealers |
May 22, 2024, 3:33 p.m. |
|
This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, em… |
5 |
Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear |
May 21, 2024, 11:24 a.m. |
|
This comprehensive analysis delves into the continuous evolution and refinement of sophisticated malware entities employed by a p… |
29 |
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID |
May 17, 2024, 9:03 a.m. |
|
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It… |
7 |
ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information |
May 17, 2024, 8:50 a.m. |
|
This analysis focuses on the recent activities of the ViperSoftX malware strain, which controls infected systems and steals user … |
8 |
Payload Trends in Malicious OneNote Samples |
May 16, 2024, 5:25 p.m. |
|
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into … |
550 |
Springtail: New Linux Backdoor Added to Toolkit |
May 16, 2024, 4:46 p.m. |
|
Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage… |
20 |
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware |
May 16, 2024, 9:27 a.m. |
|
The report describes a recent campaign by the threat actor Storm-1811, a financially motivated cybercriminal group known for depl… |
12 |
The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India |
May 15, 2024, 3:16 p.m. |
|
CRIL's analysis revealed SideCopy APT group's sophisticated malware campaign, employing malicious LNK files and a complex infecti… |
21 |
Ongoing Malvertising Campaign leads to Ransomware |
May 15, 2024, 3:14 p.m. |
|
Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malic… |
78 |
PDF “Flawed Design” Exploitation |
May 14, 2024, 3:30 p.m. |
|
Check Point Research identified an unusual pattern involving PDF exploitation, mainly targeting users of Foxit Reader. This explo… |
40 |
Distribution of DanaBot Malware via Word Files Detected |
May 14, 2024, 8:16 a.m. |
|
This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing mal… |
0 |
Profiling Trafficers: Cerberus |
May 10, 2024, 9:02 a.m. |
|
This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specializ… |
24 |
New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware |
May 6, 2024, 8:47 a.m. |
|
CYFIRMA researchers identified an Android malware campaign, active for over a year, targeting Indian defense personnel by an unid… |
3 |