| Title |
Published |
Tags |
Description |
Number of indicators |
| Fake update puts visitors at risk |
July 24, 2024, 8:09 a.m. |
|
This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguise… |
10 |
| Exploiting CVE-2024-21412: A Stealer Campaign Unleashed |
July 24, 2024, 8:02 a.m. |
|
This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass s… |
27 |
| Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android |
July 23, 2024, 7:49 a.m. |
|
ESET researchers discovered a vulnerability named EvilVideo that allows attackers to share malicious Android payloads disguised a… |
1 |
| Warning Against the Distribution of Malware Disguised as Software Cracks |
July 19, 2024, 5:17 a.m. |
|
This advisory cautions about the distribution of malware masquerading as crack programs for software. The malicious actors aim to… |
1 |
| Analysis of Suspected APT Attack Activities by “Silver Fox” |
July 10, 2024, 10:19 a.m. |
|
This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and t… |
7 |
| Kematian-Stealer: A Deep Dive into a New Information Stealer |
July 10, 2024, 10:08 a.m. |
|
This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on… |
4 |
| Persistent npm Campaign Shipping Trojanized jQuery |
July 10, 2024, 9:36 a.m. |
|
The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through variou… |
67 |
| Exposing Attack Operations Utilizing PyPI Against Windows, Linux and macOS Platforms |
July 8, 2024, 10:50 a.m. |
|
The report details the APT-C-26 (Lazarus) group's recent attack campaign utilizing malicious Python packages hosted on the PyPI r… |
28 |
| Kimsuky Deploys TRANSLATEXT Chrome Extension |
June 28, 2024, 7:46 a.m. |
|
In March 2024, the cybersecurity firm Zscaler observed a new activity from Kimsuky, a North Korean state-sponsored hacker group. … |
10 |
| Malvertising Campaign Leads to Execution of Oyster Backdoor |
June 24, 2024, 6:48 p.m. |
|
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software su… |
13 |
| Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework |
June 19, 2024, 11:37 a.m. |
|
Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows … |
46 |
| FHAPPI Campaign APT10 FreeHosting APT PowerSploit Poison Ivy |
June 19, 2024, 7:24 a.m. |
|
This analysis details a malicious campaign dubbed 'FHAPPI' by the researcher, which utilized compromised Geocities Japan accounts… |
5 |
| From Clipboard to Compromise: A PowerShell Self-Pwn |
June 17, 2024, 11:23 a.m. |
|
This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to co… |
14 |
| Dipping into Danger: The WARMCOOKIE backdoor |
June 12, 2024, 10:41 a.m. |
|
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCO… |
6 |
| New Agent Tesla Campaign Targeting Spanish-Speaking People |
June 10, 2024, 11:24 a.m. |
|
This report analyzes a phishing campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal … |
6 |
| Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers |
June 7, 2024, 7:48 a.m. |
|
This report details a cryptojacking campaign exploiting exposed Docker remote API servers. Threat actors employ the cmd.cat/chatt… |
7 |
| Operation ControlPlug: Targeted attack campaign using MSC files |
June 6, 2024, 2:55 p.m. |
|
An investigation revealed that the threat group DarkPeony, also known as Operation ControlPlug, employed a novel technique involv… |
14 |
| Operation Crimson Palace: A Technical Deep Dive |
June 6, 2024, 7:55 a.m. |
|
Sophos Managed Detection and Response initiated a threat hunt across customers after detecting abuse of a vulnerable VMware execu… |
138 |
| Malware botnet installing NiceRAT |
June 6, 2024, 7:28 a.m. |
|
This report discusses a botnet that has been active since 2019, distributing various malware such as NiceRAT, Nitol, and NanoCore… |
24 |
| Excel File Deploys Cobalt Strike at Ukraine |
June 4, 2024, 5:24 p.m. |
|
A sophisticated multi-stage cyberattack was identified, utilizing an Excel file embedded with a VBA macro designed to deploy a DL… |
10 |
| Vidar Stealer: An In-depth Analysis of an Information-Stealing Malware |
June 4, 2024, 1:17 p.m. |
|
Vidar Stealer is a potent malware written in C++, capable of stealing a wide range of data from the compromised system. Vidar Ste… |
6 |
| Disrupting FlyingYeti's campaign targeting Ukraine |
May 31, 2024, 12:19 p.m. |
|
This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Rus… |
8 |
| Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea |
May 24, 2024, 8:21 a.m. |
|
An investigation by Bitdefender Labs uncovered a previously unidentified cyber threat actor called Unfading Sea Haze. This group … |
47 |
| Crimeware report: Acrid, ScarletStealer and Sys01 stealers |
May 22, 2024, 3:33 p.m. |
|
This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, em… |
5 |
| Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear |
May 21, 2024, 11:24 a.m. |
|
This comprehensive analysis delves into the continuous evolution and refinement of sophisticated malware entities employed by a p… |
29 |
| Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID |
May 17, 2024, 9:03 a.m. |
|
LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It… |
7 |
| ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information |
May 17, 2024, 8:50 a.m. |
|
This analysis focuses on the recent activities of the ViperSoftX malware strain, which controls infected systems and steals user … |
8 |
| Payload Trends in Malicious OneNote Samples |
May 16, 2024, 5:25 p.m. |
|
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into … |
550 |
| Springtail: New Linux Backdoor Added to Toolkit |
May 16, 2024, 4:46 p.m. |
|
Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage… |
20 |
| Threat actors misusing Quick Assist in social engineering attacks leading to ransomware |
May 16, 2024, 9:27 a.m. |
|
The report describes a recent campaign by the threat actor Storm-1811, a financially motivated cybercriminal group known for depl… |
12 |
| The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India |
May 15, 2024, 3:16 p.m. |
|
CRIL's analysis revealed SideCopy APT group's sophisticated malware campaign, employing malicious LNK files and a complex infecti… |
21 |
| Ongoing Malvertising Campaign leads to Ransomware |
May 15, 2024, 3:14 p.m. |
|
Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malic… |
78 |
| PDF “Flawed Design” Exploitation |
May 14, 2024, 3:30 p.m. |
|
Check Point Research identified an unusual pattern involving PDF exploitation, mainly targeting users of Foxit Reader. This explo… |
40 |
| Distribution of DanaBot Malware via Word Files Detected |
May 14, 2024, 8:16 a.m. |
|
This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing mal… |
0 |
| Profiling Trafficers: Cerberus |
May 10, 2024, 9:02 a.m. |
|
This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specializ… |
24 |
| New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware |
May 6, 2024, 8:47 a.m. |
|
CYFIRMA researchers identified an Android malware campaign, active for over a year, targeting Indian defense personnel by an unid… |
3 |