Tag : malware

59 attack reports | 0 vulnerabilities

Attack Reports

Title Published Tags Description Number of indicators
There's Something About CryptBot: Yet Another Silly Stealer Sept. 11, 2024, 8:02 a.m. This report provides an in-depth technical analysis of a new variant of the CryptBot infostealer, dubbed Yet Another Silly Steale… 13
Earth Preta Evolves its Attacks with New Malware and Strategies Sept. 10, 2024, 8:58 p.m. Trend Micros discusses analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and str… 41
Threat Assessment: North Korean Threat Groups Sept. 10, 2024, 8:23 a.m. This assessment evaluates several North Korean threat groups operating under the Reconnaissance General Bureau. It describes thei… 58
LummaC2 Malware and Malicious Chrome Extension Delivered Sept. 9, 2024, 9:34 a.m. In August 2024, eSentire's Threat Response Unit observed a sophisticated attack involving LummaC2 stealer malware and a malicious… 7
Ailurophile Stealer Sept. 9, 2024, 9:26 a.m. This analysis examines a newly identified threat dubbed 'Ailurophile Stealer,' a malware designed to compromise victims' systems … 3
Loki: a new private agent for the popular Mythic framework Sept. 9, 2024, 9:22 a.m. Kaspersky researchers discovered a previously unknown Loki backdoor, utilized in a series of targeted attacks. Analysis revealed … 7
Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool Aug. 30, 2024, 8:16 a.m. Cybercriminals are employing a sophisticated two-stage malware campaign masquerading as the Palo Alto GlobalProtect tool to infil… 5
Analyzing the Mekotio Trojan Aug. 30, 2024, 8:14 a.m. The analysis delves into the Mekotio Trojan, a sophisticated malware that employs a PowerShell dropper to execute its payload. Th… 2
Latrodectus Rapid Evolution Continues With Latest New Payload Features Aug. 30, 2024, 8:10 a.m. This report discusses the latest updates to the Latrodectus malware, including a different string deobfuscation approach, a new C… 10
Decoding the Stealthy Memory-Only Malware Aug. 23, 2024, 9:11 a.m. This intelligence report provides an in-depth analysis of a complex, multi-stage malware campaign called PEAKLIGHT. It details th… 23
Report on Ukraine government attack campaign Aug. 23, 2024, 8:56 a.m. Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed … 33
NGate Android malware relays NFC traffic to steal cash Aug. 22, 2024, 10:36 a.m. ESET researchers uncovered a crimeware campaign targeting bank customers in Czechia. The NGate Android malware can relay NFC data… 12
GreenCharlie Infrastructure Linked to US Political Campaign Targeting Aug. 21, 2024, 10:48 a.m. An analysis by Insikt Group revealed a significant surge in cyber threat activities from GreenCharlie, an Iran-linked group assoc… 111
Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site Aug. 20, 2024, 9:06 a.m. The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, design… 15
Exploring the D3F@ck Malware-as-a-Service Loader Aug. 19, 2024, 1:17 p.m. This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias S… 4
Ande Loader Leads to 0bj3ctivity Stealer Infection Aug. 12, 2024, 11:26 a.m. In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The … 2
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms Aug. 5, 2024, 11:29 a.m. Volexity detected and responded to multiple incidents involving systems infected with malware linked to StormBamboo, a threat act… 2
Fighting Ursa Luring Targets With Car for Sale Aug. 5, 2024, 8:30 a.m. This analysis examines a campaign attributed to the Russian threat actor Fighting Ursa, also known as APT28, Fancy Bear, and Sofa… 6
MirrorFace Attack against Japanese Organisations Aug. 2, 2024, 8:41 a.m. The report provides in-depth details about the malware used by the threat actor MirrorFace in targeted attacks against Japanese o… 27
Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT July 31, 2024, 10:43 a.m. This analysis examines a recent malware campaign involving a dropper dubbed Gh0stGambit, which is employed to retrieve and execut… 6
Analysis of Golang Payload and Information Theft Campaign July 30, 2024, 4:14 p.m. The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically ta… 8
Secret Message: Steganography Tricks of TA558 Group in Cyber Attacks on Enterprises in Russia and Belarus July 30, 2024, 3:54 p.m. F.A.C.C.T.'s Threat Intelligence analysts have investigated numerous cyberattacks by the TA558 group targeting enterprises, gover… 74
New Mandrake Android spyware version discovered on Google Play July 29, 2024, 8:36 p.m. n April 2024, Securelist discovered a suspicious sample that appeared to be a new version of Mandrake. Ensuing analysis revealed … 9
Fake update puts visitors at risk July 24, 2024, 8:09 a.m. This intelligence report discusses SocGholish, a JavaScript downloader used by threat actors to deliver malware payloads disguise… 10
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed July 24, 2024, 8:02 a.m. This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass s… 27
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android July 23, 2024, 7:49 a.m. ESET researchers discovered a vulnerability named EvilVideo that allows attackers to share malicious Android payloads disguised a… 1
Warning Against the Distribution of Malware Disguised as Software Cracks July 19, 2024, 5:17 a.m. This advisory cautions about the distribution of malware masquerading as crack programs for software. The malicious actors aim to… 1
Analysis of Suspected APT Attack Activities by “Silver Fox” July 10, 2024, 10:19 a.m. This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and t… 7
Kematian-Stealer: A Deep Dive into a New Information Stealer July 10, 2024, 10:08 a.m. This report provides an in-depth analysis of a newly discovered information stealer named Kematian-Stealer, actively developed on… 4
Persistent npm Campaign Shipping Trojanized jQuery July 10, 2024, 9:36 a.m. The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through variou… 67
Exposing Attack Operations Utilizing PyPI Against Windows, Linux and macOS Platforms July 8, 2024, 10:50 a.m. The report details the APT-C-26 (Lazarus) group's recent attack campaign utilizing malicious Python packages hosted on the PyPI r… 28
Kimsuky Deploys TRANSLATEXT Chrome Extension June 28, 2024, 7:46 a.m. In March 2024, the cybersecurity firm Zscaler observed a new activity from Kimsuky, a North Korean state-sponsored hacker group. … 10
Malvertising Campaign Leads to Execution of Oyster Backdoor June 24, 2024, 6:48 p.m. Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software su… 13
Behind the Great Wall Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 CC Framework June 19, 2024, 11:37 a.m. Trend Micro recently discovered a threat actor group dubbed Void Arachne targeting Chinese-speaking users with malicious Windows … 46
FHAPPI Campaign APT10 FreeHosting APT PowerSploit Poison Ivy June 19, 2024, 7:24 a.m. This analysis details a malicious campaign dubbed 'FHAPPI' by the researcher, which utilized compromised Geocities Japan accounts… 5
From Clipboard to Compromise: A PowerShell Self-Pwn June 17, 2024, 11:23 a.m. This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to co… 14
Dipping into Danger: The WARMCOOKIE backdoor June 12, 2024, 10:41 a.m. Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCO… 6
New Agent Tesla Campaign Targeting Spanish-Speaking People June 10, 2024, 11:24 a.m. This report analyzes a phishing campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal … 6
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers June 7, 2024, 7:48 a.m. This report details a cryptojacking campaign exploiting exposed Docker remote API servers. Threat actors employ the cmd.cat/chatt… 7
Operation ControlPlug: Targeted attack campaign using MSC files June 6, 2024, 2:55 p.m. An investigation revealed that the threat group DarkPeony, also known as Operation ControlPlug, employed a novel technique involv… 14
Operation Crimson Palace: A Technical Deep Dive June 6, 2024, 7:55 a.m. Sophos Managed Detection and Response initiated a threat hunt across customers after detecting abuse of a vulnerable VMware execu… 138
Malware botnet installing NiceRAT June 6, 2024, 7:28 a.m. This report discusses a botnet that has been active since 2019, distributing various malware such as NiceRAT, Nitol, and NanoCore… 24
Excel File Deploys Cobalt Strike at Ukraine June 4, 2024, 5:24 p.m. A sophisticated multi-stage cyberattack was identified, utilizing an Excel file embedded with a VBA macro designed to deploy a DL… 10
Vidar Stealer: An In-depth Analysis of an Information-Stealing Malware June 4, 2024, 1:17 p.m. Vidar Stealer is a potent malware written in C++, capable of stealing a wide range of data from the compromised system. Vidar Ste… 6
Disrupting FlyingYeti's campaign targeting Ukraine May 31, 2024, 12:19 p.m. This report details Cloudforce One's real-time effort to detect, deny, degrade, disrupt, and delay a phishing campaign by the Rus… 8
Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea May 24, 2024, 8:21 a.m. An investigation by Bitdefender Labs uncovered a previously unidentified cyber threat actor called Unfading Sea Haze. This group … 47
Crimeware report: Acrid, ScarletStealer and Sys01 stealers May 22, 2024, 3:33 p.m. This analysis delves into three distinct stealers: Acrid, ScarletStealer, and Sys01. Acrid is a new stealer found in December, em… 5
Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear May 21, 2024, 11:24 a.m. This comprehensive analysis delves into the continuous evolution and refinement of sophisticated malware entities employed by a p… 29
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID May 17, 2024, 9:03 a.m. LATRODECTUS is a malware loader gaining popularity among cybercriminals, with strong connections to the ICEDID malware family. It… 7
ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information May 17, 2024, 8:50 a.m. This analysis focuses on the recent activities of the ViperSoftX malware strain, which controls infected systems and steals user … 8
Payload Trends in Malicious OneNote Samples May 16, 2024, 5:25 p.m. This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into … 550
Springtail: New Linux Backdoor Added to Toolkit May 16, 2024, 4:46 p.m. Symantec's Threat Hunter Team has uncovered a new Linux backdoor, named Gomir, developed by the North Korean Springtail espionage… 20
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware May 16, 2024, 9:27 a.m. The report describes a recent campaign by the threat actor Storm-1811, a financially motivated cybercriminal group known for depl… 12
The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India May 15, 2024, 3:16 p.m. CRIL's analysis revealed SideCopy APT group's sophisticated malware campaign, employing malicious LNK files and a complex infecti… 21
Ongoing Malvertising Campaign leads to Ransomware May 15, 2024, 3:14 p.m. Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malic… 78
PDF “Flawed Design” Exploitation May 14, 2024, 3:30 p.m. Check Point Research identified an unusual pattern involving PDF exploitation, mainly targeting users of Foxit Reader. This explo… 40
Distribution of DanaBot Malware via Word Files Detected May 14, 2024, 8:16 a.m. This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing mal… 0
Profiling Trafficers: Cerberus May 10, 2024, 9:02 a.m. This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specializ… 24
New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware May 6, 2024, 8:47 a.m. CYFIRMA researchers identified an Android malware campaign, active for over a year, targeting Indian defense personnel by an unid… 3