Tag: metastealer

5 Attack Reports | 0 Vulnerabilities

Attack reports

Security Brief: Threat Actors Take Taxes Into Account

Proofpoint researchers have identified an increase in campaigns and malicious domains impersonating tax agencies and financial organizations. This aligns with the annual increase in tax-related content observed from December through April. Phishing lures impersonate government agencies and financia…
xworm
rhadamanthys
financial fraud
asyncrat
venomrat
credential harvesting
metastealer
zgrat
malware delivery
government impersonation
2025-01-28
intuit
mygov
hmrc
tax-themed phishing
revolut
Published: January 28, 2025
Downloadable IOCs: 0

Attempts to disrupt Russian businesses with MetaStealer

A previously unknown threat actor, Venture Wolf, has been targeting Russian businesses since November 2023. The group uses multiple loaders to deliver MetaStealer, a malware that focuses on manufacturing, construction, IT, and telecommunications industries. The campaign involves disseminating archi…
obfuscation
phishing
data theft
injection
redline
metastealer
stealers
2024-11-05
loaders
Published: November 5, 2024
Downloadable IOCs: 20

Exploring the D3F@ck Malware-as-a-Service Loader

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…
malware
loader
obfuscation
stealer
danabot
metastealer
sectoprat
2024-08-19
raccoon stealer
certificates
d3f@ck loader
Published: August 19, 2024
Downloadable IOCs: 4

VayGren and Mr.Burns: Strong Ties in Finance

F.A.C.C.T experts analyzed the tools and connections of cybercriminals attacking Russian accountants. An analysis of the infection chain of the VasyGrek attacker, his forum activity and connection with the malware developer Mr.Burns is presented. The history of Mr.Burns, starting in 2010, is given,…
purecrypter
metastealer
2024-07-10
teamviewer
redline stealer
warzonerat
ave maria
purelogs
burnsrat
Published: July 10, 2024
Downloadable IOCs: 131

Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks

Morphisec Labs has been monitoring increased activity associated with Sticky Werewolf, a suspected geopolitical or hacktivist group. While their origin remains unclear, recent techniques suggest espionage and data exfiltration intent. Sticky Werewolf has targeted the aviation industry, employing ph…
phishing
rhadamanthys stealer
2024-06-07
netwire
rats
webdav
metastealer
ozone rat
lnks
aviation
darktrack
Published: June 7, 2024
Downloadable IOCs: 14
Click here to see more Attack Reports