Tag: meterpreter

5 Attack Reports | 0 Vulnerabilities

Attack reports

New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada

Nitrogen, a new ransomware strain identified in September 2024, has become a significant threat to organizations worldwide, particularly in the financial sector. It encrypts critical data and demands substantial payments for decryption, targeting industries such as finance, construction, manufactur…
ransomware
malvertising
cobalt strike
meterpreter
data exfiltration
nitrogen
2025-05-20
vulnerable driver
Published: May 20, 2025
Downloadable IOCs: 2

From Credit Card Skimming to Exploiting Zero-Days

XE Group, a cybercriminal organization active since 2013, has evolved from credit card skimming to exploiting zero-day vulnerabilities. The group initially focused on web vulnerabilities and supply chain attacks but has now shifted to targeted information theft in manufacturing and distribution sec…
powershell
zero-day
meterpreter
aspxspy
webshell
supply-chain-attack
2025-02-03
CVE-2024-57968
CVE-2025-25181
information-theft
remote-access-trojan
sql-injection
persistent-access
Published: February 3, 2025
Linked vulnerabilities : CVE-2024-57968 (CVSS 9.9), CVE-2025-25181 (CVSS 5.8), CVE-2019-18935, CVE-2017-9248
Downloadable IOCs: 17

Hacktivists attack Russian organizations using rare RATs

The Cyber Anarchy Squad (C.A.S) is a hacktivist group targeting Russian and Belarusian organizations since 2022. They exploit vulnerabilities in public services and use free tools to inflict maximum damage. The group employs rare remote access Trojans like Revenge RAT and Spark RAT, alongside commo…
ransomware
russia
belarus
lockbit
meterpreter
telegram
babuk
spark rat
hacktivist
2024-12-18
revenge rat
data destruction
Published: December 18, 2024
Downloadable IOCs: 0

SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)

This report details a series of attacks targeting South Korean companies, particularly defense contractors, automobile part manufacturers, and semiconductor manufacturers. The threat actor initially deployed malware strains associated with the Kimsuky group, such as MultiRDP and Meterpreter, but la…
apt
meterpreter
2024-06-11
mimikatz
durianbeacon
multirdp
webbrowserpassview
smalltiger
Published: June 11, 2024
Downloadable IOCs: 19

Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server

This report examines a malware strain distributed to web servers in South Korea that redirects users to an illegal gambling site. The threat actor installed a Meterpreter backdoor, a port forwarding tool, and an IIS module malware on a compromised web server. The IIS module inspects HTTP headers an…
korea
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
meterpreter
webserver
iismodulemalware
gamblingredirect
Published: May 8, 2024
Downloadable IOCs: 8
Click here to see more Attack Reports