Tag: modular malware

5 Attack Reports | 0 Vulnerabilities

Attack reports

You will always remember this as the day you finally caught FamousSparrow

ESET researchers uncovered new activity by the FamousSparrow APT group, including two undocumented versions of their SparrowDoor backdoor. The group compromised a US financial sector trade group and a Mexican research institute in July 2024. The new SparrowDoor versions show significant improvement…
shadowpad
modular malware
sparrowdoor
2025-03-26
hemigate
Published: March 26, 2025
Downloadable IOCs: 12

Stately Taurus Activity in Southeast Asia Links to Bookworm Malware

Unit 42 researchers have discovered connections between Stately Taurus, a threat actor targeting ASEAN countries, and the Bookworm malware family. Analysis of infrastructure and code overlaps revealed links between recent Stately Taurus attacks and Bookworm samples dating back to 2015. The group ha…
dll sideloading
toneshell
pubload
modular malware
southeast asia
2025-02-20
asean
infrastructure overlap
bookworm
Published: February 20, 2025
Downloadable IOCs: 0

North Korean group targets nuclear-related organization with new malware

The Lazarus group has evolved its infection chain by targeting employees of a nuclear-related organization with a combination of new and old malware. The attack involved delivering malicious archive files containing trojanized VNC utilities and various malware strains including Ranid Downloader, MI…
supply chain
modular malware
2024-12-19
lpeclient
wordpress c2
cookietime
deathnote campaign
rollmid
servicechanger
ranid downloader
charamel loader
nuclear
trojanized vnc
mistpen
cookieplus
Published: December 19, 2024
Linked vulnerabilities : CVE-2019-0859, CVE-2019-0797
Downloadable IOCs: 1

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Threat actors are exploiting old Microsoft Office vulnerabilities using SmokeLoader, a modular malware loader, to steal browser credentials. The campaign targets manufacturing, healthcare, and IT companies in Taiwan, utilizing CVE-2017-0199 and CVE-2017-11882 to execute remote code and deploy malic…
phishing
plugins
credential theft
smokeloader
CVE-2017-0199
CVE-2017-11882
taiwan
modular malware
2024-12-03
microsoft office
vulnerabilities
andeloader
Published: December 3, 2024
Linked vulnerabilities : CVE-2017-11882, CVE-2017-0199
Downloadable IOCs: 28

Mind the (air) gap: GoldenJackal gooses government guardrails

ESET researchers uncovered two distinct toolsets used by the GoldenJackal APT group to breach air-gapped systems in government organizations. The first toolset, observed in 2019, included GoldenDealer for delivering executables via USB drives, GoldenHowl as a modular backdoor, and GoldenRobo for fi…
apt
cyberespionage
2024-11-17
jackalworm
goldenusbgo
goldenblacklist
goldenrobo
modular malware
goldendealer
goldendrive
goldenmailer
goldenace
goldenhowl
usb propagation
goldenpyblacklist
goldenusbcopy
air-gapped systems
Published: November 17, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports