Tag: nsis

3 Attack Reports | 0 Vulnerabilities

Attack reports

NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign

A malware campaign using fake software installers to deliver Winos v4.0, a memory-resident malware, has been tracked throughout 2025. The campaign, dubbed Catena, employs trojanized NSIS installers, reflective DLL loading, and shellcode-embedded INI files to evade detection. It stages payloads enti…
nsis
winos
chinese-speaking targets
2025-05-27
srdi
memory-resident malware
winos v4.0
catena loader
reflective dll injection
trojanized installers
Published: May 27, 2025
Downloadable IOCs: 31

Cyberattack: UAC-0125 using the theme "Army+" (CERT-UA#12559)

A cyber attack attributed to UAC-0125 has been identified, involving websites mimicking the official 'Army+' app page. These sites, hosted on Cloudflare Workers, prompt users to download a malicious executable. The EXE file, an NSIS installer, contains a decoy .NET file, Python interpreter, Tor fil…
sandworm
openssh
cloudflare workers
nsis
tor
2024-12-20
apt44
uac-0125
army+
Published: December 20, 2024
Downloadable IOCs: 6

Static Unpacking for the Widespread NSIS-based Malicious Packer

This article examines a malicious packer family based on the Nullsoft Scriptable Install System (NSIS) used by cybercriminals to protect various malware from detection. It describes the structure of packed samples, and presents an approach for creating a tool that automatically unpacks the encrypte…
2024-05-28
nsis
Published: May 28, 2024
Downloadable IOCs: 11
Click here to see more Attack Reports