| Title |
Published |
Tags |
Description |
Number of indicators |
| Analyzing the Mekotio Trojan |
Aug. 30, 2024, 8:14 a.m. |
|
The analysis delves into the Mekotio Trojan, a sophisticated malware that employs a PowerShell dropper to execute its payload. Th… |
2 |
| Threat Tracking: Analysis of Lilith RAT ported to AutoIt Script |
Aug. 23, 2024, 9:41 a.m. |
|
In April 2024, S2W's Threat Research and Intelligence Center TALON analyzed a malicious LNK file disguised as a list of tax evasi… |
33 |
| Decoding the Stealthy Memory-Only Malware |
Aug. 23, 2024, 9:11 a.m. |
|
This intelligence report provides an in-depth analysis of a complex, multi-stage malware campaign called PEAKLIGHT. It details th… |
23 |
| Exploring the D3F@ck Malware-as-a-Service Loader |
Aug. 19, 2024, 1:17 p.m. |
|
This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias S… |
4 |
| Ande Loader Leads to 0bj3ctivity Stealer Infection |
Aug. 12, 2024, 11:26 a.m. |
|
In July 2024, eSentire's Threat Response Unit observed a phishing attack leading to a 0bj3ctivity Stealer malware infection. The … |
2 |
| Detecting evolving threats: NetSupport RAT campaign |
Aug. 2, 2024, 8:25 a.m. |
|
This analysis examines a recent malware campaign that utilizes the NetSupport RAT, a legitimate remote administration tool, for p… |
3 |
| Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity |
July 31, 2024, 10:47 a.m. |
|
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer i… |
5 |
| 'Evil Twin' Apps Spread for Multiple Fraud Schemes |
July 17, 2024, 10:52 a.m. |
|
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving th… |
0 |
| Braodo Info Stealer Targeting Vietnam and Abroad |
July 15, 2024, 10:42 a.m. |
|
CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also … |
14 |
| Analysis of Suspected APT Attack Activities by “Silver Fox” |
July 10, 2024, 10:19 a.m. |
|
This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and t… |
7 |
| Distribution of AsyncRAT Disguised as Ebook |
July 10, 2024, 9:22 a.m. |
|
This analysis covers the distribution of AsyncRAT malware disguised as an ebook. The compressed file contains a malicious LNK and… |
5 |
| Examining Water Infection Routine Leading to an XMRig Cryptominer |
June 28, 2024, 7:39 a.m. |
|
This report details the multi-stage loading technique utilized by the threat actor Water Sigbin to deliver the PureCrypter loader… |
13 |
| New InnoSetup Malware Created Upon Each Download Attempt |
June 27, 2024, 9:34 a.m. |
|
A security intelligence report describing a new malware distribution technique where malicious code is dynamically generated for … |
32 |
| DBatLoader Distributed via CMD Files |
June 27, 2024, 9:26 a.m. |
|
A cybersecurity analysis has identified a malicious operation involving the distribution of a downloader, dubbed DBatLoader or Mo… |
0 |
| StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe |
June 25, 2024, 1:07 p.m. |
|
Recent observations indicate a surge in JavaScript spreading StrelaStealer, a credential stealer specifically targeting Outlook a… |
5 |
| Dipping into Danger: The WARMCOOKIE backdoor |
June 12, 2024, 10:41 a.m. |
|
Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCO… |
6 |
| RAT Distributed as UUEncoding (UUE) File |
June 11, 2024, 10:11 a.m. |
|
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated throug… |
3 |
| New Agent Tesla Campaign Targeting Spanish-Speaking People |
June 10, 2024, 11:24 a.m. |
|
This report analyzes a phishing campaign spreading a new Agent Tesla variant designed to infiltrate victims' computers and steal … |
6 |
| Malicious Campaign Analysis: JScript RAT and CobaltStrike |
June 7, 2024, 8:59 a.m. |
|
This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the … |
4 |
| DarkGate again but... Improved? |
June 6, 2024, 8:16 a.m. |
|
The report details the latest developments surrounding the DarkGate remote access trojan, including its enhanced capabilities in … |
313 |
| Wineloader - Analysis of the Infection Chain |
June 6, 2024, 8:13 a.m. |
|
The analysis examines the Wineloader backdoor, a modular malware attributed to the APT29 threat group, which allows further tools… |
9 |
| From Document to Script: Insides of Campaign |
May 17, 2024, 9:38 a.m. |
|
This report examines a recent malicious campaign initiated via phishing emails, seemingly from 'QuickBooks,' prompting users to i… |
11 |
| Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack |
May 10, 2024, 1:45 p.m. |
|
The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versio… |
12 |
| macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge |
May 10, 2024, 8:31 a.m. |
|
This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spy… |
4 |
| RemcosRAT Distributed Using Steganography |
May 8, 2024, 11:03 a.m. |
|
Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganog… |
4 |