Tag: persistent

2 Attack Reports | 0 Vulnerabilities

Attack reports

Know Thy Enemy: A Novel November Case on Persistent Remote Access

In early November 2024, a threat actor gained initial access to a network via brute-forcing a public-facing RD-Web instance. Using PsExec, they executed batch files across multiple machines to enable RDP connections and install a malicious MeshAgent. The actor renamed the MeshAgent to mimic a virtu…
remote access
persistent
lateral movement
meshagent
2024-11-26
psexec
rdp brute force
Published: November 26, 2024
Downloadable IOCs: 6

Exploring the Depths of Multi-tiered Infrastructure

This report provides an in-depth analysis of SolarMarker, a highly persistent and evolving malware family. It delves into the malware's evolution since 2020, detailing its functionality, evasion tactics, and targeting strategies. The report also highlights the multi-tiered infrastructure supporting…
modular
2024-05-09
solarmarker
persistent
solarphantom
evasive
multi-tiered
information-stealing
2024-05-14
2024-05-10
Published: May 14, 2024
Downloadable IOCs: 45
Click here to see more Attack Reports