Tag : powershell

18 attack reports | 0 vulnerabilities

Attack Reports

Title Published Tags Description Number of indicators
Distribution of AsyncRAT Disguised as Ebook July 10, 2024, 9:22 a.m. This analysis covers the distribution of AsyncRAT malware disguised as an ebook. The compressed file contains a malicious LNK and… 5
Kimsuky Group’s New Backdoor (HappyDoor) July 8, 2024, 6:34 p.m. This report provides a detailed analysis of the HappyDoor malware, a new backdoor utilized by the Kimsuky threat group known for … 7
Turla: A Master of Deception July 8, 2024, 10:45 a.m. This report details a recent campaign by the Turla threat group involving malicious LNK files that deliver a fileless backdoor. T… 10
ProxyLogon and ProxyShell Used to Target Government Mail Servers in Asia, Europe, and South America July 5, 2024, 3:03 p.m. This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauth… 4
Malvertising Campaign Leads to Execution of Oyster Backdoor June 24, 2024, 6:48 p.m. Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software su… 13
AdsExhaust, a Newly Discovered Adware MasqueradingOculus… June 24, 2024, 4:35 p.m. In June 2024, the eSentire Threat Response Unit (TRU) identified adware, which we have dubbed AdsExhaust, being distributed throu… 17
FHAPPI Campaign APT10 FreeHosting APT PowerSploit Poison Ivy June 19, 2024, 7:24 a.m. This analysis details a malicious campaign dubbed 'FHAPPI' by the researcher, which utilized compromised Geocities Japan accounts… 5
From Clipboard to Compromise: A PowerShell Self-Pwn June 17, 2024, 11:23 a.m. This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to co… 14
APT Attacks Using Cloud Storage June 11, 2024, 10:09 a.m. The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to … 1
Warning Against Phishing Emails Prompting Execution of Commands via Paste June 6, 2024, 7:18 a.m. This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run… 15
Decoding Water Sigbin's Latest Obfuscation Tricks May 30, 2024, 7:03 a.m. The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade d… 9
Gootloader walkthrough May 24, 2024, 8:29 a.m. The analysis delves into the intricate workings of the Gootloader malware campaign. Through a meticulously crafted social enginee… 12
Spring Exacerbation: UAC-0006 increased cyberattacks May 22, 2024, 7:56 a.m. This report aims to provide insights into the ongoing cyber operations targeting Ukraine. It analyzes the tactics, techniques, an… 31
Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware May 22, 2024, 7:39 a.m. Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud sto… 16
Exploring the Metamorfo Banking Trojan May 17, 2024, 3:38 p.m. This report delves into a malware campaign known as Metamorfo, a banking Trojan that spreads through malspam campaigns. It entice… 39
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns May 14, 2024, 6:03 p.m. A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ranso… 10
Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself April 29, 2024, 7:15 p.m. Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and doma… 34
From IcedID to Dagon Locker Ransomware in 29 Days April 29, 2024, 5:23 p.m. This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized t… 33