Title |
Published |
Tags |
Description |
Number of indicators |
PowerShell Keylogger |
Sept. 4, 2024, 9:05 a.m. |
|
A newly identified keylogger operating via PowerShell script has been analyzed, revealing its capabilities to capture keystrokes,… |
3 |
Exploring AsyncRAT and Infostealer Plugin Delivery Through… |
Sept. 2, 2024, 4:14 p.m. |
|
This analysis details an AsyncRAT infection observed in August 2024, delivered via email. The attack chain involves a Windows Scr… |
8 |
Analyzing the Mekotio Trojan |
Aug. 30, 2024, 8:14 a.m. |
|
The analysis delves into the Mekotio Trojan, a sophisticated malware that employs a PowerShell dropper to execute its payload. Th… |
2 |
Decoding the Stealthy Memory-Only Malware |
Aug. 23, 2024, 9:11 a.m. |
|
This intelligence report provides an in-depth analysis of a complex, multi-stage malware campaign called PEAKLIGHT. It details th… |
23 |
Report on Ukraine government attack campaign |
Aug. 23, 2024, 8:56 a.m. |
|
Ukraine's government cybersecurity incident response team, CERT-UA, obtained information about the distribution of emails themed … |
33 |
Multiple Malware Dropped Through MSI Package |
Aug. 14, 2024, 11:14 a.m. |
|
An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware e… |
11 |
Unmasking Cronus: How Fake PayPal Documents Execute Fileless Ransomware via PowerShell |
Aug. 7, 2024, 8:32 a.m. |
|
The analysis reveals a sophisticated campaign employing fake PayPal receipts as lures to distribute a new variant of the Cronus r… |
8 |
Detecting evolving threats: NetSupport RAT campaign |
Aug. 2, 2024, 8:25 a.m. |
|
This analysis examines a recent malware campaign that utilizes the NetSupport RAT, a legitimate remote administration tool, for p… |
3 |
Distribution of AsyncRAT Disguised as Ebook |
July 10, 2024, 9:22 a.m. |
|
This analysis covers the distribution of AsyncRAT malware disguised as an ebook. The compressed file contains a malicious LNK and… |
5 |
Kimsuky Group’s New Backdoor (HappyDoor) |
July 8, 2024, 6:34 p.m. |
|
This report provides a detailed analysis of the HappyDoor malware, a new backdoor utilized by the Kimsuky threat group known for … |
7 |
Turla: A Master of Deception |
July 8, 2024, 10:45 a.m. |
|
This report details a recent campaign by the Turla threat group involving malicious LNK files that deliver a fileless backdoor. T… |
10 |
ProxyLogon and ProxyShell Used to Target Government Mail Servers in Asia, Europe, and South America |
July 5, 2024, 3:03 p.m. |
|
This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauth… |
4 |
Malvertising Campaign Leads to Execution of Oyster Backdoor |
June 24, 2024, 6:48 p.m. |
|
Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software su… |
13 |
AdsExhaust, a Newly Discovered Adware MasqueradingOculus… |
June 24, 2024, 4:35 p.m. |
|
In June 2024, the eSentire Threat Response Unit (TRU) identified adware, which we have dubbed AdsExhaust, being distributed throu… |
17 |
FHAPPI Campaign APT10 FreeHosting APT PowerSploit Poison Ivy |
June 19, 2024, 7:24 a.m. |
|
This analysis details a malicious campaign dubbed 'FHAPPI' by the researcher, which utilized compromised Geocities Japan accounts… |
5 |
From Clipboard to Compromise: A PowerShell Self-Pwn |
June 17, 2024, 11:23 a.m. |
|
This intelligence report details a unique social engineering technique observed by Proofpoint researchers, leveraging users to co… |
14 |
APT Attacks Using Cloud Storage |
June 11, 2024, 10:09 a.m. |
|
The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to … |
1 |
Warning Against Phishing Emails Prompting Execution of Commands via Paste |
June 6, 2024, 7:18 a.m. |
|
This report details a phishing campaign distributing malicious HTML files through emails. The files prompt users to paste and run… |
15 |
Decoding Water Sigbin's Latest Obfuscation Tricks |
May 30, 2024, 7:03 a.m. |
|
The China-based threat group Water Sigbin, known for deploying cryptocurrency-mining malware, exhibited new techniques to evade d… |
9 |
Gootloader walkthrough |
May 24, 2024, 8:29 a.m. |
|
The analysis delves into the intricate workings of the Gootloader malware campaign. Through a meticulously crafted social enginee… |
12 |
Spring Exacerbation: UAC-0006 increased cyberattacks |
May 22, 2024, 7:56 a.m. |
|
This report aims to provide insights into the ongoing cyber operations targeting Ukraine. It analyzes the tactics, techniques, an… |
31 |
Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware |
May 22, 2024, 7:39 a.m. |
|
Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud sto… |
16 |
Exploring the Metamorfo Banking Trojan |
May 17, 2024, 3:38 p.m. |
|
This report delves into a malware campaign known as Metamorfo, a banking Trojan that spreads through malspam campaigns. It entice… |
39 |
Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns |
May 14, 2024, 6:03 p.m. |
|
A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ranso… |
10 |
Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself |
April 29, 2024, 7:15 p.m. |
|
Following the 2023 holiday season, Akamai researchers uncovered a significant amount of highly likely malicious activity and doma… |
34 |
From IcedID to Dagon Locker Ransomware in 29 Days |
April 29, 2024, 5:23 p.m. |
|
This intrusion started in August 2023 with a phishing campaign that distributed IcedID malware. The phishing operation utilized t… |
33 |