Tag: privilege-escalation
11 attack reports | 0 vulnerabilities
Attack reports
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149
Chinese Hackers Toolkit Uncovered And Activity History Uncovered
A Chinese hacking group called 'You Dun' was discovered through an exposed open directory, revealing their comprehensive attack infrastructure. The group utilized sophisticated reconnaissance tools and exploited Zhiyuan OA software via SQL injection attacks, targeting South Korean pharmaceutical or…
Downloadable IOCs 7
Understanding the Initial Stages of Web Shell and VPN Threats: An MXDR Analysis
This analysis examines two cybersecurity incidents: a web shell attack and a VPN compromise. The web shell attack involved uploading malicious files to a server, executing commands, creating a local admin account, and attempting to establish persistence. The VPN compromise led to lateral movement, …
Downloadable IOCs 1
DarkComet RAT: Technical Analysis of Attack Chain
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs …
Downloadable IOCs 1
Attackers Target Exposed Docker Remote API Servers With perfctl Malware
An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…
Downloadable IOCs 6
Advanced Cyberattacks Against UAE and Gulf Regions
Earth Simnavaz, also known as APT34 and OilRig, has been actively targeting governmental entities in the UAE and Gulf region. The group employs sophisticated tactics, including a backdoor that exploits Microsoft Exchange servers for credential theft and the use of CVE-2024-30088 for privilege escal…
Downloadable IOCs 17
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Nanshou Campaign - Hackers' Arsenal Grows Stronger
This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners …
Downloadable IOCs 28
StopRansomware: RansomHub Ransomware
RansomHub is a ransomware-as-a-service variant that has targeted over 210 victims across various critical infrastructure sectors since February 2024. It employs a double-extortion model, encrypting systems and exfiltrating data. The ransom note provides victims with a client ID and instructions to …
Downloadable IOCs 14
Ransomware attackers introduce new EDR killer to their arsenal
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat actors to disable endpoint protection software during ransomware attacks. The tool is designed to terminate antivirus and endpoint detection and response (EDR) solutions on t…
Downloadable IOCs 2
Analysis of CoinMiner Attacks Targeting Web Servers
The report details two separate attack cases targeting a Korean medical institution's web server, resulting in the installation of CoinMiners. The targeted server was a Windows IIS server, likely with PACS software installed. In both attacks, web shells were uploaded, and system information was col…
Downloadable IOCs 59
DISGOMOJI Malware Used to Target Indian Government
Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
Downloadable IOCs 149