Tag: python

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7

ASEC (AhnLab Security Intelligence Center) has recently confirmed that phishing emails impersonating large domestic entertainment agencies are being distributed domestically.

Downloadable IOCs 0

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…

Downloadable IOCs 15

A sophisticated attack has been uncovered that exploits Visual Studio Code's remote tunnel capabilities for unauthorized access. The attack begins with a .LNK file, disguised as a legitimate setup, which downloads a Python package and executes a malicious script. This script establishes persistence…

Downloadable IOCs 7

Recent weeks have seen a resurgence of North Korean-aligned groups targeting developers through npm packages. The campaign, which began on August 12, 2024, involves multiple groups using various publication patterns and attack types. The malicious packages contain obfuscated JavaScript that downloa…

Downloadable IOCs 12

Predator spyware's infrastructure has resurfaced with modifications to evade detection and anonymize users, despite previous exposure and sanctions. The spyware continues to pose significant risks, especially to high-profile individuals in countries like the Democratic Republic of the Congo and Ang…

Downloadable IOCs 16

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…

Downloadable IOCs 24

This article provides an analysis of the Mint Stealer, a Python-based information stealer capable of harvesting sensitive data from infected machines. It delves into the stealer's functionality, history, and the infrastructure behind its operations, including its link to a bulletproof hosting servi…

Downloadable IOCs 20

This report discusses the AndroxGh0st malware, a Python-scripted threat targeting Laravel web applications to steal sensitive data like credentials and abuse other functionality. It exploits vulnerabilities like CVE-2017-9841, CVE-2018-15133, and CVE-2021-41773. The malware scans for exposed .env f…

Downloadable IOCs 7

This analysis describes the identification of a server likely exploiting ProxyLogon and ProxyShell vulnerabilities to gain unauthorized access to government email servers across Asia, Europe, and South America. The threat actor leveraged open-source exploit code to infiltrate systems and steal sens…

Downloadable IOCs 4

Downloadable IOCs 5

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…

Downloadable IOCs 78

Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. Zloader has continued to evolve since its resurrection around September 2023 after an almost two-year hiatus. The latest version, 2.4.1.0, introduces a feature to prevent execution on machines t…

Downloadable IOCs 8

This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean threat actors, targeting software developers through fake job interviews. The attackers trick the developers into downloading and executing malicious Python-based RAT dis…

Downloadable IOCs 7