Today > | 3 Medium | 2 Low vulnerabilities - You can now download lists of IOCs here!
4 attack reports | 0 vulnerabilities
Threat actors are exploiting the CVE-2023-46604 vulnerability in Apache ActiveMQ to attack Korean systems, particularly using Mauri ransomware. The vulnerability allows remote code execution on unpatched servers. Attackers use XML configuration files to add backdoor accounts, install remote access …
This analysis examines HeartCrypt, a new packer-as-a-service (PaaS) used to protect malware. Developed since July 2023 and launched in February 2024, HeartCrypt charges $20 per file to pack Windows x86 and .NET payloads. It is primarily used by malware operators of families like LummaStealer, Remco…
This report outlines a continuous campaign where a threat actor distributes malware, including Quasar RAT, through a private home trading system (HTS) named HPlus. The malware is initially delivered via an MSI installer, and users who request remote assistance inadvertently execute the AnyDesk soft…
This analysis focuses on the recent activities of the ViperSoftX malware strain, which controls infected systems and steals user information. The malware is known to install additional malware payloads, including Quasar RAT and a new infostealer called TesseractStealer. TesseractStealer utilizes th…