| Title |
Published |
Tags |
Description |
Number of indicators |
| Mallox ransomware: in-depth analysis and evolution |
Sept. 4, 2024, 4:31 p.m. |
|
Mallox is a sophisticated ransomware family that emerged in 2021 and has since evolved into a Ransomware-as-a-Service (RaaS) oper… |
7 |
| Head Mare: adventures of a unicorn in Russia and Belarus |
Sept. 2, 2024, 8:52 p.m. |
|
Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the … |
52 |
| Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations |
Aug. 28, 2024, 2:08 p.m. |
|
This advisory outlines the activities of an Iran-based cyber threat group that has conducted numerous intrusions against organiza… |
33 |
| BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks |
Aug. 28, 2024, 2:04 p.m. |
|
The BlackByte ransomware group continues leveraging established tactics and vulnerable drivers to bypass security controls, while… |
4 |
| BlackSuit Ransomware |
Aug. 27, 2024, 8:35 a.m. |
|
The report meticulously chronicles a sophisticated intrusion which began in December 2023 and culminated in the deployment of Bla… |
16 |
| How Managed Detection and Response Pressed Pause on a Play Ransomware Attack |
Aug. 23, 2024, 9:37 a.m. |
|
This report details how Trend Micro's Managed Detection and Response (MDR) service successfully thwarted a sophisticated ransomwa… |
1 |
| Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure |
Aug. 20, 2024, 8:35 a.m. |
|
CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiat… |
18 |
| Ransomware attackers introduce new EDR killer to their arsenal |
Aug. 16, 2024, 2:58 p.m. |
|
An analysis by security researchers has uncovered the existence of a new tool called EDRKillShifter, which is used by threat acto… |
2 |
| REPLAY: Revisiting Play Ransomware Anti-Analysis Techniques |
Aug. 9, 2024, 11:19 a.m. |
|
This analysis revisits the anti-analysis techniques employed by recent variants of the Play ransomware, which is known for target… |
4 |
| DeathGrip RaaS | Small-Time Threat Actors Aim High With LockBit & Yashma Builders |
Aug. 9, 2024, 11:19 a.m. |
|
This analysis examines the emergence of DeathGrip, a Ransomware-as-a-Service (RaaS) operation that provides threat actors with ea… |
1 |
| Unmasking Cronus: How Fake PayPal Documents Execute Fileless Ransomware via PowerShell |
Aug. 7, 2024, 8:32 a.m. |
|
The analysis reveals a sophisticated campaign employing fake PayPal receipts as lures to distribute a new variant of the Cronus r… |
8 |
| SharpRhino – New Hunters International RAT |
Aug. 6, 2024, 11:18 a.m. |
|
Quorum Cyber's Incident Response team discovered a novel malware, SharpRhino, used by the threat actor Hunters International as a… |
6 |
| DNS Early Detection - Breaking the Black Basta Ransomware Kill Chain |
Aug. 2, 2024, 8:43 a.m. |
|
This intelligence analysis examines the Black Basta ransomware campaign, which has significantly impacted businesses and critical… |
1 |
| Akira Ransomware Targets the LATAM Airline Industry |
July 16, 2024, 9:53 a.m. |
|
An in-depth analysis examined a threat actor utilizing Akira ransomware to compromise a Latin American airline. The attacker gain… |
2 |
| ShadowRoot Ransomware Targeting Turkish Businesses |
July 15, 2024, 3:25 p.m. |
|
An analysis reveals a basic ransomware campaign targeting Turkish enterprises. The attack commences with a malicious PDF attachme… |
3 |
| Patch or Peril: A Veeam vulnerability incident |
July 12, 2024, 5:31 p.m. |
|
While the vulnerability CVE-2023-27532 was made public in March 2023 and subsequently patched by Veeam for versions 12/11a and la… |
2 |
| BianLian Ransomware Group: 2024 Activity Analysis |
July 12, 2024, 4:01 p.m. |
|
The intelligence report delves into the evolving tactics and operations of the BianLian ransomware group, which has emerged as on… |
8 |
| Ransomware: Activity Levels Remain High Despite Disruption |
July 11, 2024, 1:06 p.m. |
|
While overall activity levels dipped slightly in the first quarter of 2024, the number of claimed attacks remained high, with Loc… |
27 |
| Decrypted: DoNex Ransomware and its Predecessors |
July 10, 2024, 9:33 a.m. |
|
Researchers have uncovered a cryptographic flaw in the DoNex ransomware and its previous iterations, allowing for the creation of… |
8 |
| BlackSuit Ransomware: Insights and Defense Strategies |
July 8, 2024, 10:54 a.m. |
|
This report provides an in-depth analysis of the BlackSuit ransomware, a threat that has been actively targeting various sectors … |
8 |
| Mallox Ransomware: Linux Variant Decryptor Found |
July 4, 2024, 10:36 a.m. |
|
The report analyzes the Mallox ransomware, which has been active since mid-2021 and focuses on multi-extortion by encrypting vict… |
5 |
| New Ransomware Operator Volcano Demon Serving Up LukaLocker |
July 3, 2024, 11:35 a.m. |
|
A cybersecurity firm has encountered a new ransomware organization, dubbed Volcano Demon, responsible for recent attacks involvin… |
3 |
| From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer |
June 27, 2024, 8:14 a.m. |
|
P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it… |
15 |
| Chamelgang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware |
June 26, 2024, 5:32 p.m. |
|
In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and cri… |
8 |
| RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS |
June 20, 2024, 5:50 p.m. |
|
Check Point Research has identified multiple threat actors utilizing Rafel, an open-source remote administration tool (RAT). The … |
6 |
| Update: CVE-2024-4577 quickly weaponized to distribute Ransomware |
June 11, 2024, 10:13 a.m. |
|
The report describes an attack campaign leveraging the CVE-2024-4577 vulnerability to deliver the "TellYouThePass" ransomware. Th… |
5 |
| IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment |
June 10, 2024, 11:03 a.m. |
|
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial a… |
33 |
| Lost in the Fog: A New Ransomware Threat |
June 7, 2024, 10:34 a.m. |
|
Arctic Wolf Labs began monitoring the deployment of a new ransomware variant called Fog in early May 2024. The ransomware attacks… |
5 |
| TargetCompany’s Linux Variant Targets ESXi Environments |
June 6, 2024, 11:42 a.m. |
|
Since its discovery in 2021, TargetCompany has been evolving its techniques to circumvent security defenses employed by organizat… |
3 |
| Threat Actors' Systems Can Also Be Exposed and Used by Other Threat Actors |
June 6, 2024, 7:22 a.m. |
|
This report discusses a case where a CoinMiner threat actor's proxy server, used to access an infected botnet, became the target … |
34 |
| Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks |
May 29, 2024, 11:12 a.m. |
|
Microsoft has identified Moonstone Sleet, a new North Korean threat actor that employs various tactics, including creating fake c… |
20 |
| New ransomware group abusing BitLocker |
May 23, 2024, 2:49 p.m. |
|
The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized fil… |
6 |
| Threat actors misusing Quick Assist in social engineering attacks leading to ransomware |
May 16, 2024, 9:27 a.m. |
|
The report describes a recent campaign by the threat actor Storm-1811, a financially motivated cybercriminal group known for depl… |
12 |
| Ongoing Malvertising Campaign leads to Ransomware |
May 15, 2024, 3:14 p.m. |
|
Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malic… |
78 |
| Security Brief: Millions of Messages Distribute LockBit Black Ransomware |
May 13, 2024, 6:27 p.m. |
|
In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of … |
16 |
| StopRansomware: Black Basta |
May 13, 2024, 9:31 a.m. |
|
This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant f… |
174 |
| Code Emulation and Cybercrime Infrastructure Discovery |
May 8, 2024, 11:18 a.m. |
|
This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within… |
76 |
| Analysis of TargetCompany’s Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware) |
May 2, 2024, 2:07 p.m. |
|
The report analyzes recent attacks by the TargetCompany ransomware group targeting poorly managed MS-SQL servers. The group initi… |
5 |
| Ransomware Roundup (April 29, 2024) |
April 29, 2024, 6:21 p.m. |
|
This concise report provides insights into the evolving ransomware landscape, covering the KageNoHitobito and DoNex variants. It … |
7 |