Title |
Published |
Tags |
Description |
Number of indicators |
Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant |
July 15, 2024, 3:14 p.m. |
|
This report analyzes a recent phishing campaign distributing a new DarkGate Remote Access Trojan variant. The malware leverages v… |
4 |
CVE-2024-4577 Exploits in the Wild One Day After Disclosure |
July 11, 2024, 8:35 p.m. |
|
One of the most recent examples of this onslaught lies in a critical vulnerability discovered in PHP (versions 8.1.*, before 8.1.… |
17 |
Attack Case against HFS (HTTP File Server) Server (Suspected CVE-2024-23692) |
July 3, 2024, 11:39 a.m. |
|
A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute mal… |
14 |
An Android RAT targets Telegram Users |
June 28, 2024, 2:49 p.m. |
|
This analysis discusses SpyMax, a Remote Access Trojan (RAT) that targets Android devices and specifically aims at obtaining data… |
4 |
espionage group targets government agencies with and more infection techniques |
June 24, 2024, 8:11 a.m. |
|
A recently discovered threat actor, dubbed 'SneakyChef,' has been conducting an ongoing espionage campaign targeting government a… |
148 |
Unveiling SpiceRAT: Latest tool targeting EMEA and Asia |
June 24, 2024, 8:03 a.m. |
|
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, employed by the threat actor SneakyChef in a recent mali… |
6 |
RAT Distributed as UUEncoding (UUE) File |
June 11, 2024, 10:11 a.m. |
|
This intelligence report describes a malicious operation where the Remcos Remote Access Trojan (RAT) is being disseminated throug… |
3 |
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment |
June 10, 2024, 11:03 a.m. |
|
This report details an intrusion that commenced with a spam campaign distributing a forked IcedID loader. After gaining initial a… |
33 |
Malicious Campaign Analysis: JScript RAT and CobaltStrike |
June 7, 2024, 8:59 a.m. |
|
This report examines a recent malicious campaign involving a JScript-based Remote Access Trojan (RAT) and its connections to the … |
4 |
DarkGate again but... Improved? |
June 6, 2024, 8:16 a.m. |
|
The report details the latest developments surrounding the DarkGate remote access trojan, including its enhanced capabilities in … |
313 |
DarkCrystal RAT Cyber Attacks Targeting Government Officials in Ukraine |
June 6, 2024, 8:02 a.m. |
|
This intelligence document outlines targeted cyber attacks against government officials, military personnel, and defense industry… |
14 |
SugarGh0st RAT Used to Target American Artificial Intelligence Experts |
May 16, 2024, 10:07 a.m. |
|
This intelligence report provides details about a SugarGh0st RAT campaign conducted by an unattributed threat actor, tracked as U… |
9 |
The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India |
May 15, 2024, 3:16 p.m. |
|
CRIL's analysis revealed SideCopy APT group's sophisticated malware campaign, employing malicious LNK files and a complex infecti… |
21 |
GoTo Meeting loads RAT via Shellcode Loader |
May 13, 2024, 9:47 a.m. |
|
A malicious campaign has been discovered that exploits the legitimate GoTo Meeting online conferencing software to deploy the Rem… |
17 |
Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack |
May 10, 2024, 1:45 p.m. |
|
The report details an ongoing malware campaign targeting South Korean users, which disguises malicious payloads as cracked versio… |
12 |
Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four |
May 9, 2024, 3:14 p.m. |
|
This comprehensive analysis provides a thorough examination of the REMCOS Remote Access Trojan (RAT), a prominent malware threat … |
34 |
HijackLoader Updates |
May 7, 2024, 8:36 a.m. |
|
HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variet… |
11 |
Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors |
April 29, 2024, 6:38 p.m. |
|
This report delves into an ongoing social engineering attack campaign, codenamed DEV#POPPER, likely orchestrated by North Korean … |
7 |