Tag: rootkit
7 attack reports | 0 vulnerabilities
Attack reports
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
From Perfctl to InfoStealer
A new stealthy Linux malware called perfctl has been analyzed. The malware runs two processes: perfctl and a disguised process mimicking known Linux processes. It uses Tor for external communications and local sockets for inter-process communication. After 30 minutes, the attacker drops scripts to …
Downloadable IOCs 3
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Return of Ghost Emperor’s Demodex
This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
Downloadable IOCs 3
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransom…
Downloadable IOCs 15
Uncovering Espionage Operations
This comprehensive analysis delves into the intricate tactics employed by a suspected China-nexus cyber espionage actor, UNC3886. The report unveils the group's sophisticated exploitation of zero-day vulnerabilities and their deployment of rootkits like REPTILE and MEDUSA for persistent system acce…
Downloadable IOCs 39
Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
Downloadable IOCs 6
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
From Perfctl to InfoStealer
A new stealthy Linux malware called perfctl has been analyzed. The malware runs two processes: perfctl and a disguised process mimicking known Linux processes. It uses Tor for external communications and local sockets for inter-process communication. After 30 minutes, the attacker drops scripts to …
Downloadable IOCs 3
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Return of Ghost Emperor’s Demodex
This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
Downloadable IOCs 3
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransom…
Downloadable IOCs 15
Uncovering Espionage Operations
This comprehensive analysis delves into the intricate tactics employed by a suspected China-nexus cyber espionage actor, UNC3886. The report unveils the group's sophisticated exploitation of zero-day vulnerabilities and their deployment of rootkits like REPTILE and MEDUSA for persistent system acce…
Downloadable IOCs 39
Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
Downloadable IOCs 6
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
From Perfctl to InfoStealer
A new stealthy Linux malware called perfctl has been analyzed. The malware runs two processes: perfctl and a disguised process mimicking known Linux processes. It uses Tor for external communications and local sockets for inter-process communication. After 30 minutes, the attacker drops scripts to …
Downloadable IOCs 3
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Return of Ghost Emperor’s Demodex
This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
Downloadable IOCs 3
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransom…
Downloadable IOCs 15
Uncovering Espionage Operations
This comprehensive analysis delves into the intricate tactics employed by a suspected China-nexus cyber espionage actor, UNC3886. The report unveils the group's sophisticated exploitation of zero-day vulnerabilities and their deployment of rootkits like REPTILE and MEDUSA for persistent system acce…
Downloadable IOCs 39
Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
Downloadable IOCs 6
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
From Perfctl to InfoStealer
A new stealthy Linux malware called perfctl has been analyzed. The malware runs two processes: perfctl and a disguised process mimicking known Linux processes. It uses Tor for external communications and local sockets for inter-process communication. After 30 minutes, the attacker drops scripts to …
Downloadable IOCs 3
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Return of Ghost Emperor’s Demodex
This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
Downloadable IOCs 3
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransom…
Downloadable IOCs 15
Uncovering Espionage Operations
This comprehensive analysis delves into the intricate tactics employed by a suspected China-nexus cyber espionage actor, UNC3886. The report unveils the group's sophisticated exploitation of zero-day vulnerabilities and their deployment of rootkits like REPTILE and MEDUSA for persistent system acce…
Downloadable IOCs 39
Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
Downloadable IOCs 6
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
From Perfctl to InfoStealer
A new stealthy Linux malware called perfctl has been analyzed. The malware runs two processes: perfctl and a disguised process mimicking known Linux processes. It uses Tor for external communications and local sockets for inter-process communication. After 30 minutes, the attacker drops scripts to …
Downloadable IOCs 3
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Return of Ghost Emperor’s Demodex
This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
Downloadable IOCs 3
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransom…
Downloadable IOCs 15
Uncovering Espionage Operations
This comprehensive analysis delves into the intricate tactics employed by a suspected China-nexus cyber espionage actor, UNC3886. The report unveils the group's sophisticated exploitation of zero-day vulnerabilities and their deployment of rootkits like REPTILE and MEDUSA for persistent system acce…
Downloadable IOCs 39
Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
Downloadable IOCs 6
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
From Perfctl to InfoStealer
A new stealthy Linux malware called perfctl has been analyzed. The malware runs two processes: perfctl and a disguised process mimicking known Linux processes. It uses Tor for external communications and local sockets for inter-process communication. After 30 minutes, the attacker drops scripts to …
Downloadable IOCs 3
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Return of Ghost Emperor’s Demodex
This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
Downloadable IOCs 3
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransom…
Downloadable IOCs 15
Uncovering Espionage Operations
This comprehensive analysis delves into the intricate tactics employed by a suspected China-nexus cyber espionage actor, UNC3886. The report unveils the group's sophisticated exploitation of zero-day vulnerabilities and their deployment of rootkits like REPTILE and MEDUSA for persistent system acce…
Downloadable IOCs 39
Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
Downloadable IOCs 6
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
Downloadable IOCs 17
From Perfctl to InfoStealer
A new stealthy Linux malware called perfctl has been analyzed. The malware runs two processes: perfctl and a disguised process mimicking known Linux processes. It uses Tor for external communications and local sockets for inter-process communication. After 30 minutes, the attacker drops scripts to …
Downloadable IOCs 3
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
A sophisticated Linux malware named 'perfctl' has been actively targeting millions of servers worldwide for the past 3-4 years. It exploits over 20,000 types of misconfigurations to compromise Linux systems. The malware employs advanced evasion techniques, including rootkits, process masquerading, …
Downloadable IOCs 9
The Return of Ghost Emperor’s Demodex
This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
Downloadable IOCs 3
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
P2Pinfect is a sophisticated malware that utilizes a peer-to-peer botnet for command and control. Initially appearing dormant, it has evolved to deploy ransomware and cryptominer payloads. The malware spreads via exploiting Redis and limited SSH capabilities. A recent update introduced a new ransom…
Downloadable IOCs 15
Uncovering Espionage Operations
This comprehensive analysis delves into the intricate tactics employed by a suspected China-nexus cyber espionage actor, UNC3886. The report unveils the group's sophisticated exploitation of zero-day vulnerabilities and their deployment of rootkits like REPTILE and MEDUSA for persistent system acce…
Downloadable IOCs 39
Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.
Downloadable IOCs 6