Tag: sectoprat

9 Attack Reports | 0 Vulnerabilities

Attack reports

Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs

This intelligence report details a sophisticated cyber intrusion with links to three major ransomware groups: Play, RansomHub, and DragonForce. The attack began with a malicious file impersonating DeskSoft's EarthTime application, which deployed SectopRAT malware. The threat actors used various too…
ransomware
lateral movement
data exfiltration
sectoprat
systembc
grixba
2025-09-08
multi-group affiliation
betruger
multi-group operation
Published: September 8, 2025
Downloadable IOCs: 0

CastleLoader Analysis

CastleLoader, a versatile malware loader, has infected 469 devices since May 2025 using Cloudflare-themed ClickFix phishing and fake GitHub repositories. It delivers information stealers and RATs, with a 28.7% infection rate. The malware employs sophisticated techniques, including PowerShell and Au…
phishing
powershell
malware loader
redline
autoit
hijackloader
c2
rats
stealc
github
netsupport rat
deerstealer
sectoprat
information stealers
2025-08-13
payload delivery
castleloader
u.s. government
Published: August 13, 2025
Downloadable IOCs: 0

Caught in the CAPTCHA: How ClickFix is Weaponizing Verification Fatigue to Deliver RATs & Infostealers

Threat actors are exploiting user fatigue with anti-spam mechanisms through a technique called ClickFix. This method involves compromising websites and embedding fraudulent CAPTCHA images, which, when solved by unsuspecting users, lead to the execution of malicious code. The attack chain typically …
rat
social engineering
powershell
infostealer
lumma
netsupport rat
sectoprat
captcha
clipboard injection
2025-05-22
Published: May 22, 2025
Downloadable IOCs: 10

Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents

A sophisticated malware campaign exploits users' trust in online file conversion tools by impersonating the legitimate service pdfcandy.com. The attack involves fake PDF-to-DOCX converters that trick victims into executing a malicious PowerShell command, leading to the installation of Arechclient2,…
phishing
social engineering
credential theft
information stealer
sectoprat
2025-04-15
pdf converter
arechclient2
Published: April 15, 2025
Downloadable IOCs: 0

Fake Zoom Ends in BlackSuit Ransomware

A malicious website mimicking Zoom led to the installation of a trojanized installer, initiating a multi-stage attack. The initial payload, d3f@ckloader, downloaded additional components, including SectopRAT. After nine days, the threat actor deployed Brute Ratel and Cobalt Strike beacons for later…
ransomware
cobalt strike
exfiltration
lateral movement
proxy
blacksuit
sectoprat
brute ratel
2025-03-31
d3f@ckloader
qdoor
Published: March 31, 2025
Downloadable IOCs: 0

Lumma Stealer Malware Thrives as Unique Patterns Uncovered in the Infostealer's Domain Clusters

Recent research reveals Lumma Stealer command and control domain clusters share specific technical characteristics, enabling mapping of entire infrastructure clusters. The infostealer's logs are being shared for free on Leaky[.]pro, a new hacking forum, offering billions of stolen credential record…
malvertising
infostealer
lumma stealer
credential theft
youtube
malspam
sectoprat
c2 infrastructure
2025-02-22
domain clusters
Published: February 22, 2025
Downloadable IOCs: 0

The Abuse of ITarian RMM by Dolphin Loader

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…
stealthy
python
lummac2
rhadamanthys
rmm
darkgate
redline
autoit
malware-as-a-service
sectoprat
2024-08-19
itarian
evade
dolphin loader
Published: August 19, 2024
Downloadable IOCs: 24

Exploring the D3F@ck Malware-as-a-Service Loader

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…
malware
loader
obfuscation
stealer
danabot
metastealer
sectoprat
2024-08-19
raccoon stealer
certificates
d3f@ck loader
Published: August 19, 2024
Linked vulnerabilities : CVE-2024-7593 (CVSS 9.8)
Downloadable IOCs: 4

Multiple Malware Dropped Through MSI Package

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…
powershell
stealer
persistence
dropper
redline
c2
2024-08-14
sectoprat
Published: August 14, 2024
Downloadable IOCs: 11
Click here to see more Attack Reports