Tag: sliver

Sophos unveils a five-year investigation tracking China-based threat actors targeting perimeter devices, particularly Sophos firewalls. The report details multiple attack campaigns, including Asnarök, Bookmark Buffer Overflow, and Covert Channels, which exploited zero-day vulnerabilities to gain ac…

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group, as a key player in a recent ransomware incident. The group appears to be collaborating with the Play ransomware group, marking a shift in their tactics. This is the first observed instance of Jumpy Pisces using existi…

Recent research has uncovered a new malicious campaign orchestrated by the notorious hacking group TeamTNT. This campaign exploits exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, utilizing compromised servers and Docker Hub as infrastructure for spreading their mali…

A BlackCat ransomware intrusion began with a Nitrogen malware campaign impersonating Advanced IP Scanner. The attackers used Sliver and Cobalt Strike beacons for post-exploitation, leveraging Python scripts for memory loading. They performed network enumeration using various tools and moved lateral…

An investigation by The DFIR report revealed a collection of batch scripts designed for defense evasion and executing command-and-control payloads. These scripts performed various actions, including disabling antivirus processes, stopping services related to SQL, Hyper-V, security tools, and Exchan…

Microsoft Threat Intelligence analyzes the activities of the North Korean threat actor Onyx Sleet, which conducts cyber espionage operations primarily targeting military, defense, and technology industries. The report covers Onyx Sleet's affiliations with other North Korean threat groups, its targe…

A long-running campaign was identified involving malicious actors impersonating Israeli entities and private companies. The operators delivered payloads through crafted WordPress sites, employing a mix of custom code and open-source malware like Donut and Sliver. While the motivations remain unclea…

Rapid7 detected an ongoing malware distribution campaign involving trojanized installers of WinSCP and PuTTY, delivered via malicious search engine ads. The infection chain employs DLL side-loading, credential access, and deploys Sliver beacons followed by Cobalt Strike. In one case, the threat act…