Tag: stealth

5 Attack Reports | 0 Vulnerabilities

Attack reports

New Bumblebee Loader Infection Chain Signals Possible Resurgence

A new infection chain for the Bumblebee loader malware has been discovered, potentially indicating its resurgence after Operation Endgame. The sophisticated downloader, first identified in March 2022, is used by cybercriminals to access corporate networks and deliver payloads like Cobalt Strike bea…
loader
pikabot
phishing
cobalt strike
icedid
lnk
darkgate
latrodectus
stealth
2024-10-21
msi
bumblebee
infection-chain
in-memory-execution
Published: October 21, 2024
Downloadable IOCs: 11

Technical Analysis of a Novel IMEEX Framework

The IMEEX framework is a newly discovered, custom-built malware targeting Windows systems. Delivered as a 64-bit DLL, it offers extensive control over compromised machines, featuring execution of additional modules, file manipulation, process management, registry modification, and remote command ex…
malware
windows
persistence
infrastructure
stealth
2024-10-14
imeex
Published: October 14, 2024
Downloadable IOCs: 9

From Perfctl to InfoStealer

A new stealthy Linux malware called perfctl has been analyzed. The malware runs two processes: perfctl and a disguised process mimicking known Linux processes. It uses Tor for external communications and local sockets for inter-process communication. After 30 minutes, the attacker drops scripts to …
malware
linux
rootkit
cryptominer
data exfiltration
stealth
perfctl
2024-10-09
trufflehog
Published: October 9, 2024
Downloadable IOCs: 3

A glimpse into the next moves and associated botnets

The report provides insights into the evolving tactics and infrastructure of a threat group referred to as the 'Quad7 botnet operators.' It details the discovery of new staging servers, implants, and botnet clusters associated with this group. The operators appear to be compromising various router …
evasion
backdoors
xlogin
botnets
routers
2024-09-10
hammertoss
axlogin
fsynet
hammerduke
stealth
alogin
updtae
zylogin
netduke
rlogin
Published: September 10, 2024
Downloadable IOCs: 11

A glimpse into the Quad7 operators’ next moves and associated botnets

The report provides insights into the evolving tactics and infrastructure of a threat group referred to as the 'Quad7 botnet operators.' It details the discovery of new staging servers, implants, and botnet clusters associated with this group. The operators appear to be compromising various router …
evasion
backdoors
xlogin
botnets
routers
2024-09-10
hammertoss
axlogin
fsynet
hammerduke
stealth
alogin
updtae
zylogin
netduke
rlogin
Published: September 10, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports