Tag: steganography

11 Attack Reports | 0 Vulnerabilities

Attack reports

Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources

This article discusses a new obfuscation technique used by threat actors to conceal malware within bitmap resources embedded in seemingly benign 32-bit .NET applications. The malware employs a multi-stage process to extract, deobfuscate, load, and execute secondary payloads, ultimately leading to t…
obfuscation
steganography
malspam
.net
agent tesla
remcos rat
multi-stage
xloader
2025-05-09
bitmap
Published: May 9, 2025
Downloadable IOCs: 0

Steganography Analysis With pngdump.py

This article discusses the analysis of a PNG file containing hidden malicious content using the pngdump.py tool. The image, 31744 pixels wide and 1 pixel high, was found to have a PE file embedded in its pixel data. The author demonstrates how to extract the hidden file using various Python tools a…
malware
python
steganography
2025-04-26
pe file
data extraction
file analysis
png
pngdump
Published: April 26, 2025
Downloadable IOCs: 0

Operation Sea Elephant: The Dying Walrus Wandering the Indian Ocean

The CNC group, with South Asian origins, has been targeting domestic teachers, students, and research institutions. Their operation, named 'sea elephant', aims to spy on scientific research achievements in the ocean field. The group employs various tactics, including spear-phishing emails, IM softw…
steganography
keylogging
south asia
usb propagation
file stealing
2025-04-10
sogou_pinyinupdater.exe
scientific espionage
tericerit.exe
srclogsys.exe
cachestore.exe
github api
konlinesetupupdate_xa.exe
ocean research
windowassistance.exe
huaweihisuiteservice64.exe
filecoauthx86.exe
aliyun_updater64.exe
youdaogui.exe
mscleanup64.exe
windowsfilters.exe
qaxreporter.exe
Published: April 10, 2025
Downloadable IOCs: 0

New Steganographic Campaign Distributing Multiple Malware Variants

A sophisticated steganographic campaign has been observed distributing multiple stealer malware variants, including Remcos, DcRAT, AgentTesla, and VIPKeyLogger. The infection chain begins with a phishing email containing an Excel file that exploits CVE-2017-0199. This leads to the download of an HT…
obfuscation
phishing
remcos
steganography
asyncrat
dcrat
CVE-2017-0199
process hollowing
remote access trojan
agenttesla
vipkeylogger
2025-03-17
Published: March 17, 2025
Linked vulnerabilities : CVE-2017-0199
Downloadable IOCs: 13

Formbook Phishing Campaign with old Payloads

A recent phishing campaign has been observed delivering Formbook stealers through email attachments. The malware uses multiple stages and steganography to hide malicious files inside images. The infection chain involves three stages before the final payload: Purchase Order.exe, Arthur.dll, and Mont…
phishing
steganography
process-hollowing
2025-01-07
xml
formbook stealer
Published: January 7, 2025
Downloadable IOCs: 1

The Mobile Malware Chronicles: Necro.N - Volume 101

Zimperium's zLabs researchers have been tracking Necro.N, a highly intrusive mobile malware campaign, since July. This malware, potentially succeeding Joker, uses obfuscation and steganography to hide malicious payloads within images. It downloads payloads from C2 servers, enabling remote code exec…
obfuscation
steganography
c2 server
mobile malware
2024-10-21
joker
necro.n
libsvm.so
fleeceware
advertising sdk
libcoral.so
Published: October 21, 2024
Downloadable IOCs: 6

The Dark Knight Returns: Joker malware analysis

The report details sophisticated command and control (C2) techniques employed by the APT41 threat group. APT41 uses custom malware and legitimate tools to maintain persistent access to compromised networks while evading detection. Key techniques include DNS tunneling, domain fronting, and steganogr…
evasion
steganography
dns tunneling
social media
2024-10-03
command and control
apt41
cloud services
domain fronting
Published: October 3, 2024
Downloadable IOCs: 8

Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders

A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved…
backdoor
apt
cobalt strike
persistence
steganography
vietnam
2024-09-03
dll side-loading
com hijacking
human rights
Published: September 3, 2024
Downloadable IOCs: 46

Secret Message: Steganography Tricks of TA558 Group in Cyber Attacks on Enterprises in Russia and Belarus

F.A.C.C.T.'s Threat Intelligence analysts have investigated numerous cyberattacks by the TA558 group targeting enterprises, government institutions, and banks in Russia and Belarus. The attacks aimed to steal data and gain access to the organization's internal systems. TA558 used multi-stage phishi…
malware
phishing
social engineering
russia
belarus
remcos
steganography
CVE-2017-11882
agent tesla
2024-07-30
Published: July 30, 2024
Linked vulnerabilities : CVE-2017-11882
Downloadable IOCs: 74

To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers discovered two previously unknown backdoors – LunarWeb and LunarMail – compromising a European ministry of foreign affairs and its diplomatic missions abroad. LunarWeb, deployed on servers, utilizes HTTP(S) for command and control communications, mimicking legitimate requests to av…
backdoor
apt
espionage
steganography
2024-05-16
2024-05-11
diplomacy
lunarweb
lunarmail
Published: May 16, 2024
Downloadable IOCs: 12

RemcosRAT Distributed Using Steganography

Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganography techniques. The attack starts with a malicious Word document exploiting template injection, leading to the download of an RTF file that leverages an equation editor…
obfuscation
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
2024-05-08
steganography
remcosrat
process-hollowing
malicious-documents
Published: May 8, 2024
Downloadable IOCs: 4
Click here to see more Attack Reports