Tag: webdav

6 Attack Reports | 0 Vulnerabilities

Attack reports

Blind Eagle: ...And Justice for All

Check Point Research uncovered ongoing campaigns by Blind Eagle (APT-C-36) targeting Colombian institutions since November 2024. The group utilized malicious .url files, similar to CVE-2024-43451, to deliver HeartCrypt-packed malware and Remcos RAT. Campaigns infected over 1,600 victims in a single…
phishing
remcos
government
purecrypter
webdav
remcos rat
CVE-2024-43451
heartcrypt
2025-04-10
apt-c-36
colombia
Published: April 10, 2025
Downloadable IOCs: 0

Strela Stealer Targets Europe Stealthily Via WebDav

Strela Stealer, first identified by DCSO in late 2022, is a type of information-stealing malware primarily designed to exfiltrate email account credentials from widely used email clients, including Microsoft Outlook and Mozilla Thunderbird. This malware initially targeted Spanish-speaking users thr…
phishing
powershell
infostealer
dll file
webdav
2024-10-30
javascript code
zip file
webdav server
strela
Published: October 30, 2024
Downloadable IOCs: 103

Tweaking AsyncRAT: Using Python and TryCloudflare to Deploy Malware

A new AsyncRAT malware campaign utilizes TryCloudflare quick tunnels and Python packages to deliver malicious payloads. The attack chain involves HTML attachments with 'search-ms' URI protocol handlers, leading to LNK files that download BAT files. These BAT files then retrieve and execute Python s…
obfuscation
xworm
phishing
python
powershell
asyncrat
webdav
2024-10-04
shellcode injection
trycloudflare
Published: October 4, 2024
Downloadable IOCs: 15

WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution - Sekoia.io Blog

The Emmenhtal loader, also known as PeakLight, operates in a memory-only manner, making it difficult to detect and analyse. It is primarily used to distribute other malicious payloads, including well-known infostealers that target sensitive information.
darkgate
dcrat
webdav
2024-09-19
marko polo
zgrat
google cloud
clearfake
emmenhtal
peaklight
selfau3
Published: September 19, 2024
Downloadable IOCs: 120

Threat Actor Abuses Cloudflare Tunnels to Deliver RATs

Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware, particularly remote access trojans (RATs) like Xworm, AsyncRAT, VenomRAT, GuLoader, and Remcos. The campaigns employ various techniques, such as using URL files to establish connectio…
xworm
remcos
asyncrat
venomrat
guloader
rats
webdav
cloudflare
2024-08-01
Published: August 1, 2024
Downloadable IOCs: 13

Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks

Morphisec Labs has been monitoring increased activity associated with Sticky Werewolf, a suspected geopolitical or hacktivist group. While their origin remains unclear, recent techniques suggest espionage and data exfiltration intent. Sticky Werewolf has targeted the aviation industry, employing ph…
phishing
rhadamanthys stealer
2024-06-07
netwire
rats
webdav
metastealer
ozone rat
lnks
aviation
darktrack
Published: June 7, 2024
Downloadable IOCs: 14
Click here to see more Attack Reports