The message itself came from the official account of the hotel merchant, Tas has contacted them before via this method to inquiry information about the hotel room.…
Tag: COLLECTION
The TrickMo Banking Trojan was identified in September 2019 and was disseminated through the TrickBot malware. In March 2020, IBM researchers analyzed a newly discovered Android Banking Trojan known as “TrickMo.”…
Published On : 2023-11-29
EXECUTIVE SUMMARYThe report highlights a surge in malicious activities by Malware-as-a-service (MaaS) operators Sordeal – particularly with their new malware ‘Nova’ – since at least September 2023. It employs extensive system information-gathering, registry modifications, and uses techniques to disable kernel-level logs for stealth.…
Tracking Vidar Infrastructure
Vidar, a malware that evolved from Arkei, stands out as one of the first stealers capable of extracting information from 2FA Software and the Tor Browser. Vidar’s C2 servers utilize HTTP over TLS, including hardcoded subject and issuer-distinguished names (DNs) on certificates.…More and more people nowadays prefer to buy goods online. And why not? It’s convenient, goods will be delivered to your doorstep, and if you choose one of many online marketplaces, it’s even possible to save some money. Sadly, scammers abuse this, targeting these services and their customers for the scammer’s benefit.…
RisePro is a malware-as-a-service info-stealer, first identified in 2022. Recently, we’ve detected a spike in it’s activity and decided to conduct an investigation, which led to interesting findings.
RisePro is a well-documented malware, but we quickly realized that the network traffic patterns of our samples did not match the existing literature.…
During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol (RDP) connections. Strongly believed to be closely tied to the preceding Dharma malware, Phobos usually operates as a Ransomware-as-a-Service (RaaS) threat model.…
[Update] February 01, 2024: U.S. Government Actions Against Volt Typhoon
As cyber currents ebb and flow, a storm named Volt Typhoon surges from the digital depths. This isn’t your typical tempest from the sea but a state-sponsored maelstrom with a tendency for espionage. Volt Typhoon, believed to be backed by the Chinese government, stands out for its sophisticated tactics and high-profile targets.…
By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023
On September 2023, the Trellix Security Operations Center (SOC) successfully detected and stopped an attack against Musarubra, the holding company for Trellix and Skyhigh Security, involving an emerging malware family named DarkGate.…
In this article, our guest author Igal Lytzki (0xToxin on Twitter) will explore and understand the dynamics occurring when a successful connection is established between the XWorm operating server and a user who has fallen victim to executing this malware. …
Authors: Shilpesh Trivedi and Nisarga C M
In April 2023, the cybersecurity community faced a significant challenge with the discovery of CVE-2023-38831, a vulnerability affecting versions of WinRAR prior to 6.23. This security flaw has become a critical concern due to its exploitation by various advanced persistent threat (APT) groups, who have used it to gain control of victim systems through deceptive methods.…
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Dark Pink employs a variety of tools and custom-built malicious software designed for data theft and espionage. Their specialized toolkit comprises:
Cucky: A straightforward custom information stealer coded in .NET. It is proficient in extracting passwords, browsing history, login credentials, and cookies from a range of web browsers targeted by the group.…Our technical experts have written a blog series focused on Tactics, Techniques and Procedures (TTP’s) deployed by four ransomware families recently observed during NCC Group’s incident response engagements.
In case you missed it, our last post analysed an Incident Response engagement involving the D0nut extortion group.…
In 2022, NSFOCUS Research Labs revealed a large-scale APT attack campaign called DarkCasino and identified an active and dangerous aggressive threat actor. By continuously tracking and in-depth study of the attacker’s activities, NSFOCUS Research Labs has ruled out its link with known APT groups, confirmed its high-level persistent threat nature, and following the operational name, named this APT group DarkCasino.…
UPDATE (November 13th, 2023): The website has removed the “DOWNLOAD APP” button, although the malicious app is still hosted on its servers.
ESET researchers have identified what appears to be a watering-hole attack on a regional news website that delivers news about Gilgit-Baltistan, a disputed region administered by Pakistan.…
Update November 13, 2023
This CSA is being re-released to add new TTPs, IOCs, and information related to Royal Ransomware activity.
End of Update
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.…