Tag: DARK WEB

AXLocker Ransomware Stealing Victim’s Discord Tokens

Ransomware is one of the most critical cybersecurity problems on the internet and possibly the most powerful form of cybercrime plaguing organizations today. It has rapidly become one of the most important and profitable malware families among Threat Actors (TAs). In a typical scenario, the ransomware infection starts with the TA gaining access to the target system.…

Read More

LNK files are based on the Shell Link Binary file format, also known as Windows shortcuts. But what seems a relatively simple ability to execute other binaries on the system can inflict great harm when abused by threat actors.

Microsoft’s decision to block macros by default for files downloaded from the internet in Office applications provoked malware developers to shift to other techniques.…

Read More
Spiking Clipper Infection Targeting Cryptocurrency Users

Cyble Research and Intelligence Labs (CRIL) has continuously monitored malware campaigns that distribute different malware families, such as stealer, clipper, and ransomware.

Recently, CRIL observed a malware strain known as SmokeLoader, which carries popular malware family samples such as SystemBC and Raccoon Stealer 2.0, along with a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users.…

Read More

This post is also available in: 日本語 (Japanese)

Executive Summary

Ransom Cartel is ransomware as a service (RaaS) that surfaced in mid-December 2021. This ransomware performs double extortion attacks and exhibits several similarities and technical overlaps with REvil ransomware. REvil ransomware disappeared just a couple of months before Ransom Cartel surfaced and just one month after 14 of its alleged members were arrested in Russia.…

Read More

FortiGuard Labs recently captured an Excel document with an embedded malicious file in the wild. The embedded file with a randomized file name exploits a particular vulnerability —CVE-2017-11882—to execute malicious code to deliver and execute malware on a victim’s device.

Part I of my analysis explained how this crafted Excel document exploits CVE-2017-11882 and what it does when exploiting that vulnerability.…

Read More
Key Takeaways

Sygnia recently investigated a Cheerscrypt ransomware attack which utilized Night Sky ransomware TTPs. Further analysis       revealed that Cheerscrypt and Night Sky are both rebrands of the same threat group, dubbed ‘Emperor Dragonfly’ by Sygnia.

‘Emperor Dragonfly’ (A.K.A. DEV-0401 / BRONZE STARLIGHT) deployed open-source tools that were written by Chinese developers for Chinese users.…

Read More

Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in the Dark Web. On some sources the alternative name is Moloch, which has some connection to a phishing-kit developed by several notable underground actors who targeted the financial institutions and e-commerce sector before.…

Read More
Sophisticated XWorm RAT with Ransomware and HNVC Attack Capabilities

During a routine threat-hunting exercise, Cyble research labs discovered a dark web post where a malware developer was advertising a powerful Windows RAT.

Figure 1 – Dark Web Post for XWorm

This post redirected us to the website of the malware developer, where multiple malicious tools are being sold.…

Read More

Industrial Spy is a relatively new ransomware group that emerged in April 2022. In some instances, the threat group appears to only exfiltrate and ransom data, while in other cases they encrypt, exfiltrate and ransom data. Industrial Spy started as a data extortion marketplace where criminals could buy large companies’ internal data; they promoted this marketplace using README.txt…

Read More

Cybercriminals are always looking for innovative techniques to evade security solutions. Based on the Resecurity® HUNTER assessment, attackers are actively leveraging tools allowing them to generate malicious shortcut files (.LNK files) for payload delivery.

Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company protecting Fortune 500’s worldwide, has detected an update to one of them most popular tools used by cybercriminals.…

Read More

Author: S2W TALON

Last Modified : 2022.06.16.

Photo by Gary Bendig on Unsplash Executive Summary On March 25, 2022, the operator of Raccoon Stealer, who was active on the dark web forum, temporarily suspended his activities since a key developer died in the Russia-Ukraine War. On May 17, 2022, the operator mentioned that the development of a new version of the stealer was completed, and uploaded details of changes, improvements, and prices to their Telegram channel.…
Read More

Update 05.27.22: An unknown APT group is targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the Ukraine conflict. Source: Security Affairs.

It’s not often that we get to observe the behind-the-scenes drama that can accompany the creation of new malware, but when we do, it gives us a fascinating glimpse into how threat actors operate.…

Read More