/vx-underground/Malware Analysis/2024/

1153 directories 0 files
Name Size Modified
Go up
2024-01-01 - Russian Language Cybercriminal Forums - An Excursion Into The Core Of The Underground Ecosystem/
2024-01-02 - Open Source Stealers (OSS) – Python/
2024-01-03 - Security Copilot Promptbook - Threat Actor Profile/
2024-01-03 - Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion/
2024-01-04 - Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware/
2024-01-04 - Hunting for Cobalt Strike in PCAP/
2024-01-04 - Qakbot Returns/
2024-01-05 - AsyncRAT loader - Obfuscation, DGAs, decoys and Govno/
2024-01-05 - DarkGate from AutoIT to Shellcode Execution/
2024-01-05 - Turkish espionage campaigns in the Netherlands/
2024-01-06 - Technical Analysis of recent Pikabot Core Module/
2024-01-06 - Understanding Internals of SmokeLoader/
2024-01-07 - INC Linux Ransomware - Sandboxing with ELFEN and Analysis/
2024-01-08 - Deceptive Cracked Software Spreads Lumma Variant on YouTube/
2024-01-08 - Mastercard Data Leak, New Fully Undetectable Ransomware, Elusive Stealer Source Code Leak, and More/
2024-01-09 - Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police/
2024-01-09 - Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign/
2024-01-09 - Data Insights on AgentTesla and OriginLogger Victims/
2024-01-09 - IcedID – Technical Malware Analysis [Second Stage]/
2024-01-09 - New RE#TURGENCE Attack Campaign- Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware/
2024-01-10 - Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN/
2024-01-10 - Analysis of an Info Stealer — Chapter 2 - The iOS App/
2024-01-10 - Analyzing APT28’s OCEANMAP Backdoor & Exploring its C2 Server Artifacts/
2024-01-10 - Atomic Stealer rings in the new year with updated version/
2024-01-11 - Clearing the Fog of War – A critical analysis of recent energy sector cyberattacks in Denmark and Ukraine/
2024-01-11 - Volt Typhoon Compromises 30 percent of Cisco RV320 and 325 Devices in 37 Days/
2024-01-12 - Cutting Edge - Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation/
2024-01-12 - CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign/
2024-01-12 - Sneaky Azorult Back in Action and Goes Undetected/
2024-01-15 - A Victim of Mallox Ransomware - How Truesec CSIRT Fought Back/
2024-01-15 - An Introduction to Reverse Engineering .NET AOT Applications/
2024-01-15 - From Russia With Code - Disarming Atomic Stealer/
2024-01-15 - Hunting AsyncRAT & QuasarRAT/
2024-01-15 - Ivanti Connect Secure VPN Exploitation Goes Global/
2024-01-15 - NoaBot Botnet - Sandboxing with ELFEN and Analysis/
2024-01-16 - Detailed Analysis of DarkGate; Investigating new top-trend backdoor malware/
2024-01-16 - Keyhole Analysis/
2024-01-16 - P2PInfect Worm Evolves to Target a New Platform/
2024-01-17 - Enter The Gates - An Analysis of the DarkGate AutoIt Loader/
2024-01-17 - New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs/
2024-01-17 - Whispers of Atlantida - Safeguarding Your Digital Treasure/
2024-01-18 - Chae$ Chronicles - Version 4.1 Dedicated to Morphisec Researchers/
2024-01-18 - Detect Mortis Locker Ransomware with YARA/
2024-01-18 - Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware/
2024-01-19 - Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021/
2024-01-19 - Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard/
2024-01-19 - npm Package Found Delivering Sophisticated RAT/
2024-01-19 - Parrot TDS - A Persistent and Evolving Malware Campaign/
2024-01-19 - Zloader - No Longer Silent in the Night/
2024-01-21 - A Look into PlugX Kernel driver/
2024-01-22 - Cactus Ransomware/
2024-01-22 - Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web/
2024-01-22 - Pikabot distirbution methods and capabilities/
2024-01-22 - ScarCruft - Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals/
2024-01-23 - CherryLoader - A New Go-based Loader Discovered in Recent Intrusions/
2024-01-23 - Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver/
2024-01-23 - NetSupport RAT hits again with new IOCs/
2024-01-23 - Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks/
2024-01-24 - Layers of Deception - Analyzing the Complex Stages of XLoader 4.3 Malware Evolution/
2024-01-24 - The Endless Struggle Against APT10- Insights from LODEINFO v0.6.6 - v0.7.3 Analysis/
2024-01-25 - Midnight Blizzard - Guidance for responders on nation-state attack/
2024-01-25 - NSPX30 - A sophisticated AitM-enabled implant evolving since 2005/
2024-01-26 - Russian APT Operation - Star Blizzard/
2024-01-29 - Analysis of FalseFont Backdoor used by Peach-Sandstorm Threat Actor/
2024-01-29 - Blackwood APT Group Has a New DLL Loader/
2024-01-29 - Compromised routers are still leveraged as malicious infrastructure/
2024-01-29 - HeadCrab 2.0 - Evolving Threat in Redis Malware Landscape/
2024-01-29 - KrustyLoader - Rust malware linked to Ivanti ConnectSecure compromises/
2024-01-29 - Technical analysis of WinRAR zero-day malware and C2 protocol emulation/
2024-01-30 - DarkGate malware delivered via Microsoft Teams - detection and response/
2024-01-30 - Evolution of UNC4990 - Uncovering USB Malware's Hidden Depths/
2024-01-30 - Python’s Byte - The Rise of Scripted Ransomware/
2024-01-30 - Reporting on Volt Typhoon’s “JDY” Botnet Administration Via Tor Sparks Questions/
2024-01-30 - The Bear and The Shell- New Campaign Against Russian Opposition/
2024-01-30 - Trigona Ransomware Threat Actor Uses Mimic Ransomware/
2024-01-31 - Pawn Storm Uses Brute Force and Stealth Against High-Value Targets/
2024-01-31 - Technical analysis - The silent torrent of VileRAT/
2024-01-31 - Tracking 15 Years of Qakbot Development/
2024-02-01 - Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor/
2024-02-01 - ESET takes part in global operation to disrupt the Grandoreiro banking trojan/
2024-02-01 - From the Depths - Analyzing the Cthulhu Stealer Malware for macOS/
2024-02-01 - Installskey Rewind 2023/
2024-02-02 - CrackedCantil Dropper Delivers Numerous Malware/
2024-02-02 - FritzFrog Botnet Expands Attack Arsenal with Log4Shell Exploits/
2024-02-02 - Practical FOFA Asset Expansion - APT-C-23 Android Malware/
2024-02-02 - Proactive response - AnyDesk, any breach/
2024-02-04 - CrackedCantil- A Malware Symphony Breakdown/
2024-02-06 - APT-K-47 Organization Launches Espionage Attacks Using a New Trojan Tool/
2024-02-06 - BSI - Active APT groups in Germany/
2024-02-06 - German Federal Office for Information Security - Active APT groups in Germany/
2024-02-06 - Iran accelerates cyber ops against Israel from chaotic start/
2024-02-06 - Unfolding Agent Tesla - The Art of Credentials Harvesting/
2024-02-07 - HijackLoader Expands Techniques to Improve Defense Evasion/
2024-02-07 - Iran surges cyber-enabled influence operations in support of Hamas/
2024-02-07 - Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer/
2024-02-07 - KV-Botnet - Don’t call it a Comeback/
2024-02-07 - MAR-10448362-1.v1 Volt Typhoon/
2024-02-07 - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure/
2024-02-07 - Raspberry Robin Keeps Riding the Wave of Endless 1-Days/
2024-02-08 - New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization/
2024-02-08 - Unmasking-the-dot-stealer/
2024-02-09 - Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT/
2024-02-09 - SugarGh0st RAT attacks Kazakhstan – State Technical Service/
2024-02-09 - The Phoenix Rises Again/
2024-02-10 - KrustyLoader - About stripped Rust symbol recovery/
2024-02-11 - Analysing STOP Ransomware/
2024-02-12 - China’s Cyber Revenge - Why the PRC Fails to Back Its Claims of Western Espionage/
2024-02-12 - The (D)Evolution of Pikabot/
2024-02-13 - Bumblebee Buzzes Back in Black/
2024-02-13 - CharmingCypress - Innovating Persistence/
2024-02-13 - Unraveling the Many Stages and Techniques Used by RedCurl-EarthKapre APT/
2024-02-13 - Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day/
2024-02-13 - What is Lumma Stealer/
2024-02-14 - CVE-2024-21412 -Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day/
2024-02-14 - Hamas-linked SameCoin campaign malware analysis/
2024-02-14 - My-Game Retired - Latest Changes to Gootloader/
2024-02-14 - Zloader Strikes Back/
2024-02-15 - TinyTurla Next Generation - Turla APT spies on Polish NGOs/
2024-02-16 - Malware Analysis — AgentTesla/
2024-02-16 - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign/
2024-02-16 - VOLTZITE/
2024-02-16 - Writing a Qakbot 5.0 config extractor with Malcat/
2024-02-18 - I-S00N GitHub leaks/
2024-02-19 - A Technical Analysis of the BackMyData Ransomware Used to Attack Hospitals in Romania/
2024-02-19 - Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)/
2024-02-19 - Anatsa Trojan Returns - Targeting Europe and Expanding Its Reach/
2024-02-19 - BfV and NIS warning of North Korean cyber threats targeting the Defense Sector/
2024-02-19 - Pelmeni Wrapper - New Wrapper of Kazuar (Turla Backdoor)/
2024-02-20 - Earth Preta Campaign Uses DOPLUGS to Target Asia/
2024-02-20 - Understanding Macros in Malware - Types, Capabilities, Case Study/
2024-02-21 - A stealthy threat uncovered - TeaBot on Google Play Store/
2024-02-21 - Automating Qakbot Malware Analysis with Binary Ninja/
2024-02-21 - Brussels spyware bombshell - Surveillance software found on officials’ phones/
2024-02-21 - Malware Analysis — Remcos RAT/
2024-02-21 - Operation Texonto - Information operation targeting Ukrainian speakers in the context of the war/
2024-02-21 - To Russia With Love - Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer/
2024-02-22 - 8220 Gang Cryptomining Campaign Targets Linux & Windows Platforms/
2024-02-22 - CloudRouter - 911 Proxy Resurrected/
2024-02-22 - Doppelgänger - Russia-Aligned Influence Operation Targets Germany/
2024-02-22 - Malware Analysis - XWorm/
2024-02-22 - Scattered Spider laying new eggs/
2024-02-22 - To Russia With Love - Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer/
2024-02-23 - PIKABOT, I choose you!/
2024-02-23 - SVR cyber actors adapt tactics for initial cloud access/
2024-02-23 - TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)/
2024-02-23 - Xeno RAT - A New Remote Access Trojan with Advance Capabilities/
2024-02-26 - Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples/
2024-02-26 - Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections/
2024-02-26 - SEO Poisoning to Domain Control - The Gootloader Saga Continues/
2024-02-26 - UAC-0149 Attack Detection - Hackers Launch a Targeted Attack Against the Armed Forces of Ukraine, as CERT-UA Reports/
2024-02-26 - “Pantsless Data”- Decoding Chinese Cybercrime TTPs/
2024-02-27 - European diplomats targeted by SPIKEDWINE with WINELOADER/
2024-02-27 - Hunting PrivateLoader - The malware behind InstallsKey PPI service/
2024-02-27 - Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations/
2024-02-27 - Unveiling Phemedrone Stealer - Threat Analysis and Detections/
2024-02-27 - When Cats Fly - Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors/
2024-02-27 - When Stealers Converge - New Variant of Atomic Stealer in the Wild/
2024-02-28 - GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange/
2024-02-28 - Just Carry A Ladder - Why Your EDR Let Pikabot Jump Through/
2024-02-28 - New Malicious PyPI Packages used by Lazarus/
2024-02-28 - XRed Backdoor - The Hidden Threat in Trojanized Programs/
2024-02-29 - Dissecting DarkGate - Modular Malware Delivery and Persistence as a Service/
2024-02-29 - Don't get BITTER about being targeted -- fight back with the help of the community/
2024-02-29 - Novel ELF64 Remote Access Tool Embedded in Malicious PyPI Uploads/
2024-02-29 - Same Same, but Different/
2024-02-29 - The Anatomy of an ALPHA SPIDER Ransomware Attack/
2024-03-01 - Agent Tesla Analysis [Part 2 - Deobfuscation]/
2024-03-01 - APT37's ROKRAT HWP Object Linking and Embedding/
2024-03-01 - Malware Analysis - Cobalt Strike/
2024-03-01 - NoName057(16)’s DDoSia project- 2024 updates and behavioural shifts/
2024-03-01 - Taking a deep dive into SmokeLoader/
2024-03-04 - 40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager/
2024-03-04 - Inside DarkGate- Exploring the infection chain and capabilities/
2024-03-04 - NIS Press Release - cyber attacks targeting domestic semiconductor equipment companies/
2024-03-04 - On-Device Fraud on the rise- exposing a recent Copybara fraud campaign/
2024-03-04 - Shadow Hunting- Analysis of APT37’s attack activities against South Korea using North Korean political topics/
2024-03-04 - TA577’s Unusual Attack Chain Leads to NTLM Data Theft/
2024-03-05 - Anxun and Chinese APT Activity/
2024-03-05 - Coper - Octo - A Conductor for Mobile Mayhem… With Eight Limbs-/
2024-03-05 - TODDLERSHARK - ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant/
2024-03-05 - TODDLERSHARK- ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant/
2024-03-05 - Unknown Nim Loader using PSBypassCLM/
2024-03-06 - TA4903- Actor Spoofs U.S. Government, Small Businesses in Phishing, BEC Bids/
2024-03-06 - Tracking Adversaries- UAC-0050, Cracking The DaVinci Code/
2024-03-07 - 2024-03-07 (THURSDAY)- LATRODECTUS INFECTION LEADS TO LUMMA STEALER/
2024-03-07 - Evasive Panda leverages Monlam Festival to target Tibetans/
2024-03-08 - KrustyLoader - Leveraging rust compilation artifacts to obtain reliable compilation timestamps and pivoting/
2024-03-08 - Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard/
2024-03-09 - Kimsuky 2/
2024-03-09 - New Backdoor Activity Socks5Systemz/
2024-03-09 - Revealing the Abyss Ransomware/
2024-03-10 - SysWhispers2 analysis/
2024-03-11 - Acuity Federal Contractor Breach, Okta Customers Leak, DCRat Exploit and Access Sales/
2024-03-11 - Study of a targeted attack on a Russian enterprise in the mechanical-engineering sector/
2024-03-12 - Donex ransomware/
2024-03-12 - North Kimsuky organization's policy advisor camouflaged spear phishing beware/
2024-03-12 - VCURMS- A Simple and Functional Weapon/
2024-03-13 - CVE-2024-21412- DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign/
2024-03-13 - LESLIELOADER – Undocumented Loader Observed/
2024-03-13 - NewBot Loader/
2024-03-13 - RisePro stealer targets Github users in “gitgub” campaign/
2024-03-14 - Unveiling the depths of Residential Proxies providers/
2024-03-15 - Inside the Rabbit Hole- BunnyLoader 3.0 Unveiled/
2024-03-17 - Carving the IcedId - Part 3/
2024-03-18 - Analysis of New DEEP-GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware/
2024-03-18 - APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme/
2024-03-18 - FORCE (.FORCE) ransomware virus – removal and decryption options/
2024-03-18 - Mirai Nomi- A Botnet Leveraging DGA/
2024-03-18 - Operation PhantomBlu- New and Evasive Method Delivers NetSupport RAT/
2024-03-18 - Planet Stealer Malware Analysis Report (Paywall)/
2024-03-19 - How Rogue ISPs Tamper With Geofeeds/
2024-03-19 - Malware Analysis NjRat/
2024-03-20 - Blind Eagle's North American Journey/
2024-03-20 - Python Ciphering - Delving into Evil Ant’s Ransomware’s Tactics/
2024-03-20 - Review of the Summer 2023 Microsoft Exchange Online Intrusion/
2024-03-21 - AcidPour - New Embedded Wiper Variant of AcidRain Appears in Ukraine/
2024-03-21 - Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware/
2024-03-21 - Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect/
2024-03-21 - China-linked Threats to Operational Technology/
2024-03-21 - New details on TinyTurla’s post-compromise activity reveal full kill chain/
2024-03-21 - Security Brief- TA450 Uses Embedded Links in PDF Attachments in Latest Campaign/
2024-03-21 - TA450 (MuddyWater) uses embedded links in PDF attachments in latest campaign/
2024-03-22 - APT29 Uses WINELOADER to Target German Political Parties/
2024-03-22 - Beware- Malicious Android Malware Disguised as Government Alerts/
2024-03-22 - Large-Scale StrelaStealer Campaign in Early 2024/
2024-03-24 - Analysis of DEV#POPPER- New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors/
2024-03-24 - DinodasRAT Linux implant targeting entities worldwide/
2024-03-24 - Understanding API Hashing and build a rainbow table for LummaStealer/
2024-03-25 - Clipping Wings- Our Analysis of a Pegasus Spyware Sample/
2024-03-25 - Reverse Engineering Snake Keylogger- Full .NET Malware Analysis Walkthrough/
2024-03-25 - Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians/
2024-03-25 - Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure/
2024-03-25 - UK holds China state-affiliated organisations and individuals (APT31) responsible for malicious cyber activity/
2024-03-26 - ASEAN Entities in the Spotlight- Chinese APT Group Targeting/
2024-03-26 - Comprehensive Analysis of EMOTET Malware- Part 1/
2024-03-26 - Investigation into hacking of Finnish Parliament's information systems has been ongoing/
2024-03-26 - Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)/
2024-03-26 - New Zealand accuses China of hacking parliament, condemns activity/
2024-03-26 - The Darkside Of TheMoon/
2024-03-27 - Operation FlightNight- Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign/
2024-03-27 - Sync-Scheduler- A Dedicated Document Stealer/
2024-03-27 - Uncovering Malicious Infrastructure with DNS Pivoting/
2024-03-28 - Android Malware Vultur Expands Its Wingspan/
2024-03-28 - BITTER APT Targets Chinese Government Agency/
2024-03-28 - Russian researchers say espionage operation using WinRAR bug is linked to Ukraine/
2024-03-29 - New MuddyWater Campaigns After Operation Swords of Iron/
2024-03-31 - Malware Spotlight - Linodas aka DinodasRAT for Linux/
2024-04-01 - Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects/
2024-04-01 - U.S. Faces Cyber Onslaught- Fico Breach, ID, CC, Military Data Sale/
2024-04-02 - APT and financial attacks on industrial organizations in H2 2023/
2024-04-02 - Earth Freybug Uses UNAPIMON for Unhooking Critical APIs/
2024-04-02 - Updated StrelaStealer Targeting European Countries/
2024-04-04 - CoralRaider targets victims’ data and social media accounts/
2024-04-04 - Cutting Edge, Part 4- Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies/
2024-04-04 - Hackers claim to breach database containing thousands of Russian criminal records/
2024-04-05 - Powerhost’s ESXi Servers Encrypted with New SEXi Ransomware/
2024-04-05 - Ransomware Desires VMware Hypervisors in Ongoing Campaign/
2024-04-07 - Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA) Contact Data (UPDATED)/
2024-04-08 - Vedalia APT Group Exploits Oversized LNK Files to Deliver Malware/
2024-04-09 - BlueShell- Four Years On, Still A Formidable Threat/
2024-04-09 - Havoc C2 Framework – A Defensive Operator’s Guide/
2024-04-09 - RUBYCARP- A Detailed Analysis of a Sophisticated Decade-Old Botnet Group/
2024-04-09 - Starry Addax targets human rights defenders in North Africa with new malware/
2024-04-09 - Unpacking the Blackjack Group's Fuxnet Malware/
2024-04-09 - Unraveling Not AZORult but Koi Loader- A Precursor to Koi Stealer/
2024-04-10 - eXotic Visit campaign - Tracing the footprints of Virtual Invaders/
2024-04-10 - Leak of Epsilon Stealer's source code/
2024-04-10 - Turla APT Targets Albania With Backdooor in Ongoing Campaign to Breach European Organizations/
2024-04-11 - Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear/
2024-04-11 - LightSpy Returns - Renewed Espionage Campaign Targets Southern Asia, Possibly India/
2024-04-12 - Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400/
2024-04-12 - XZ backdoor story - Initial analysis/
2024-04-12 - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)/
2024-04-13 - Analysis of malicious Microsoft office macros/
2024-04-14 - Sysrv Infection (Linux Edition)/
2024-04-15 - CVE-2024-3400 Vulnerability/
2024-04-15 - Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure/
2024-04-15 - Volt Typhoon - A Conspiratorial Swindling Campaign targets with U.S. Congress and Taxpayers conducted by U.S. Intelligence Community/
2024-04-15 - Volt Typhoon false narrative a collusion among US politicians, intelligence community and companies to cheat funding, defame China/
2024-04-16 - Analysis of the APT31 indictment/
2024-04-16 - Fuxnet ICS Malware/
2024-04-17 - Redline Stealer- A Novel Approach/
2024-04-17 - Unearthing APT44- Russia’s Notorious Cyber Sabotage Unit Sandworm/
2024-04-18 - Annual report MIVD 2023/
2024-04-18 - DuneQuixote campaign targets Middle Eastern entities with CR4T malware/
2024-04-18 - From BYOVD to a 0-day - Unveiling Advanced Exploits in Cyber Recruiting Scams/
2024-04-19 - Gold Pickaxe iOS Technical Analysis- IPA Overview and C2 Communication Start up/
2024-04-19 - UAC-0133 (Sandworm) plans for cyber sabotage on almost 20 objects of critical infrastructure of Ukraine/
2024-04-20 - APT44 - Unearthing Sandworm/
2024-04-21 - FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE/
2024-04-22 - Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials/
2024-04-22 - Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials/
2024-04-22 - Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities/
2024-04-22 - MuddyWater campaign abusing Atera Agents/
2024-04-22 - ToddyCat is making holes in your infrastructure/
2024-04-24 - Analysis of Ongoing FROZEN#SHADOW Attack Campaign Leveraging SSLoad Malware and RMM Software for Domain Takeover/
2024-04-24 - ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices/
2024-04-24 - Assessing the Y, and How, of the XZ Utils incident/
2024-04-24 - Dissecting REMCOS RAT- An in- depth analysis of a widespread 2024 malware, Part One/
2024-04-24 - Pakistani APTs Escalate Attacks on Indian Gov. Seqrite Labs Unveils Threats and Connections/
2024-04-24 - Pakistani APTs Escalate Attacks on Indian Government/
2024-04-24 - Ransomware Evolution - How Cheated Affiliates Are Recycling Victim Data for Profit/
2024-04-25 - LightSpy Malware Variant Targeting macOS/
2024-04-25 - Poll Vaulting- Cyber Threats to Global Elections/
2024-04-27 - Cryptocurrency Chaos- El Salvador's Bitcoin Wallet Code Leaked, Privacy at Risk/
2024-04-27 - Finding Malware- Detecting SOGU with Google Security Operations/
2024-04-29 - A Cunning Operator - Muddling Meerkat and China's Great Firewall/
2024-04-29 - Analysis of Sarwent loader- Old ways die hard/
2024-04-29 - How to unpack Death Ransomware/
2024-04-29 - Zloader Learns Old Tricks/
2024-04-30 - Dissecting REMCOS RAT- An in- depth analysis of a widespread 2024 malware, Part Two/
2024-04-30 - Latrodectus [IceNova] – Technical Analysis of the… New IcedID… Its Continuation… Or its Replacement-/
2024-04-30 - Pouring Acid Rain/
2024-05-01 - Analysis of ArcaneDoor Threat Infrastructure Suggests Potential Ties to Chinese-based Actor/
2024-05-01 - Ransom-War- Russian Extortion Operations as Hybrid Warfare, Part One/
2024-05-01 - Router Roulette - Cybercriminals and Nation-States Sharing Compromised Networks/
2024-05-01 - Router Roulette- Cybercriminals and Nation-States Sharing Compromised Networks/
2024-05-01 - Uncharmed- Untangling Iran's APT42 Operations/
2024-05-01 - “Dirty stream” attack- Discovering and mitigating a common vulnerability pattern in Android apps/
2024-05-02 - Dissecting LOCKBIT v3 ransomware/
2024-05-02 - North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts/
2024-05-03 - Dissecting REMCOS RAT- An in- depth analysis of a widespread 2024 malware, Part Three/
2024-05-03 - Expanding APT42 Intelligence/
2024-05-03 - German Government - Attribution of a Russian cyber campaign/
2024-05-03 - SSSCIP Russian Cyber Operations H2 2023/
2024-05-03 - Statement by the North Atlantic Council concerning malicious cyber activities against Germany and Czechia/
2024-05-03 - Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia/
2024-05-04 - 191 Australian Organizations affected by ZircoDATA Breach Linked to Russian Ransomware Gang/
2024-05-04 - Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign/
2024-05-05 - Latrodectus -littlehw-/
2024-05-06 - Agent Tesla Malware Analysis/
2024-05-06 - El Salvador suffered a massive leak of biometric data/
2024-05-06 - HijackLoader Updates/
2024-05-06 - Six Australian MPs Confirm They were Targeted by China's APT31 Hackers/
2024-05-07 - Cybercrime's Anatomy Threats to the Healthcare World/
2024-05-07 - LNK File Disguised as Certificate Distributing RokRAT Malware/
2024-05-08 - APT28 campaign targeting Polish government institutions/
2024-05-08 - From OSINT to Disk- Wave Stealer Analysis/
2024-05-08 - Iran-Aligned Emerald Divide Influence Campaign Evolves to Exploit Israel-Hamas Conflict/
2024-05-09 - [Case Study- Latrodectus] Analyzing and Implementing String Decryption Algorithms/
2024-05-09 - Cybersecurity Firm Hacked- Sensitive Data on Sale/
2024-05-09 - Kaspersky Securelist APT trends report Q1 2024/
2024-05-10 - AA24-131A- #StopRansomware- Black Basta/
2024-05-10 - Dissecting REMCOS RAT- An in- depth analysis of a widespread 2024 malware, Part Four/
2024-05-10 - Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators/
2024-05-10 - Recruitment Trap for Blockchain Practitioners - Analysis of Suspected Lazarus (APT-Q-1) Secret Stealing Operation/
2024-05-10 - Recruitment trap for blockchain practitioners- Analysis of suspected Lazarus (APT-Q-1) stealing operations/
2024-05-11 - Russian APT deploys new 'Kapeka' backdoor in Eastern European attacks/
2024-05-13 - Exploring the Depths of SolarMarker's Multi-tiered Infrastructure/
2024-05-13 - Gootloader Isn’t Broken/
2024-05-13 - Wavestealer Spotted In The Wild/
2024-05-14 - Breaking new ground- Uncovering Akira's privilege escalation techniques/
2024-05-14 - China-linked group uses malware to try to spy on commercial shipping, new report says/
2024-05-14 - Ebury is alive but unseen- 400k Linux servers compromised for cryptocurrency theft and financial gain/
2024-05-14 - ESET APT Activity Report Q4 2023 - Q1 2024/
2024-05-14 - QakBot attacks with Windows zero-day (CVE-2024-30051)/
2024-05-14 - What are CVEs-/
2024-05-15 - Revealing Spammer Infrastructure With Passive DNS - 226 Toll-Themed Domains Targeting Australia/
2024-05-15 - Stairwell threat report- Black Basta overview and detection rules/
2024-05-15 - Threat actors misusing Quick Assist in social engineering attacks leading to ransomware/
2024-05-15 - To the Moon and back(doors) - Lunar landing in diplomatic missions/
2024-05-15 - To the Moon and back(doors)- Lunar landing in diplomatic missions/
2024-05-16 - Analysis of APT attack cases targeting domestic companies using Dora RAT (Andariel Group)/
2024-05-16 - Grandoreiro banking trojan unleashed- X-Force observing emerging global campaigns/
2024-05-16 - New Antidot Android Banking Trojan Masquerading as Fake Google Play Updates/
2024-05-16 - Spring Cleaning with LATRODECTUS- A Potential Replacement for ICEDID/
2024-05-16 - Springtail (Kimsuky) - New Linux Backdoor Added to Toolkit/
2024-05-16 - Springtail- New Linux Backdoor Added to Toolkit/
2024-05-16 - Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024/
2024-05-17 - CTO at NCSC Summary- week ending May 19th/
2024-05-19 - PANIX - Persistence Against NIX/
2024-05-20 - Bad Karma, No Justice - Void Manticore Destructive Activities in Israel/
2024-05-20 - Bad Karma, No Justice- Void Manticore Destructive Activities in Israel/
2024-05-20 - Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection/
2024-05-21 - Master of Puppets- Uncovering the DoppelGänger pro-Russian influence campaign/
2024-05-21 - Phobos ransomware launches new leak site and pivots towards double extortion/
2024-05-21 - Uncovering an undetected KeyPlug implant attacking industries in Italy/
2024-05-22 - Chinese hackers hide on military and govt networks for 6 years/
2024-05-22 - Deep Dive into the Unfading Sea Haze/
2024-05-22 - Deep Dive Into Unfading Sea Haze- A New Threat Actor in the South China Sea/
2024-05-22 - IOC Extinction - China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders/
2024-05-22 - Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth/
2024-05-22 - Stealers, stealers and more stealers/
2024-05-22 - Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages/
2024-05-23 - Chinese Espionage Campaign Expands to Target Africa and The Caribbean/
2024-05-23 - Hellhounds - Operation Lahat. Part 2/
2024-05-23 - Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy/
2024-05-23 - Newly Detected Chinese Group Targeting Military, Government Entities/
2024-05-23 - Operation Diplomatic Specter - An Active Chinese Cyberespionage Campaign targeting Governmental Entities in the Middle East, Africa and Asia/
2024-05-23 - Operation Diplomatic Specter- An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia/
2024-05-23 - Sharp dragon expands towards africa and the caribbean/
2024-05-23 - String Decryptor for WarmCookie/
2024-05-23 - Tracking APT SideWinder Domains/
2024-05-23 - Tracking APT SideWinder With DNS Records/
2024-05-24 - Dark Web Profile- Hunt3r Kill3rs/
2024-05-24 - Stark Industries Solutions- An Iron Hammer in the Cloud/
2024-05-24 - Unraveling the snake tangle - following the attacks of Shedding Zmiy/
2024-05-26 - QakBOT v5 Deep Malware Analysis/
2024-05-28 - AllaSenha- AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America/
2024-05-28 - BlackSuit Attack Analysis/
2024-05-28 - Bondnet Using Miner Bots as C2/
2024-05-28 - Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks/
2024-05-28 - Threats Claimimg Breach of Decathlon May 2024 Database/
2024-05-29 - APT41's Reconnaissance Techniques and Toolkit/
2024-05-29 - Fake Browser Updates delivering BitRAT and Lumma Stealer/
2024-05-29 - LightSpy Implant for macOS/
2024-05-29 - Putin's hackers gained full access to Hungary's foreign ministry networks/
2024-05-29 - Tracking Threat Actors Using Images and Artifacts/
2024-05-30 - A DNS Investigation of the Phobos Ransomware 8Base Attack/
2024-05-30 - Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)/
2024-05-30 - Decoding Water Sigbin's Latest Obfuscation Tricks/
2024-05-30 - Disrupting FlyingYeti's (UAC-0149) campaign targeting Ukraine/
2024-05-30 - Disrupting FlyingYeti's campaign targeting Ukraine/
2024-05-30 - GRU's BlueDelta (APT28) Targets Key Networks in Europe with Multi-Phase Espionage Campaigns/
2024-05-30 - GRU's BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Campaigns/
2024-05-30 - LilacSquid - The stealthy trilogy of PurpleInk, InkBox and InkLoader/
2024-05-30 - SolarMarker- Hunt Insights and Findings/
2024-05-30 - The Pumpkin Eclipse/
2024-05-31 - Proven Data Restores PowerHost’s VMware Backups After SEXi Ransomware Attack/
2024-05-31 - Ransomware spotted in active development phase- a successful early detection operation/
2024-06-01 - From Vegas to Chengdu - Hacking Contests, Bug Bounties,and China's Offensive Cyber Ecosystem/
2024-06-01 - Malware and cryptography 28- RC4 payload encryption. Simple Nim example/
2024-06-02 - How Russia is trying to disrupt the 2024 Paris Olympic Games/
2024-06-03 - BiBi Wiper- A Malware Analysis Amidst the Israel-Hamas-ISIS Conflict/
2024-06-03 - China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence/
2024-06-03 - PikaBot- a Guide to its Deep Secrets and Operations/
2024-06-03 - Reversing Atomic macOS Stealer- Binaries, Backdoors & Browser Theft/
2024-06-03 - Wineloader – Analysis of the Infection Chain/
2024-06-04 - Hurdling Over Hazards - Multifaceted Threats to the Paris Olympics/
2024-06-04 - Muhstik Malware Targets Message Queuing Services Applications/
2024-06-04 - Operation Veles - Decade-Long Espionage Targeting the Global Research and Education Sector/
2024-06-04 - Operation Veles- Decade-Long Espionage Targeting the Global Research and Education Sector/
2024-06-05 - DarkGate switches up its tactics with new payload, email templates/
2024-06-05 - European Election Security At Risk- A Detailed Analysis of State-Sponsored, eCrime, and Hacktivist Threats/
2024-06-05 - Exmatter malware levels up- S-RM observes new variant with simultaneous remote code execution and data targeting/
2024-06-05 - Operation Crimson Palace - Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government/
2024-06-05 - Phishing for Gold - Cyber Threats Facing the 2024 Paris Olympics/
2024-06-05 - Phishing for Gold- Cyber Threats Facing the 2024 Paris Olympics/
2024-06-05 - RansomHub- New Ransomware has Origins in Older Knight/
2024-06-05 - Thumtais, a malware targeting Japanese organizations/
2024-06-05 - UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing/
2024-06-06 - Agent Tesla Analysis/
2024-06-06 - DarkGate – Make AutoIt Great Again/
2024-06-06 - EMBERSim- A Large-Scale Databank for Boosting Similarity Search in Malware Analysis/
2024-06-06 - Howling at the Inbox - Sticky Werewolf's Latest Malicious Aviation Attacks/
2024-06-06 - Howling at the Inbox- Sticky Werewolf’s Latest Malicious Aviation Attacks/
2024-06-06 - Kimsuky is targeting an arms manufacturer in Europe/
2024-06-06 - New Gitloker attacks wipe GitHub repos in extortion scheme/
2024-06-06 - Remcos RAT Analysis/
2024-06-06 - Tracking LightSpy- Certificates as Windows into Adversary Behavior/
2024-06-07 - Grandoreiro Malware Campaign - A Global Threat to Banking Security/
2024-06-07 - Pandabuy was extorted twice by the same Threat Actor/
2024-06-07 - Russia-linked Vermin hackers target Ukrainian military in new espionage campaign/
2024-06-09 - New Threat- A Deep Dive Into the Zergeca Botnet/
2024-06-10 - Another battlefield - Telegram as a digital front in Russia’s war against Ukraine/
2024-06-10 - APT and financial attacks on industrial organizations in Q1 2024/
2024-06-10 - MIVD Ongoing state cyber espionage campaign via vulnerable edge devices/
2024-06-10 - More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack/
2024-06-10 - Technical Analysis of the Latest Variant of ValleyRAT/
2024-06-10 - UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion/
2024-06-10 - Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage/
2024-06-11 - A Brief History of SmokeLoader, Part 1/
2024-06-11 - APT Attacks Using Cloud Storage/
2024-06-11 - Noodle RAT - Reviewing the Backdoor Used by Chinese-Speaking Groups/
2024-06-11 - PLAY Ransomware Group Gains Access via Citrix Bleed Vulnerability/
2024-06-11 - SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)/
2024-06-12 - Dipping into Danger- The WARMCOOKIE backdoor/
2024-06-12 - Insights on Cyber Threats Targeting Users and Enterprises in Brazil/
2024-06-12 - Malware development trick 39- Run payload via EnumDesktopsA. Simple Nim example/
2024-06-12 - New backdoor BadSpace delivered by high-ranking infected websites/
2024-06-12 - Nova Stealer, le malware made in France/
2024-06-12 - Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day/
2024-06-12 - SN Blackmeta Claims Cyberattack on Snapchat Over Explicit Content and Alleged Political Bias!/
2024-06-13 - Arid Viper poisons Android apps with AridSpy/
2024-06-13 - DISGOMOJI Malware Used to Target Indian Government/
2024-06-13 - Guest Blog- Ox Security on learning from the Recent GitHub Extortion Campaigns/
2024-06-13 - Implementation of a Config Decryptor for Amadey/
2024-06-13 - Implementation of C2 decryption/
2024-06-13 - Inside LATRODECTUS- A Dive into Malware Tactics and Mitigation/
2024-06-13 - Operation Celestial Force employs mobile and desktop malware to target Indian entities/
2024-06-15 - Malware Analysis FormBook/
2024-06-16 - China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence/
2024-06-17 - 17th June – Threat Intelligence Report/
2024-06-17 - From Clipboard to Compromise- A PowerShell Self-Pwn/
2024-06-17 - Latrodectus are you coming back/
2024-06-17 - LNK or Swim- Analysis & Simulation of Recent LNK Phishing/
2024-06-17 - Malvertising Campaign Leads to Execution of Oyster Backdoor/
2024-06-17 - Reverse Engineering Redosdru String Decryption/
2024-06-17 - The Travels of “markopolo”- Self-Proclaimed Meeting Software Vortax Spreads Infostealers, Unveils Expansive Network of Malicious macOS Applications/
2024-06-17 - Truist Bank Confirms Data Breach After Information Surfaces on Hacking Forum/
2024-06-18 - Cloaked and Covert - Uncovering UNC3886 Espionage Operations/
2024-06-18 - Cloaked and Covert- Uncovering UNC3886 Espionage Operations/
2024-06-18 - ExCobalt- GoRed, the hidden-tunnel technique/
2024-06-19 - Behind the Great Wall- Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework/
2024-06-19 - CERT-FR Malicious activities linked to the Nobelium intrusion set/
2024-06-19 - Fickle Stealer Distributed via Multiple Attack Chain/
2024-06-19 - LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations/
2024-06-19 - New North Korean based backdoor packs a punch/
2024-06-19 - New North-Korean based backdoor packs a punch/
2024-06-19 - Spectre (SPC) v9 Campaigns and Updates/
2024-06-20 - 'Vortax' Meeting Software Builds Elaborate Branding, Spreads Infostealers/
2024-06-20 - Caught in the Act- Uncovering SpyNote in Unexpected Places/
2024-06-20 - Dark Web Profile- SpaceBears/
2024-06-20 - Gourav Khandelwal, Akash Chaudhuri, Matthew Mesa, Sagar Patil, Uri Oren, Krithika Ramakrishnan/
2024-06-20 - Linux malware development 1- Intro to kernel hacking. Simple C example/
2024-06-20 - Medusa Reborn- A New Compact Variant Discovered/
2024-06-20 - Sustained Campaign Using Chinese Espionage Tools Targets Telcos/
2024-06-21 - [0001] AmberAmethystDaisy -- QuartzBegonia -- LummaStealer/
2024-06-21 - AmberAmethystDaisy -- QuartzBegonia -- LummaStealer/
2024-06-21 - Analysis of PHANTOM#SPIKE - Attackers Leveraging CHM Files to Run Custom CSharp Backdoors Likely Targeting Victims Associated with Pakistan/
2024-06-21 - GrimResource - Microsoft Management Console for initial access and evasion/
2024-06-21 - SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques/
2024-06-21 - Unveiling SpiceRAT - SneakyChef's latest tool targeting EMEA and Asia/
2024-06-21 - Was T-Mobile compromised by a zero-day in Jira-/
2024-06-24 - Armageddon is more than a Grammy-nominated album/
2024-06-24 - Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation/
2024-06-24 - Gootloader’s New Hideout Revealed- The Malware Hunt in WordPress’ Shadows/
2024-06-24 - Latrodectus Affiliate Resumes Operations Using Brute Ratel C4 Post Operation Endgame/
2024-06-24 - Novel Technique Combination Used In IDATLOADER Distribution/
2024-06-24 - Russia-Linked CopyCop Expands to Cover US Elections, Target Political Leaders/
2024-06-24 - StrelaStealer Resurgence- Tracking a JavaScript-Driven Credential Stealer Targeting Europe/
2024-06-24 - ‘Poseidon’ Mac stealer distributed via Google ads/
2024-06-25 - From Dormant to Dangerous- P2Pinfect Evolves to Deploy New Ransomware and Cryptominer/
2024-06-25 - Good Game, Gone Bad- Xeno RAT Spread Via .gg Domains and GitHub/
2024-06-25 - How to detect the modular RAT CSHARP-STREAMER/
2024-06-25 - Malware development trick 41- Stealing data via legit VirusTotal API. Simple C example/
2024-06-26 - An interesting Callisto YARA rule/
2024-06-26 - ChamelGang & Friends - Cyberespionage Groups Attacking Critical Infrastructure with Ransomware/
2024-06-26 - Russian National (Amin Timovich Stigal) Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data/
2024-06-26 - Russian National Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data/
2024-06-27 - Analyzing the Shift in Ransomware Dynamics- The Impact of Law Enforcement and Future Outlooks/
2024-06-27 - AzzaSec, NoName Cyberattackers Join Hands to Potentially Target Pro-Ukriane Allies/
2024-06-27 - Kimsuky deploys TRANSLATEXT to target South Korean academia/
2024-06-27 - Poseidon Stealer malspam campaign targeting Swiss macOS users/
2024-06-27 - Threat Actor Groups Tracked by Palo Alto Networks Unit 42/
2024-06-28 - Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer/
2024-06-28 - Malware development trick 42- Stealing data via legit Discord Bot API. Simple C example/
2024-06-28 - Supposed Grasshopper- operators impersonate Israeli government and private companies to deploy open-source malware/
2024-06-28 - TeamViewer links corporate cyberattack to Russian state hackers/
2024-06-30 - Deep Analysis of Snake (404 keylogger)/
2024-07-01 - CapraTube Remix - Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts/
2024-07-01 - Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)/
2024-07-02 - Exposing FakeBat loader- distribution methods and adversary infrastructure/
2024-07-02 - Kematian Stealer forked from PowerShell Token Grabber/
2024-07-02 - The LandUpdate808 Fake Update Variant/
2024-07-05 - CLEARFAKE Update Tricks Victim into Executing Malicious PowerShell Code/
2024-07-05 - Turla - A Master’s Art of Evasion/
2024-07-08 - CloudSorcerer – A new APT targeting Russian government entities/
2024-07-08 - Volt Typhoon II - A secret Disinformation Campaign targeting U.S. Congress and Taxpayers conducted by U.S. Government agencies/
2024-07-09 - APT40 Advisory - PRC MSS tradecraft in action/
2024-07-09 - Italian government agencies and companies in the target of a Chinese APT/
2024-07-09 - Italian government agencies and companies in the target of a Chinese APT17/
2024-07-09 - Justice Department Leads Efforts Among Federal, International, and Private Sector Partners to Disrupt Covert Russian Government-Operated Social Media Bot Farm/
2024-07-09 - OceanLotus uses social security topics as bait to conduct APT attacks/
2024-07-10 - DodgeBox - A deep dive into the updated arsenal of APT41 Part 1/
2024-07-10 - DodgeBox- A deep dive into the updated arsenal of APT41 - Part 1/
2024-07-10 - Risky Biz News- US takes down RT's Twitter bot farm/
2024-07-11 - Brief technical analysis of the -Poseidon Stealer- malware/
2024-07-11 - ClickFix Deception- A Social Engineering Tactic to Deploy Malware/
2024-07-11 - CRYSTALRAY- Inside the Operations of a Rising Threat Actor Exploiting OSS Tools/
2024-07-11 - MoonWalk - A deep dive into the updated arsenal of APT41 Part 2/
2024-07-11 - MoonWalk- A deep dive into the updated arsenal of APT41 - Part 2/
2024-07-11 - R0BL0CH0N TDS- A deep dive into the infrastructure of an affiliate marketing scam/
2024-07-13 - A Deep Dive into APT41s Latest Arsenal (Part 1)/
2024-07-13 - Malware development- persistence - part 25. Create symlink from legit to evil. Simple C example/
2024-07-14 - Fake AWS Packages Ship Command and Control Malware In JPEG Files/
2024-07-14 - Malware Analysis - Rhadamanthys/
2024-07-15 - CVE-2024-38112- Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks/
2024-07-15 - Kematian Stealer Technical Malware Analysis/
2024-07-15 - MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign/
2024-07-15 - New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns/
2024-07-16 - AG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies/
2024-07-16 - MirrorFace Attack against Japanese Organisations/
2024-07-16 - NullBulge - Threat Actor Masquerades as Hacktivist Group Rebelling Against AI/
2024-07-16 - TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies/
2024-07-17 - Fake Browser Updates Lead to BOINC Volunteer Computing Software/
2024-07-17 - The Return of Ghost Emperor’s Demodex/
2024-07-18 - APT41 Has Arisen From the DUST/
2024-07-18 - Emerging IoT Wiper Malware- Kaden and New LOLFME Botnet Variants/
2024-07-18 - The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell/
2024-07-19 - Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn/
2024-07-22 - A Beginner’s Guide to Hunting Malicious Open Directories/
2024-07-22 - Echoes of Braodo Tales from the Cyber Underworld/
2024-07-22 - Hacking group Anonymous KSA, a notorious threat actor, is targeting India in a series of cyber attacks/
2024-07-23 - A Simple Approach to Discovering Oyster Backdoor Infrastructure/
2024-07-23 - Daggerfly - Espionage Group Makes Major Update to Toolset/
2024-07-23 - Daggerfly- Espionage Group Makes Major Update to Toolset/
2024-07-23 - Exploiting CVE-2024-21412- A Stealer Campaign Unleashed/
2024-07-23 - KnowBe4 - How a North Korean Fake IT Worker Tried to Infiltrate Us/
2024-07-23 - Protect Against the FrostyGoop ICS Malware Threat with OT Cybersecurity Basics/
2024-07-23 - Transparent Tribe targets recent Election Results/
2024-07-24 - APT45- North Korea’s Digital Military Machine/
2024-07-24 - FrostyGoop Intel Brief/
2024-07-24 - Malware Campaign Lures Users With Fake W2 Form/
2024-07-24 - Rhysida using Oyster Backdoor to deliver ransomware/
2024-07-24 - Russia-nexus actor targets Ukraine/
2024-07-24 - Six-day, 14.7 Million RPS Web DDoS Attack Campaign Attributed to SN_BLACKMETA/
2024-07-24 - Spot burst of activity UAC-0057 (CERT-UA#10340)/
2024-07-24 - Stargazers Ghost Network/
2024-07-24 - UAC-0063 Attack Detection- Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692/
2024-07-25 - APT45 - North Korea’s Digital Military Machine/
2024-07-25 - Daolpu Infostealer- Full analysis of the latest malware exploited post CrowdStrike outage/
2024-07-25 - Growing Number of Threats Leveraging AI/
2024-07-25 - Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor List/
2024-07-25 - How APT groups operate in Southeast Asia/
2024-07-25 - Mid-year Doppelgänger information operations in Europe and the US/
2024-07-25 - Onyx Sleet uses array of malware to gather intelligence for North Korea/
2024-07-25 - SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea/
2024-07-25 - UAC-0057 Attack Detection- A Surge in Adversary Activity Distributing PICASSOLOADER and Cobalt Strike Beacon/
2024-07-25 - Umbrella of Pakistani Threats - Converging Tactics of Cyber-operations Targeting India/
2024-07-26 - Disarming the WarmCookie Backdoor- Darktrace’s Oven-Ready Solution/
2024-07-26 - Hive0137 and AI-supplemented malware distribution/
2024-07-26 - UAC-0102 Phishing Attack Detection- Hackers Steal Authentication Data Impersonating the UKR.NET Web Service/
2024-07-28 - CyberGate Technical Analysis/
2024-07-29 - Blue Screen Mayhem - When CrowdStrike's Glitch Became Threat Actor's Playground/
2024-07-29 - Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption/
2024-07-29 - UNC4393 Goes Gently into the SILENTNIGHT/
2024-07-30 - Hacker Scrapes and Publishes 100,000-Line CrowdStrike IoC List/
2024-07-30 - Mint Stealer- A Comprehensive Study of a Python-Based Information Stealer/
2024-07-30 - Too big to care- - Our disappointment with Cloudflare’s anti-abuse posture/
2024-07-31 - BingoMod - The new android RAT that steals money and wipes data/
2024-07-31 - BingoMod- The new android RAT that steals money and wipes data/
2024-07-31 - Cyberattack on the Federal Office of Cartography and Geodesy can be attributed to Chinese state attackers/
2024-07-31 - Research Update- Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering/
2024-08-01 - APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike/
2024-08-01 - BfV CYBER INSIGHT - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 1 Organization and methods/
2024-08-01 - BITS and Bytes - Analyzing BITSLOTH, a newly identified backdoor/
2024-08-01 - BITS and Bytes- Analyzing BITSLOTH, a newly identified backdoor/
2024-08-01 - BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities/
2024-08-01 - Latrodectus dropped by BR4/
2024-08-02 - Fighting Ursa Luring Targets With Car for Sale/
2024-08-02 - Panamorfi - A New Discord DDoS Campaign/
2024-08-02 - SharpRhino – New Hunters International RAT Identified by Quorum Cyber/
2024-08-02 - StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms/
2024-08-04 - Decoding a Cobalt Strike Downloader Script With CyberChef/
2024-08-05 - Chameleon is now targeting employees- Masquerading as a CRM app/
2024-08-05 - Hamas Leadership Assassination Explainer/
2024-08-05 - How attacker achive Email Spoofing, Message Spoofing, IP and UserAgent Spoofing/
2024-08-07 - AzzaSec Ransomware Technical Malware Analysis/
2024-08-07 - How Malicious Actors Are Leveraging Cloud Services/
2024-08-08 - Double Trouble- Latrodectus and ACR Stealer observed spreading via Google Authenticator Phishing Site/
2024-08-08 - Iran Targeting 2024 US Election/
2024-08-08 - New APT Group Actor240524 - A Closer Look at Its Cyber Tactics Against Azerbaijan and Israel/
2024-08-08 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 2/
2024-08-09 - A Dive into Earth Baku's Latest Campaign/
2024-08-09 - A Dive into Earth Baku’s Latest Campaign/
2024-08-09 - Full analysis on NJRAT/
2024-08-09 - Ransomware Review- First Half of 2024/
2024-08-10 - Retrieve unknown python stealer from PyInstaller/
2024-08-12 - Ongoing Social Engineering Campaign Refreshes Payloads/
2024-08-12 - South Koreas Pseudo Hunter APT organization uses multiple domestic software vulnerabilities to attack China/
2024-08-13 - Finding Malware- Unveiling NUMOZYLOD with Google Security Operations/
2024-08-13 - Kaspersky APT trends report Q2 2024/
2024-08-13 - Sensitive Israeli Ministry Data Allegedly Leaked on Dark Web/
2024-08-14 - Cryptocurrency Lures and Pupy RAT- Analysing the UTG-Q-010 Campaign/
2024-08-14 - Cyclops - a likely replacement for BellaCiao/
2024-08-14 - Cyclops- a likely replacement for BellaCiao/
2024-08-14 - EastWind campaign - new CloudSorcerer attacks on government organizations in Russia/
2024-08-14 - Emmenhtal- a little-known loader distributing commodity infostealers worldwide/
2024-08-14 - Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments/
2024-08-14 - Iranian backed group steps up phishing campaigns against Israel, U.S/
2024-08-14 - REDLINESTEALER Malware Driving the Initial Access Broker Market/
2024-08-14 - Rivers of Phish - Sophisticated Phishing Targets Russias Perceived Enemies Around the Globe/
2024-08-14 - Rivers of Phish- Sophisticated Phishing Targets Russia’s Perceived Enemies Around the Globe/
2024-08-15 - Beyond the wail- deconstructing the BANSHEE infostealer/
2024-08-15 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 3/
2024-08-15 - Tusk campaign uses infostealers and clippers for financial gain/
2024-08-16 - Malicious code disguised as an msc file created by Kimsuky - Skibidi Boilet Master.msc (2024.8.16)/
2024-08-17 - Sidewinder APT – Phishing on Pakistan/
2024-08-18 - LAPSUS$ is dead, long live HexaLocker-/
2024-08-18 - Reversing DISGOMOJI with Malcat like a BOSS/
2024-08-19 - BlindEagle flying high in Latin America/
2024-08-19 - MegaMedusa, RipperSec’s Public Web DDoS Attack Tool/
2024-08-19 - PG_MEM- A Malware Hidden in the Postgres Processes/
2024-08-19 - Unveiling -sedexp-- A Stealthy Linux Malware Exploiting udev Rules/
2024-08-20 - CyberVolk Ransomware Technical Malware Analysis Report/
2024-08-20 - FOG Ransomware Targets Higher Education/
2024-08-20 - GreenCharlie Infrastructure Targeting US Political Entities with Advanced Phishing and Malware/
2024-08-20 - New Backdoor Targeting Taiwan Employs Stealthy Communications/
2024-08-20 - Threat Actor Claims Breach of Siam Cement Group Database/
2024-08-20 - Threat Hunting Case Study- Tracking Down GootLoader/
2024-08-20 - Toyota alleges stolen customer data published on hacking site came from outside supplier/
2024-08-21 - Chinese APT abuses MSC files with GrimResource vulnerability/
2024-08-21 - MoonPeak malware from North Korean actors unveils new details on attacker infrastructure/
2024-08-21 - Technical Analysis of Copybara/
2024-08-21 - Toyota Customer, Employee Data Leaked in Confirmed Data Breach/
2024-08-22 - Analysis of the North Korea-backed puNK-003’s Lilith RAT ported to AutoIt Script/
2024-08-22 - AppDomainManager Injection/
2024-08-22 - Attacks by malware abusing AppDomainManager Injection/
2024-08-22 - Botnet Fenix/
2024-08-22 - China-Nexus Threat Group Velvet Ant Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches/
2024-08-22 - PEAKLIGHT- Decoding the Stealthy Memory-Only Malware/
2024-08-22 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 4/
2024-08-23 - Analysis of New Variants and Subsequent Components of Patchwork(APT-Q-36) Spyder Downloader/
2024-08-26 - BlackSuit Ransomware/
2024-08-26 - Operation DevilTiger - 0day vulnerability techniques and tactics used by APT-Q-12 disclosed/
2024-08-26 - Static Unpacker for Latrodectus/
2024-08-27 - AutoIT Bot Targets Gmail Accounts First/
2024-08-27 - Doppelgaenger - Details on a Russian disinformation campaign/
2024-08-27 - Taking the Crossroads- The Versa Director Zero-Day Exploitation/
2024-08-27 - Threat Actor Claimed to Breach Database of DimeCuba/
2024-08-28 - Advanced Persistent Threat (OceanLotus) Targeting Vietnamese Human Rights Defenders/
2024-08-28 - Analysis of two arbitrary code execution vulnerabilities affecting WPS Office/
2024-08-28 - APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)/
2024-08-28 - BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks/
2024-08-28 - ESET Research- Spy group exploits WPS Office zero day; analysis uncovers a second vulnerability/
2024-08-28 - I Spy With My Little Eye - Uncovering an Iranian Counterintelligence Operation/
2024-08-28 - Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations/
2024-08-28 - Operation Oxidový - Sophisticated Malware Campaign Targets Czech Officials Using NATO-Themed Decoys/
2024-08-28 - Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations/
2024-08-28 - PoorTry Windows driver evolves into a full-featured EDR wiper/
2024-08-29 - From Cobalt Strike to Mimikatz- A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users/
2024-08-29 - Latrodectus Malware Masquerades as AhnLab Security Software to Infect Victims/
2024-08-29 - Latrodectus Rapid Evolution Continues With Latest New Payload Features/
2024-08-29 - State-backed attackers and commercial surveillance vendors repeatedly use the same exploits/
2024-08-29 - The Malware That Must Not Be Named - Suspected Espionage Campaign Delivers Voldemort/
2024-08-29 - The Malware That Must Not Be Named- Suspected Espionage Campaign Delivers “Voldemort”/
2024-08-30 - Anatomy of a Lumma Stealer Attack via Fake CAPTCHA Pages - Part 1/
2024-08-30 - Dissecting the Cicada/
2024-08-30 - Latrodectus Rapid Evolution Continues With Latest New Payload Features/
2024-08-30 - North Korean threat actor Citrine Sleet exploiting Chromium zero-day/
2024-09-01 - German air traffic control suffered cyberattack, likely by pro-Russian group of hackers/
2024-09-02 - Head Mare- adventures of a unicorn in Russia and Belarus/
2024-09-02 - The Hacktivist Response to UK Foreign Policy/
2024-09-03 - A deep dive into the most interesting incident response cases of last year/
2024-09-03 - Advanced Cyberchef Techniques - Defeating Nanocore Obfuscation With Math and Flow Control/
2024-09-03 - DeFied Expectations - Examining Web3 Heists/
2024-09-03 - Emansrepo Stealer - Multi-Vector Attack Chains/
2024-09-03 - Hacker Leaks Data of 390 Million Users from VK, a Russian Social Network/
2024-09-03 - LulzSec Black Claims Cyberattacks on Emirati Government and Other Sector Targets/
2024-09-03 - Luxy- A Stealer and a Ransomware in one/
2024-09-03 - ToneShell Backdoor Used to Target Attendees of the IISS Defence Summit/
2024-09-04 - APT Lazarus - Eager Crypto Beavers, Video calls and Games/
2024-09-04 - AZORult Malware - Technical Analysis/
2024-09-04 - Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion/
2024-09-04 - Hacktivists Call for Release of Telegram Founder with #FreeDurov DDoS Campaign/
2024-09-04 - Major IR leaks/
2024-09-04 - Reconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source/
2024-09-04 - The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government/
2024-09-04 - Uncovering DarkCracks- How a Stealthy Payload Delivery Framework Exploits GLPI and WordPress/
2024-09-04 - Unpacking the unpleasant FIN7 gift- PackXOR/
2024-09-05 - A GRU military unit launched cyberattacks against Estonian authorities/
2024-09-05 - BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar/
2024-09-05 - Estonia names Russia’s military intelligence in a first-ever attribution of cyberattacks/
2024-09-05 - GRU 29155 Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure/
2024-09-05 - New macOS malware HZ RAT gives attackers backdoor access to Macs/
2024-09-05 - Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401/
2024-09-05 - Tropic Trooper spies on government entities in the Middle East/
2024-09-06 - Chinese APT Abuses VSCode to Target Government in Asia/
2024-09-06 - Disjointed Cyber Warfare - Internal Conflicts among Russian Intelligence Agencies/
2024-09-06 - Handala’s Wiper - Threat Analysis and Detections/
2024-09-06 - Risky Biz News- Doppelganger gets a kick in the butt from Uncle Sam/
2024-09-06 - The Curious Case of an Open Source Stealer- Phemedrone/
2024-09-06 - TIDRONE Targets Military and Satellite Industries in Taiwan/
2024-09-08 - A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities/
2024-09-09 - APT CoralRaider Expands Arsenal- AmadeyBot, FTP Innovations, and Complex Domain Strategy/
2024-09-09 - Dissecting Lumma Malware - Analyzing the Fake CAPTCHA and Obfuscation Techniques - Part 2/
2024-09-09 - Earth Preta Evolves its Attacks with New Malware and Strategies/
2024-09-09 - North Korean Threat Groups/
2024-09-09 - Poshito - New Telegram C2/
2024-09-09 - Significant ransom payment by major Iranian IT firm underway/
2024-09-10 - A new TrickMo saga- from Banking Trojan to Victim's Data Leak/
2024-09-10 - Ailurophile Stealer Technical Malware Analysis Report/
2024-09-10 - CosmicBeetle steps up - Probation period at RansomHub/
2024-09-10 - Crimson Palace returns - New Tools, Tactics, and Targets/
2024-09-10 - Dependency hijacking - Dissecting North Korea’s new wave of DeFi-themed open source attacks targeting developers/
2024-09-10 - DragonRank, a Chinese-speaking SEO manipulator service provider/
2024-09-10 - Fake recruiter coding tests target devs with malicious Python packages/
2024-09-10 - The Rise in APK Malware via WhatsApp – Exploiting Trust and Urgency/
2024-09-10 - There's Something About CryptBot- Yet Another Silly Stealer (YASS)/
2024-09-10 - Threat Assessment- Repellent Scorpius, Distributors of Cicada3301 Ransomware/
2024-09-11 - Akira Ransomware- The Evolution of a Major Threat/
2024-09-11 - Targeted Iranian Attacks Against Iraqi Government Infrastructure/
2024-09-12 - Crystal Rans0m- Emerging hybrid ransomware with stealer capabilities/
2024-09-12 - From Automation to Exploitation - The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking/
2024-09-12 - The Xworm malware is being spread through a phishing email/
2024-09-12 - Void captures over a million Android TV boxes/
2024-09-13 - Hadooken Malware Targets Weblogic Applications/
2024-09-13 - New Linux malware Hadooken targets Oracle WebLogic servers/
2024-09-15 - Kimsuky A Gift That Keeps on Giving/
2024-09-15 - Shining a Light in the Dark – Uncovering an APT Lurking in Shadows of IT/
2024-09-17 - An Offer You Can Refuse - UNC2970 Backdoor Deployment Using Trojanized PDF Reader/
2024-09-17 - An Offer You Can Refuse- UNC2970 Backdoor Deployment Using Trojanized PDF Reader/
2024-09-17 - Analysis of Fox Kitten Infrastructure Reveals Unique Host Patterns and Potentially New IOCs/
2024-09-17 - Charges Against Alleged Chinese Military Hacker Unsealed/
2024-09-18 - Code of Conduct - DPRKs Python-fueled intrusions into secured networks/
2024-09-18 - Derailing the Raptor Train/
2024-09-18 - Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors/
2024-09-18 - Medusa Ransomware- Evolving Tactics in Modern Cyber Extortion/
2024-09-19 - COLDWASTREL of space/
2024-09-19 - Discovering Splinter- A First Look at a New Post-Exploitation Red Team Tool/
2024-09-19 - Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC (IoCs)/
2024-09-19 - Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC/
2024-09-19 - Evolution of Lazarus ‘FudModule - no longer (stand)alone’/
2024-09-19 - The Iranian Cyber Capability/
2024-09-19 - UNC1860 and the Temple of Oats - Irans Hidden Hand in Middle Eastern Networks/
2024-09-19 - UNC1860 and the Temple of Oats - Iran’s Hidden Hand in Middle Eastern Networks/
2024-09-20 - Behind the CAPTCHA- A Clever Gateway of Malware/
2024-09-21 - Malware Analysis - PXRECVOWEIWOEI/
2024-09-22 - The Russian APT Tool Matrix/
2024-09-23 - Analysis of APT-C-00 (OceanLotus) Dual Loader and Homologous VMP Loader/
2024-09-23 - Inside SnipBot- The Latest RomCom Malware Variant/
2024-09-24 - Analyzing the Newest Turla Backdoor/
2024-09-24 - Earth Preta Evolves its Attacks with New Malware and Strategies/
2024-09-24 - Octo2- European Banks Already Under Attack by New Malware Variant/
2024-09-25 - Austria subjected to pro-Russian DDoS intrusions/
2024-09-25 - China claims Taiwan, not civilians, behind web vandalism/
2024-09-25 - Lumma Stealer - Malware Analysis/
2024-09-25 - Unraveling SloppyLemmings Operations Across South Asia/
2024-09-26 - BBTok Targeting Brazil- Deobfuscating the .NET Loader with dnlib and PowerShell/
2024-09-26 - Cyberespionage the Gamaredon way - Analysis of toolset used to spy on Ukraine in 2022 and 2023/
2024-09-26 - How Wazuh detects and responds to Mint Stealer/
2024-09-26 - Storm-0501 - Ransomware attacks expanding to hybrid cloud environments/
2024-09-26 - Unraveling Sparkling Piscess Tool Set - KLogEXE and FPSpy/
2024-09-26 - Unraveling Sparkling Pisces’s Tool Set - KLogEXE and FPSpy/
2024-09-27 - Betting on Bots - Investigating Linux malware, crypto mining, and gambling API abuse/
2024-09-27 - North Koreas hackers target Diehl Defence/
2024-09-29 - Process Injection in BugSleep Loader/
2024-09-30 - A phishing campaign by the state attack group APT42 against academics/
2024-09-30 - Latrodectus Extracting new AES encrypted strings from this RAT/
2024-09-30 - Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware/
2024-09-30 - The Lies Russia Tells Itself/
2024-10-01 - BugSleep network protocol reversing/
2024-10-01 - Eduard Benderskiy- Western authorities link Russian intelligence officer to Evil Corp cybercrime empire/
2024-10-01 - Evil Corps deep ties with Russia and NATO member attacks exposed/
2024-10-01 - THREAT ANALYSIS- Beast Ransomware/
2024-10-01 - Zimperium Coverage on COLDRIVER Phishing Campaign/
2024-10-02 - Amnesia Stealer Technical Malware Analysis Report/
2024-10-02 - Separating the bee from the panda - CeranaKeeper making a beeline for Thailand/
2024-10-02 - Stonefly - Extortion Attacks Continue Against U.S. Targets/
2024-10-03 - Civil Action No. 1-24-cv-02719-RC- Microsoft vs. Star Blizzard/
2024-10-03 - Disrupting COLDRIVER- U.S. court orders seizure of domains used in Russian cyberattacks/
2024-10-03 - Justice Department Disrupts Russian Intelligence Spear-Phishing Efforts/
2024-10-03 - perfctl - A Stealthy Malware Targeting Millions of Linux Servers/
2024-10-03 - Protecting Democratic Institutions from Cyber Threats/
2024-10-03 - SHROUDED SLEEP - A Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asia/
2024-10-03 - SHROUDED-SLEEP- A Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asia/
2024-10-03 - StealC Malware Analysis Part 1/
2024-10-03 - StealC Malware Analysis Part 2/
2024-10-03 - StealC Malware Analysis Part 3/
2024-10-04 - Emansrepo Infostealer - PyInstaller, Deobfuscation and LLM/
2024-10-04 - Inside Cridex - Memory Analysis Case Study/
2024-10-04 - Octopus Prime- it didn't turn into a truck, but a widely spread Android botnet/
2024-10-04 - VILSA STEALER/
2024-10-05 - Malware Analysis - Lumma Stealer/
2024-10-05 - U.S. Wiretap Systems Targeted in China-Linked Hack/
2024-10-07 - Awaken Likho is awake - new techniques of an APT group/
2024-10-07 - Mind the (air) gap - GoldenJackal gooses government guardrails/
2024-10-08 - Inside a Cybercriminal’s Server- DDoS Tools, Spyware APKs, and Phishing Pages/
2024-10-08 - Pronsis Loader - A JPHP-Driven Malware Diverging from D3F@ck Loader/
2024-10-09 - Contagious Interview - DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware/
2024-10-09 - Operation MiddleFloor - Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum/
2024-10-10 - Analysis of attack activities of APT-C-20 (APT28) using compound attack tactics/
2024-10-10 - Brief technical analysis of the -Gorilla- botnet/
2024-10-10 - Lynx Ransomware- A Rebranding of INC Ransomware/
2024-10-10 - Technical Analysis of DarkVision RAT/
2024-10-10 - Uncovering Domains Created by Octo2’s Domain Generation Algorithm/
2024-10-10 - Unmasking Adversary Infrastructure - How Certificates and Redirects Exposed Earth Baxia and PlugX Activity/
2024-10-10 - Unmasking Adversary Infrastructure- How Certificates and Redirects Exposed Earth Baxia and PlugX Activity/
2024-10-10 - Update on SVR Cyber Operations and Vulnerability Exploitation/
2024-10-11 - Burning Zero Days - Suspected Nation-State Adversary Targets Ivanti CSA/
2024-10-11 - Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East/
2024-10-11 - Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions/
2024-10-11 - Expanding the Investigation - Deep Dive into Latest TrickMo Samples/
2024-10-11 - GRU military unit 29155/
2024-10-11 - HijackLoader evolution- abusing genuine signing certificates/
2024-10-11 - In-Depth Analysis of Lynx Ransomware/
2024-10-12 - Bitter Group Launches New Trojan Miyarat, Domestic Users Become Primary Ttargets/
2024-10-13 - Declawing PUMAKIT/
2024-10-13 - FASTCash for Linux/
2024-10-13 - OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf/
2024-10-14 - Volt Typhoon III - Unraveling Cyberespionage and Disinformation Operations Conducted by U.S. Government Agencies/
2024-10-14 - Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware/
2024-10-15 - Analysis of the attack activities of APT-C-35 (belly brain worm) against a manufacturing company in South Asia/
2024-10-15 - Beyond the Surface - the evolution and expansion of the SideWinder APT group/
2024-10-15 - Phish, Click, Breach- Hunting for a Sophisticated Cyber Attack/
2024-10-15 - Silent Threat - Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions/
2024-10-15 - Volt Typhoon - Part 2 Leveraging ExoneraTor to Unmask the Threat Actor/
2024-10-16 - AhnLab and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178)/
2024-10-16 - An Lab and the National Cyber Security Center (NCSC), joint report distribution and Microsoft browser 0-DAY discovery (CVE-2024-38178)/
2024-10-16 - Chinas Influence Ops - Twisting Tales of Volt Typhoon at Home and Abroad/
2024-10-16 - Exfiltration over Telegram Bots - Skidding Infostealer Logs/
2024-10-16 - Fake LockBit, Real Damage- Ransomware Samples Abuse AWS S3 to Steal Data/
2024-10-16 - Fraudulent North Korean IT Worker Schemes - From Insider Threats to Extortion/
2024-10-16 - Frequent vulnerabilities and high failure rates should be used to troubleshoot Intel product network security risks/
2024-10-16 - IcePeony with the '996' work culture/
2024-10-16 - IcePeony with the 996 work culture/
2024-10-16 - Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations/
2024-10-16 - Operation Code on Toast/
2024-10-16 - Suspected Mysterious Elephant group uses CHM files to attack multiple countries in South Asia/
2024-10-16 - Unmasking CVE-2024-38178 - The Silent Threat of Windows Scripting Engine/
2024-10-16 - X-ZIGZAG Technical Malware Analysis Report/
2024-10-17 - Analysis of BeaverTail & InvisibleFerret activity/
2024-10-17 - ClickFix tactic- The Phantom Meet/
2024-10-17 - Correlating Vidar Stealer Build IDs Based on Loader Tasks/
2024-10-17 - From Warm to Burned - Shedding Light on Updated WarmCookie Infrastructure/
2024-10-17 - New macOS vulnerability, “HM Surf”, could lead to unauthorized data access/
2024-10-17 - UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants/
2024-10-18 - A Deep Dive Into the Intricate Chinese Cybercrime Ecosystem/
2024-10-18 - Inside the Latrodectus Malware Campaign Old School Phishing Meets Innovative Payload Delivery/
2024-10-18 - New Bumblebee Loader Infection Chain Signals Possible Resurgence/
2024-10-19 - Tricks and Treats - GHOSTPULSE’s new pixel- level deception/
2024-10-19 - “Hey ESET, Wait for the Leak”- Dissecting the “OctoberSeventh” Wiper targeting ESET customers in Israel/
2024-10-21 - Biggest Education Industry Attacks in 2024/
2024-10-21 - Latrodectus - A year in the making/
2024-10-21 - MoonWalk - A closer look at APT41s updated arsenal (Part 2)/
2024-10-22 - Grandoreiro, the global trojan with grandiose ambitions/
2024-10-22 - Incident Response - Analysis of recent version of BRC4/
2024-10-22 - Latrodectus - The Wrath of Black Widow/
2024-10-23 - DarkComet RAT - Technical Analysis of Attack Chain/
2024-10-23 - DarkRaaS ransomware Group Allegedly Selling Global Intelligence Data/
2024-10-23 - Highlighting Asylum Ambuscade (TA866) Activity Since 2021/
2024-10-23 - Highlighting TA866-Asylum Ambuscade Activity Since 2021/
2024-10-23 - ICS Threats- Malware Targeting OT- It’s More Common Than You Think/
2024-10-23 - Lazarus' Espionage-related Cryptocurrency Activities Remain Active, With A Significant Amount of Assets Still in Circulation/
2024-10-23 - Operation Overload Impersonates Media to Influence 2024 US Election/
2024-10-23 - RDP configuration files as a means of obtaining remote access to a computer or _Rogue RDP_ (CERT-UA#11690)/
2024-10-23 - The Crypto Game of Lazarus APT - Investors vs. Zero-days/
2024-10-23 - The Crypto Game of Lazarus APT- Investors vs. Zero-days/
2024-10-23 - Threat Spotlight- WarmCookie-BadSpace/
2024-10-23 - Unmasking Prometei- A Deep Dive Into Our MXDR Findings/
2024-10-24 - Amazon identified internet domains abused by APT29/
2024-10-24 - Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN/
2024-10-24 - Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)/
2024-10-24 - LightSpy - Implant for iOS/
2024-10-24 - MintsLoader/
2024-10-24 - Operation Cobalt Whisper - Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan/
2024-10-24 - Operation Cobalt Whisper- Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan/
2024-10-24 - Rekoobe Backdoor Discovered in Open Directory, Possibly Targeting TradingView Users/
2024-10-24 - Russian Strategic Information Attack for Catastrophic Effect/
2024-10-24 - Tenacious Pungsan- A DPRK threat actor linked to Contagious Interview/
2024-10-24 - Writing a BugSleep C2 server and detecting its traffic with Snort/
2024-10-25 - ReliaQuest Uncovers New Black Basta Social Engineering Technique/
2024-10-25 - US offers $10 million bounty for members of Iranian hacking gang/
2024-10-26 - ESET Wiper- Iranian APT Group Toufan’s Politically Motivated Attack on Israeli Firms/
2024-10-27 - Shahid Hemmat Hackers- $10M Reward Offered by US/
2024-10-28 - CloudScout - Evasive Panda scouting cloud services/
2024-10-28 - CloudScout- Evasive Panda scouting cloud services/
2024-10-28 - Emotet Malware Analysis/
2024-10-28 - Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives - Google Cloud Blog/
2024-10-28 - Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives/
2024-10-29 - Job Offer from the North- Contagious Interview for Software Developers/
2024-10-29 - Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files/
2024-10-29 - The Job Offer That Wasn’t- How We Stopped an Espionage Plot/
2024-10-30 - APT Group - Konni Launches New Attacks on South Korea/
2024-10-30 - Inside Intelligence Center- LUNAR SPIDER Enabling Ransomware Attacks on Financial Sector with Brute Ratel C4 and Latrodectus/
2024-10-30 - Jumpy Pisces Engages in Play Ransomware/
2024-10-31 - Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network/
2024-10-31 - Deobfuscating JavaScript Malware Using Abstract Syntax Trees/
2024-10-31 - Inside LameDuck - analyzing Anonymous Sudans threat operations/
2024-10-31 - Pacific Rim - Inside the Counter-Offensive - The TTPs Used to Neutralize China-Based Threats/
2024-10-31 - Pacific Rim timeline- Information for defenders from a braid of interlocking attack campaigns/
2024-10-31 - Pacific Rim- Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats/
2024-10-31 - Tricks, Treats, and Threats- Cobalt Strike & the Goblin Lurking in Plain Sight/
2024-11-01 - Finding Malware- Detecting GOOTLOADER with Google Security Operations/
2024-11-01 - Ngioweb Remains Active 7 Years Later/
2024-11-04 - Cloudy With a Chance of RATs - Unveiling APT36 and the Evolution of ElizaRAT/
2024-11-04 - CRON#TRAP - Emulated Linux Environments as the Latest Tactic in Malware Staging/
2024-11-04 - CRON-TRAP- Emulated Linux Environments as the Latest Tactic in Malware Staging/
2024-11-04 - From Pyongyang to Your Payroll- The Rise of North Korean Remote Workers in the West/
2024-11-04 - New OceanLotus organization first used MST files to deliver special payload/
2024-11-04 - ToxicPanda- a new banking trojan from Asia hit Europe and LATAM/
2024-11-04 - Unransomware- From Zero to Full Recovery in a Blink/
2024-11-05 - RunningRAT’s Next Move- From Remote Access to Crypto Mining for Profit/
2024-11-06 - Analysis of Cyber-Recon Activities Behind APT37 Threat Actor/
2024-11-06 - Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign/
2024-11-06 - CopyRh(ight)adamantys Campaign- Rhadamantys Exploits Intellectual Property Infringement Baits/
2024-11-06 - Mozi Resurfaces as Androxgh0st Botnet- Unraveling The Latest Exploitation Wave/
2024-11-06 - New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency/
2024-11-07 - APT Activity Report Q3 2024/
2024-11-07 - BlueNoroff Hidden Risk - Threat Actor Targets Macs with Fake Crypto News and Novel Persistence/
2024-11-07 - Evasive ZIP Concatenation- Trojan Targets Windows Users/
2024-11-07 - Hiding in Plain Sight- The Subtle Art of Loki Malware’s Obfuscation/
2024-11-07 - SideWinder’s ( T-APT-04 ) Sri Lanka Adventure/
2024-11-07 - Unwrapping the emerging Interlock ransomware attack/
2024-11-08 - Breaking Down Earth Estries' Persistent TTPs in Prolonged Cyber Operations/
2024-11-08 - New Campaign Uses Remcos RAT to Exploit Victims/
2024-11-08 - The Elusive GoblinRAT – The Story Behind the Most Secretive and Mysterious Linux Backdoor Found in Government Infrastructures/
2024-11-10 - Malware and cryptography 34- encrypt payload via DFC algorithm. Simple C example/
2024-11-10 - Reptile's Custom Kernel-Module Launcher/
2024-11-11 - Ymir- new stealthy ransomware in the wild/
2024-11-12 - Amazon confirms employee data breach after vendor hack/
2024-11-12 - APT Actors Embed Malware within macOS Flutter Applications/
2024-11-12 - China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike/
2024-11-12 - Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity/
2024-11-12 - Iranian “Dream Job” Campaign 11.24/
2024-11-12 - LightSpy - APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign/
2024-11-12 - LightSpy- APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign/
2024-11-12 - LUMMASTEALER Delivered Via PowerShell Social Engineering/
2024-11-12 - New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9/
2024-11-12 - Targeting Innovation- Sliver C2 and Ligolo-ng Used in Operation Aimed at Y Combinator/
2024-11-12 - The Botnet is Back- SSC STRIKE Team Uncovers a Renewed Cyber Threat/
2024-11-13 - A three beats waltz - The ecosystem behind Chinese state-sponsored cyber threats/
2024-11-13 - Cracking Formbook malware- Blind deobfuscation and quick response techniques/
2024-11-13 - CVE-2024-43451- A New Zero-Day Vulnerability Exploited in the wild/
2024-11-13 - HawkEye Malware- Technical Analysis/
2024-11-13 - ShrinkLocker (+Decryptor)- From Friend to Foe, and Back Again/
2024-11-13 - Stealthy Attributes of Lazarus APT Group - Evading Detection with Extended Attributes/
2024-11-14 - An elephant in Kairos- data-leak site emerges for new extortion group/
2024-11-14 - Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2/
2024-11-14 - Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack/
2024-11-14 - Inside Intelligence Center- Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers/
2024-11-14 - It’s Not Safe to Pay SafePay/
2024-11-14 - New PXA Stealer targets government and education sectors for sensitive information/
2024-11-14 - Russian Sabotage Activities Escalate Amid Fraught Tensions/
2024-11-15 - BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA/
2024-11-15 - Iranian “Dream Job” Cyber Campaign Targets Aerospace Sector/
2024-11-16 - Patchwork (White Elephant) Protego remote control Trojan C2 implementation errors/
2024-11-17 - Babble Babble Babble Babble Babble Babble BabbleLoader/
2024-11-17 - Post about Tsunami/
2024-11-18 - CARBANAK (aka ANUNAK) Distributed via IDATLOADER (aka HIJACKLOADER)/
2024-11-18 - Cryptbot downloader- A deep cryptanalysis/
2024-11-18 - Exploring Strela Stealer- Initial Payload Analysis and Insights/
2024-11-18 - Inside Water Barghests Rapid Exploit-to-Market Strategy for IoT Devices/
2024-11-18 - Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices/
2024-11-18 - Security Brief- ClickFix Social Engineering Technique Floods Threat Landscape/
2024-11-18 - Suspected Nation-State Adversary Targets Pakistan Navy in Cyber Espionage Campaign/
2024-11-19 - FrostyGoops Zoom-In - A Closer Look into the Malware Artifacts, Behaviors and Network Communications/
2024-11-19 - FrostyGoop’s Zoom-In- A Closer Look into the Malware Artifacts, Behaviors and Network Communications/
2024-11-19 - One Sock Fits All- The Use And Abuse Of The NSOCKS Botnet/
2024-11-19 - Spot the Difference- Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella/
2024-11-19 - Spot the Difference- Earth Kashas New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella/
2024-11-19 - Unraveling Raspberry Robin's Layers- Analyzing Obfuscation Techniques and Core Mechanisms/
2024-11-19 - Unveiling LIMINAL PANDA- A Closer Look at China's Cyber Threats to the Telecom Sector/
2024-11-19 - XenoRAT Adopts Excel XLL Files and ConfuserEx as Access Method/
2024-11-20 - Custom I2P RAT “I2Parcae” Delivered via Pornographic Customer Support Form Spam/
2024-11-20 - PROSPERO & Proton66- Tracing Uncovering the links between bulletproof networks/
2024-11-20 - Salt Typhoon- Churning Up a Storm of Consternation/
2024-11-20 - The hidden network- How China unites state, corporate, and academic assets for cyber offensive campaigns/
2024-11-20 - The Threat of Residential Proxies to Sanctions Compliance/
2024-11-21 - A Bag of RATs- VenomRAT vs. AsyncRAT/
2024-11-21 - DPRK IT Workers - A Network of Active Front Companies and Their Links to China/
2024-11-21 - Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY/
2024-11-21 - Unveiling WolfsBane - Gelsemiums Linux counterpart to Gelsevirine/
2024-11-21 - Unveiling WolfsBane- Gelsemium’s Linux counterpart to Gelsevirine/
2024-11-22 - How to target European SME with Ransomware- Through Zyxel!/
2024-11-22 - Linux malware development 3- linux process injection with ptrace. Simple C example/
2024-11-22 - Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON/
2024-11-22 - Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack/
2024-11-22 - Seeing Through a GLASSBRIDGE - Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations/
2024-11-22 - The Nearest Neighbor Attack - How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access/
2024-11-22 - The Nearest Neighbor Attack- How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access/
2024-11-22 - Unveiling the Past and Present of APT-K-47 Weapon - Asyncshell/
2024-11-25 - Advanced threat predictions for 2025/
2024-11-25 - Game of Emperor- Unveiling Long Term Earth Estries Cyber Intrusions/
2024-11-25 - The IT Army of Ukraine- Cyber Resistance in the Digital Battlefield/
2024-11-26 - Analysis report on recent phishing attacks by APT-C-48 (CNC)/
2024-11-26 - Guess Who’s Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024/
2024-11-26 - RomCom exploits Firefox and Windows zero days in the wild/
2024-11-26 - Stealth in the Cloud- How APT36's ElizaRAT is Redefining Cyber Espionage/
2024-11-26 - The source code of Banshee Stealer leaked online/
2024-11-26 - What’s up India- PixPirate is back and spreading via WhatsApp/
2024-11-27 - Bootkitty- Analyzing the first UEFI bootkit for Linux/
2024-11-27 - New “CleverSoar” Installer Targets Chinese and Vietnamese Users/
2024-11-28 - APT trends report Q3 2024/
2024-11-28 - RU APT targeting Energy Infrastructure (Unknown unknowns, part 3)/
2024-11-28 - Uncovering Threat Actor Tactics- How Open Directories Provide Insight into XWorm Delivery Strategies/
2024-11-29 - Ransomware Roundup - Interlock/
2024-11-30 - Malware and cryptography 35- encrypt payload via Treyfer algorithm. Simple C example/
2024-11-30 - REKOOBE APT-31 Linux Backdoor Analysis/
2024-12-02 - Analysis of Kimsuky Threat Actors Email Phishing Campaign/
2024-12-02 - Hacking group claims to have cracked Microsoft's software licensing security on a massive scale/
2024-12-02 - Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT/
2024-12-02 - LokiBot Malware Analysis/
2024-12-02 - SmokeLoader Attack Targets Companies in Taiwan/
2024-12-02 - Storm-1811 exploits RMM tools to drop Black Basta ransomware/
2024-12-02 - Unveiling RevC2 and Venom Loader/
2024-12-03 - Inside Akira Ransomware’s Rust Experiment/
2024-12-03 - PROXY.AM Powered by Socks5Systemz Botnet/
2024-12-03 - Rare Watermark Links Cobalt Strike 4.10 Team Servers to Ongoing Suspicious Activity/
2024-12-03 - Take Me Down to Funksec Town- Funksec Ransomware DLS Emergence/
2024-12-04 - Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware/
2024-12-04 - DroidBot- Insights from a new Turkish MaaS fraud operation/
2024-12-04 - Frequent freeloader part I - Secret Blizzard compromising Storm-0156 infrastructure for espionage/
2024-12-04 - Frequent freeloader part I- Secret Blizzard compromising Storm-0156 infrastructure for espionage/
2024-12-04 - Sichuan Silence Information Technology - Great Sounds are Often Inaudible/
2024-12-04 - Snowblind - The Invisible Hand of Secret Blizzard/
2024-12-04 - Snowblind- The Invisible Hand of Secret Blizzard/
2024-12-05 - Edam Dropper/
2024-12-05 - MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaurs Multi-Platform Attacks/
2024-12-05 - MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks/
2024-12-05 - The Diplomatic Deception- Patchwork’s Use of Fake U.S. Embassy Alerts in Cyber Espionage/
2024-12-06 - CryptBot Evolution Tracking the many iterations of this stealer/
2024-12-06 - Shellcode Loader Delivering XWorm/
2024-12-08 - Is KillSec3 Trying to Extort Victims Using Publicly Leaked Data-/
2024-12-09 - UAC-0185 aka UNC4221 Attack Detection- Hackers Target the Ukrainian Defense Forces and Military-Industrial Complex/
2024-12-10 - Breaking the Circle - Chinese Communist Party Propaganda Infrastructure Rapidly Expands/
2024-12-10 - Head Mare Group Intensifies Attacks on Russia with PhantomCore Backdoor/
2024-12-10 - Inside a New OT-IoT Cyberweapon- IOCONTROL/
2024-12-10 - Inside Zloader’s Latest Trick- DNS Tunneling/
2024-12-10 - Live Stream VOD- The Many Faces of CryptBot (Paywall)/
2024-12-10 - Operation Digital Eye - Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels/
2024-12-10 - “Million OK !!!!” and the Naver Facade- Tracking Recent Suspected Kimsuky Infrastructure/
2024-12-11 - Attack Exploiting Legitimate Service by APT-C-60/
2024-12-11 - Frequent freeloader part II- Russian actor Secret Blizzard using tools of other groups to attack Ukraine/
2024-12-11 - Frequent freeloader part II_ Russian actor Secret Blizzard using tools of other groups to attack Ukraine/
2024-12-11 - Likely China-based Attackers Target High-profile Organizations in Southeast Asia/
2024-12-11 - Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus/
2024-12-11 - Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT/
2024-12-11 - New Chinese Surveillance Tool Used by Public Security Bureaus/
2024-12-11 - Silent Push Unwraps the AIZ—Aggressive Inventory Zombies—Retail & Crypto Phishing Network Campaign/
2024-12-11 - Two Russian Android Spyware Families from Gamaredon APT/
2024-12-11 - Xloader deep dive- Link-based malware delivery via SharePoint impersonation/
2024-12-12 - Careto is back - what is new after 10 years of silence_/
2024-12-12 - Declawing PUMAKIT/
2024-12-12 - Glutton - A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals/
2024-12-12 - Glutton- A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals/
2024-12-12 - New IOCONTROL malware used in critical infrastructure attacks/
2024-12-12 - PEC “invoice scam” - Stealing time, money, and trust from businesses/
2024-12-12 - The Mask Has Been Unmasked Again/
2024-12-12 - Under the SADBRIDGE with GOSAR- QUASAR Gets a Golang Rewrite/
2024-12-13 - A Painful Quickheal/
2024-12-13 - Analysis on the Case of TIDRONE Threat Actors Attacks on Korean Companies/
2024-12-13 - Germany blocks BadBox malware loaded on 30,000 Android devices/
2024-12-13 - Technical Analysis- Magecart Skimmer/
2024-12-13 - Under the SADBRIDGE with GOSAR - QUASAR Gets a Golang Rewrite/
2024-12-13 - VIPKeyLogger Infostealer in the Wild/
2024-12-14 - How to Identify XenoRAT C2 Servers/
2024-12-15 - Malicious ad distributes SocGholish malware to Kaiser Permanente employees/
2024-12-16 - CoinLurker- The Stealer Powering the Next Generation of Fake Updates/
2024-12-16 - HiatusRAT Actors Targeting Web Cameras and DVRs/
2024-12-16 - IOControl Malware- What’s New, What’s Not-/
2024-12-16 - Malware and cryptography 36 - random sbox generation algorithms- Fisher-Yates shuffle. Simple C example/
2024-12-16 - Malware and cryptography 37 - Nonlinearity. Walsh Transform. Simple C example/
2024-12-16 - New I2PRAT communicates via anonymous peer-to-peer network/
2024-12-16 - Technical Analysis of RiseLoader/
2024-12-17 - BADBOX Botnet Is Back/
2024-12-17 - Dark Peep #17- Dark Web Manifesto, Hacker Forums, and Ransomware Misadventures/
2024-12-17 - Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks/
2024-12-17 - Hidden in Plain Sight - TA397s New Attack Chain Delivers Espionage RATs/
2024-12-17 - Hidden in Plain Sight- TA397’s New Attack Chain Delivers Espionage RATs/
2024-12-17 - Your Data Is Under New Lummanagement- The Rise of LummaStealer/
2024-12-18 - Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations/
2024-12-18 - Raccoon Stealer malware operator gets 5 years in prison after guilty plea/
2024-12-18 - Three Months After the Storm- Did Cybercriminals Move to Telegram Alternatives-/
2024-12-18 - Winos4.0 “Online Module” Staging Component Used in CleverSoar Campaign/
2024-12-19 - Astrill VPN and DPRK Remote Worker Fraud/
2024-12-19 - BadBox malware botnet infects 192,000 Android devices despite disruption/
2024-12-19 - Decoding RevC2 strings/
2024-12-19 - Lazarus group evolves its infection chain with old and new malware/
2024-12-19 - LummaC2 Revisited- What’s Making this Stealer Stealthier and More Lethal/
2024-12-20 - Deobfuscation of Lumma Stealer/
2024-12-20 - Jingle Shells- How Virtual Offices Enable a Facade of Legitimacy/
2024-12-23 - Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)/
2024-12-23 - Cloud Atlas seen using a new tool in its attacks/
2024-12-23 - FBI, DC3, and NPA Identification of North Korean Cyber Actors, Tracked as TraderTraitor, Responsible for Theft of $308 Million USD from Bitcoin.DMM.com/
2024-12-24 - Contagious Interview Uses New Malware Otter Cookie/
2024-12-24 - Under Siege- Sandworm's Fake Army+ App Threatens Ukraine’s Military Operations/
2024-12-25 - OtterCookie, a new malware used by Contagious Interview/
2024-12-28 - Lumma 2024- Dominating the Info-Stealer Market/
2024-12-29 - Malware and cryptography 38 - Encrypt-decrypt payload via Camellia cipher. S-box analyses examples. Simple C example/
2024-12-30 - Catching -EC2 Grouper-- no indicators required!/
2024-12-31 - Dark Web Profile- Gamaredon APT - SOCRadar® Cyber Intelligence Inc/