DanaBot is delivered via a VBS-based downloader that uses a distinctive obfuscation scheme and is associated with a social-engineering lure built around unclaimed property. The article also covers three methods to decode the VBS, noting DanaBotās ties to the Sā¦
Category: Threat Research
OverWatch tracked a widespread intrusion campaign that used bundled .msi installers masquerading as legitimate software to download and execute NIGHT SPIDERās Zloader trojan (and in some cases, Cobalt Strike). The defenders focused on anomalous behavior, low-pā¦
CryptBot resurfaces as a streamlined infostealer distributed through compromised pirate sites offering cracked software and games. The latest variant trims its capabilities to focus on data exfiltration, using obfuscated scripts and a multi-stage delivery chaiā¦
Qakbot spreads by inserting malicious replies into ongoing email conversations, using compromised accounts to push a zip containing a malicious Office document. The malware is modular, downloads payloads, injects into system processes like Edge and Explorer, aā¦
Researchers tracked a LazyScripter campaign in 2021 targeting European entities, revealing a double-compromise chain involving H-Worm and njRAT delivered via obfuscated scripts. They also uncovered use of a free online obfuscation service and a waterhole-styleā¦
Opportunistic cybercriminals are advertising cyber tools to target Russian entities, but the downloaded tools are actually infostealers that steal credentials and cryptocurrency data. The campaign leverages Telegram and sympathetic online spaces tied to the Ruā¦
eSentire documented a TunnelVision-linked intrusion into a VMware Horizon server, exploiting Log4Shell to harvest credentials and establish access. The operation included a backdoor DomainAdmin, PSExec/RDP lateral movement, C2 via activate-microsoft.cf, and Ngā¦
ASEC researchers uncovered an infostealer that is being distributed through YouTube disguised as a Valorant game hack, with instructions to disable anti-malware protections. The malware collects system information, browser credentials, cryptocurrency wallet fiā¦
Threat actors have exploited the Ukraine invasion with scam emails that solicit humanitarian aid and donations, often delivering malware or links to malicious pages. The activity mirrors opportunistic crime seen after other crises, combining social engineeringā¦
Talos links MuddyWater to Iranian interests and describes a conglomerate of sub-groups conducting global campaigns using maldocs, PowerShell/VB/JavaScript tooling, and Windows RATs such as SloughRAT to achieve espionage, IP theft, and potentially ransomware anā¦
Raccoon Stealer is a multifunctional stealer that uses Telegram to store and update its C2 addresses and to receive commands. Avast Threat Labs detail its data theft capabilities, distribution methods, and global prevalence, including locale checks to avoid ceā¦
Black Lotus Labs notes Emotetās resurgence since November 2021, with about 130,000 unique bots across 179 countries and evolving infrastructure that could serve as footholds or proxy C2s. The report highlights changes in encryption, process-list handling, and ā¦
RURansom is a wiper targeting Russia, not a ransomware variant, as encryption is irreversible. It spreads like a worm via removable disks and mapped network shares, encrypting files and dropping a wiper note, while some versions exhibit geo-targeting and obfusā¦
APT41ās operations against U.S. state governments leveraged multiple, overlapping campaigns: initial access via a USAHerds web app vulnerability (CVE-2021-44207) followed by Log4Shell (CVE-2021-44228) deserialization to deploy backdoors, including KEYPLUG.LINUā¦
FortiGuard Labs uncovered a phishing operation masquerading as a purchase order to a Ukrainian manufacturer, delivering Agent Tesla via a PPAM PowerPoint add-in. The campaign uses a multi-stage dropper with Bit.ly and MediaFire stages, ends with PowerShell-basā¦