Resecurity identifies Nevada Ransomware as a relatively new ransomware family with an active affiliate platform on the RAMP underground. It operates a Windows and Linux/ESXi locker, supports post-exploitation workflows, and uses a TOR-based affiliate portal toā¦
Tag: INITIAL ACCESS
TrickGate is a transformative, shellcode-based packer-as-a-service used to conceal malware from security tools since 2016 and has wrapped a wide range of threats including Cerber, Trickbot, Maze, and Emotet. The packerās core building blocksāshellcode loader, ā¦
Magniber is a ransomware family that exploits a wide range of public-facing vulnerabilities and uses layered execution, evasion, and delivery techniques to encrypt targeted files. It also employs typosquatting, fake installers, and signature bypass methods to ā¦
Security researchers at eSentire TRU unravel the operator behind Golden Chickensābadbullzvenomāconnected to VENOM SPIDER, with links to FIN6, Cobalt Group, and Evilnum. The report details the malwareās modular components, evolving campaigns, and defense recommā¦
ASECās weekly briefing analyzes phishing email threats from January 8ā14, 2023, highlighting attachments as the main delivery method for Infostealer, FakePage, and other malware families, including OneNote (.ONE) extensions. It also outlines case distributionsā¦
SentinelLabs tracks DragonSpark, a cluster of opportunistic East Asiaātargeted attacks that leverage the SparkRAT open-source RAT and Golang-based runtime source-code interpretation to evade static analysis. The activity is attributed with high likelihood to aā¦
TA444 is a North Koreaāsponsored threat actor that has tested a wide range of infection methods in 2022 and remains financially motivated, with a strong shift toward cryptocurrency-related theft. The group blends traditional APT techniques with a startup-like ā¦
eSentireās TRU analyzes Raspberry Robinās multi-stage infection chain, starting with infected USB drives and fetching DLL payloads from compromised QNAP servers before delivering SocGholish and triggering C2 communications. Analysts foresee potential future usā¦
A CYFIRMA report details a phishing campaign that delivers GuLoader to download Remcos RAT via a heavily obfuscated VBScript loader. The operation uses PowerShell, LNK shortcuts, and in-memory process injection to establish C2 and persistence. #GuLoader #Remcoā¦
Analyst1 presents a human-centric examination of the LockBit operation, tracing its evolution from ABCD to LockBit Red/Black and detailing the personalities, inter-gang dynamics, and operational innovations behind one of the worldās most prolific ransomware orā¦
Bitdefender researchers document ProxyNotShell/OWASSRF exploit chains targeting on-prem Microsoft Exchange, outlining how SSRF can lead to backend access and how multiple exploit chains culminate in RCE and payload deployment. The report also walks through reaā¦
FortiGuard Labs’ ransomware roundup analyzes CrySIS/Dharma variants and their ongoing evolution, highlighting how new versions continue to appear under different operators. It outlines infection vectors (exposed RDP and phishing), execution details (startup peā¦
Cisco Talos analyzed LNK file metadata to track threat actors like Qakbot, Gamaredon, Bumblebee, and IcedID, showing how metadata can reveal campaign connections. As macros were blocked and actors shifted to LNK-based attachments, the article demonstrates how ā¦
This report analyzes Batloader campaigns observed in Q4 2022 linked to the Water Minyades intrusion set, highlighting its use of obfuscated JavaScript, MSI/JS payloads, and abuse of legitimate tools to evade defenses. It details how Batloader can drop multipleā¦
ASECās weekly phishing threat analysis for Jan 1ā7, 2023 shows phishing email attachments as the dominant attack vector, with FakePage pages designed to harvest credentials, followed by Worm, Infostealer, and Downloader campaigns. The report also highlights MOā¦