A fake Homebrew site, part of an AMOS/Cuckoo Mac malware campaign. Recent headlines have used the malware or campaign name “ Cuckoo ” to describe [more…]
The backdoor (Linux.Gomir) appears to be a Linux version of the GoBear backdoor, which was used in a recent Springtail campaign that saw the attackers [more…]
Command ID Description 2 Retrieve file listing from desktop directory 3 Retrieve process ancestry 4 Collect system information 12 Download and execute PE 13 Download [more…]
In early May 2024, IBM X-Force uncovered a potential ITG05 web page designed to use the Israel-Hamas war as lure material. ITG05 is a multi-cluster [more…]
In other words, attackers seem to target users who store cryptocurrency wallet address or password information by capturing screenshots and saving them as image files, [more…]
This simple pivot revealed 50 associated domains, 42 of which were first seen within days of, and all contained toll-related themes primarily targeting Australia. Scrolling [more…]
Browsing the above URL, it downloads a PowerShell script which is again obfuscated HTML contains basic obfuscation which on de-obfuscating gives the URL which the [more…]
During routine sandbox hunting analysis, the Uptycs Threat Research team uncovered evidence of an ongoing live campaign exploiting the Log4j vulnerability, which commenced in January [more…]
In this post, we look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. While larger binary embedded payloads such [more…]
The backdoor (Linux.Gomir) appears to be a Linux version of the GoBear backdoor, which was used in a recent Springtail campaign that saw the attackers [more…]