Month: March 2024
DanaBot Malware Profile
DanaBot is an information stealer written in Delphi for Windows systems. Once executed, Danabot will begin collecting important information on the system in order to [more…]
Vidar Malware Profile
Vidar is a information stealer malware that has been utilized since 2018. The malware is developed to target Windows systems. Vidar is capable of stealing [more…]
NoodRat Malware Profile
NoodRat is a Linux malware that’s a variant of Gh0stRat. NoodRat has been in circulation since 2018 and is built using a builder from which [more…]
Broomstick Malware Profile
Broomstick is a malware backdoor associated with threat group ITG23, and first observed in September 2023. It often uses ITG23-linked crypters such as Dave and [more…]
Coyote Malware Profile
Coyote is a banking trojan first seen in early 2024. Coyote targets Windows systems and has been affecting Brazil and Mexico. Coyote malware is capable [more…]
Hive0129 Imitating Ecuador's Ministry of Government and IRS to Deliver BlotchyQuasar Malware
IBM X-Force continues to track and observe Hive0129 activity targeting Latin American entities. In mid-March 2024, X-Force observed email campaigns imitating the Migration department for Ecuador’s [more…]
Infostealers continue to pose threat to macOS users
Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Jamf Threat Labs has observed a creative evolution in the strategies and tactics used by [more…]
HTB Sherlock ProcNet: Exploring Windows API Call Monitoring with API Monitor
This article delves into its application within the context of the HTB Sherlock ProcNet challenge, where we were given two hosts that each contained three [more…]
MSSQL to ScreenConnect | Huntress Blog
Following the alerts seen in Figure 1, and subsequent reports generated for the three identified endpoints, Huntress analysts developed investigative timelines from Windows Event Log [more…]
Bellingcat Malware Investigation
The sequence of events results in deploying an HTTP reverse shell based on an open-source offensive security tool which enabled the threat actors to harvest [more…]