Month: March 2024

DanaBot is an information stealer written in Delphi for Windows systems.  Once executed, Danabot will begin collecting important information on the system in order to [more…]

Vidar is a information stealer malware that has been utilized since 2018. The malware is developed to target Windows systems. Vidar is capable of stealing [more…]

NoodRat is a Linux malware that’s a variant of Gh0stRat. NoodRat has been in circulation since 2018 and is built using a builder from which [more…]

Broomstick is a malware backdoor associated with threat group ITG23, and first observed in September 2023. It often uses ITG23-linked crypters such as Dave and [more…]

Coyote is a banking trojan first seen in early 2024. Coyote targets Windows systems and has been affecting Brazil and Mexico. Coyote malware is capable [more…]

IBM X-Force continues to track and observe Hive0129 activity targeting Latin American entities. In mid-March 2024, X-Force observed email campaigns imitating the Migration department for Ecuador’s [more…]

Jamf Threat Labs dissects ongoing infostealer attacks targeting macOS users. Jamf Threat Labs has observed a creative evolution in the strategies and tactics used by [more…]

This article delves into its application within the context of the HTB Sherlock ProcNet challenge, where we were given two hosts that each contained three [more…]

Following the alerts seen in Figure 1, and subsequent reports generated for the three identified endpoints, Huntress analysts developed investigative timelines from Windows Event Log [more…]

The sequence of events results in deploying an HTTP reverse shell based on an open-source offensive security tool which enabled the threat actors to harvest [more…]