Month: April 2024
Darkgate Malware Leveraging Autohotkey Following Teams
Cyber adversaries exploited this flaw by creating malicious .url files capable of downloading and executing harmful scripts, effectively evading the warning and inspection mechanisms of [more…]
Agent Tesla Unmasked: Revealing Interrelated Cyber Campaigns
Due to the adaptive nature of Agent Tesla, organizations are urged to maintain active security posture, remain updated on the latest intelligence, and implement proactive [more…]
Attack trends: Cloud-Based Cyber-Attacks and the Rise of Alternative Initial Access Methods
Following this trend, in late November 2023, Darktrace began detecting anomalous connections on the network of a customer in the US, which presented multiple indicators [more…]
Reading Between the Lines of Code: Ziraat_Stealer
Further, downloading the newly decrypted binary, we notice it to be a email-password recovery tool designed by “nirsoft”. Going through “ReadMail” function,it make a call [more…]
Uncorking Old Wine: Zero-Day from 2017 + Cobalt Strike Loader in Unholy Alliance
The sample includes a loader/packer Dynamic Link Library (DLL) named vpn.sessings that loads a Cobalt Strike Beacon into memory and awaits instructions from the C&C [more…]
LightSpy Malware Variant Targeting macOS
In addition to our analysis, we’re providing YARA and Sigma rules which can be used freely to detect potential usage of the macOS LightSpy variant. [more…]
Digging Deep to Examine the Roots of the Glupteba UEFI Bootkit
Two of the public email addresses appeared in the current WHOIS records of three domains (after duplicates, the IoCs, and the registrant-connected domains were removed) [more…]
New SSLoad Malware Combined With Tools Hijacking Entire Network Domain
In addition to the previous stage, the execution of the rundll32.exe command will also begin communication with two preconfigured C2 servers which are hxxps://skinnyjeanso[.]com/live/ and [more…]
Brokewell: do not go broke from new banking malware!
To achieve this, the malware performs screen streaming and provides the actor with a range of actions that can be executed on the controlled device, [more…]
Brokewell: A New Android Banking Trojan Targeting Users In Germany
The downloaded APK file appears to be a new Android Banking Trojan, equipped with features such as screen recording, overlay attack, and keylogging and boasting [more…]