Tag: Developer Program

Detection for Critical Vulnerability in Aruba ClearPass (CVE-2020-7115)

Aruba Networks, the subsidiary of Hewlett Packard Enterprise, has released a Security Advisory on recently discovered multiple vulnerabilities in their product leveraged by enterprise clients worldwide. In this article, we will cover the details of the most severe of the reported Remote Command Execution vulnerability in Aruba ClearPass (CVE-2020-7115) with CVSS 8.1, and content to […]

Read More
In a Quest for Dridex Malware

To reach their evil goals, hackers are sending waves of malspam to targeted victims. Numerous strains of Dridex malware flatten out institutions and customers of the financial sector, and a new iteration of Dridex attack was noticed again after a period of inactivity earlier this month, Unit 42 reports. About Dridex Attacks First malspam attacks […]

Read More
Smaug Ransomware Detector (Sysmon Behavior)

Today we would like to draw your attention to a relatively recent threat and content for its detection. Smaug Ransomware-as-a-Service appeared on researchers’ radars at the end of April 2020, attackers look for affiliates exclusively on Russian-language Dark Web forums and offer using their platform for a fairly large initial payment and 20% of further […]

Read More
Behaviour Analysis of Redline Stealer

Infostealers occupy a special place among malware, since, with their simplicity, they very effectively cope with their primary tasks: to collect all potentially valuable information in the system, exfiltrate it to the command-and-control server, and then delete themselves and traces of their activities. They are used by both beginners and advanced threat actors, and there are […]

Read More
PyVil RAT by Evilnum Group

The Evilnum group operations were first discovered in 2018. The group is highly focused on attacks on large financial technology organizations, especially on investment platforms and cryptocurrency-related companies. Most of their targets are located in Europe and the United Kingdom, but the group also carried out separate attacks on organizations in Canada and Australia. Researchers […]

Read More
Economic Espionage Campaign by TA413

The use of COVID19 related lures is already perceived as common practice among both financially motivated groups and state-sponsored cyber espionage units. Researchers released a report last week about another group that has been using COVID19 themed phishing emails for six months to deliver their new tool. Yes, we are talking about the Chinese APT […]

Read More
Nanocore RAT Detection

Nanocore RAT has been used in cyberattacks for about 7 years, and there are a huge number of modifications of this trojan. Official, “semi-official” and cracked versions of this malware are sold on forums on the DarkNet, and sometimes even given away for free, so it is not surprising that the number of attacks using […]

Read More
Snatch Ransomware Attack Detection

Ransomware continues to be one of the most serious threats to corporate networks, and Snatch ransomware is one of the most annoying “guests” that emerged relatively recently. The first infections were recorded about two years ago, but serious attacks on organizations began only in April 2019, and since then, the appetites and skills of the […]

Read More
Immortal Stealer

This week, Lee Archinal, the Threat Bounty Program contributor posted a community Sigma rule for detecting yet another infostealer. The “Immortal Stealer (Sysmon Behavior)” rule is available for download in the Threat Detection Marketplace after registration: https://tdm.socprime.com/tdm/info/V0Q03WX81XBY/dEM_SXQBSh4W_EKGVbX_/?p=1 Immortal Infostealer appeared a little over a year ago on the dark web forums with different build-based subscriptions. […]

Read More
JSOutProx RAT

Last year, India was named the most cyber-attacked country. Critical infrastructures in oil and gas industries, and defence, banking, and manufacturing sectors are listed as the most common targets.  In April 2020, the governmental establishments and a number of banks in India were targeted by email campaigns delivering a malicious JavaScript and Java-based backdoor which […]

Read More