Tag: Malware

NullMixer Dropper
NullMixer Malware Detection: Hackers Spread a Dropper Using SEO to Deploy Multiple Trojans at Once

Cybersecurity researchers have recently revealed a new wave of adversary campaigns leveraging a malware tool named NullMixer spread via malicious websites. The malware dropper is a lure masquerading as legitimate software, which further deploys a set of Trojans infecting the victim’s system. NullMixer hackers apply advanced SEO tactics to distribute the malware affecting popular search […]

Read More
What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001

What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001 Some MITRE ATT&CK tactics require special attention from security experts, and Initial Access is one of them. Because if attackers don’t break in, they won’t be able to take their kill chain to another level.  Earlier this year, Microsoft paid $13.7 million in bug […]

Read More
New TeamTNT Attacks
TeamTNT Hijacking Servers: Criminal Gang Specializing in Attacking Cloud Environments is Back

Honeypot activity spotted by one of the cybersecurity vendors confirmed that the cryptojacking TeamTNT gang is back on the prowl. The threat actor was first detected in early 2020, targeting cloud environments. However, in late 2021 TeamTNT adversaries tweeted a farewell message, which seemed to be true since the past year’s attacks that were traced […]

Read More
What Is Data Exfiltration? MITRE ATT&CK® Exfiltration Tactic | TA0010

The process of stealing data from a corporate system is also known as exfiltration. MITRE ATT&CK® has dedicated an entire tactic to illegal copying, downloading, and transferring of organizations’ internal data with significant levels of sensitivity. Data exfiltration examples can be quite obvious, like copying files to a thumb drive; and quite stealthy, like DNS […]

Read More
OriginLogger Malware Detection: Researchers Shed Light on AgentTesla’s Successor

The malware called OriginLogger is advertised as a compelling RAT with a user-friendly web panel, smart logger, and a powerful keyboard hook. OriginLogger malware description also details the multiple language support feature. The malware strain is designed to run on Windows-based operating systems. The OriginLogger RAT was recommended as a substitution for another infamous keystroke […]

Read More
Bronze President
PlugX Malware Detection: Bronze President Crime Ring Uses Post-Exploitation Modular RAT in the Latest Crime Wave

A China-backed crime ring tagged Bronze President launched a campaign targeting government officials in Europe, the Middle East, and South America leveraging PlugX malware – the backdoor popular among Chinese hacker gangs. According to the researchers, the major objective of the threat group is espionage. Detect PlugX Malware SOC Prime delivers Threat Hunting & Cyber […]

Read More
What is Ransomware Detection? How to Detect Ransomware

The method of a secure cryptographic key exchange was introduced by Whitfield Diffie and Martin Hellman in 1976. Cool thing about the public and private key pair is that the decryption key cannot be deciphered in any way from an encryption key.  This feature is exactly what’s exploited by ransomware actors who encrypt data and […]

Read More
Novel Moobot
New Mirai Botnet Variant Detection: MooBot Sample Targets D-Link Routers

Security researchers are raising the alarm on a new Mirai botnet variant dubbed MooBot that targets D-Link devices. The novel threat employs multiple exploitation techniques.  MooBot first surfaced in 2019, hijacking LILIN digital video recorders and Hikvision video surveillance products and co-opting them into a family of denial-of-service bots. Detect MooBot  To detect the signature […]

Read More
DangerousSavanna Detection: Attacks Targeting Various Financial Orgs Revealed

Security analysts revealed a two-year-long spear-phishing campaign aimed at entities in the financial sector in French-speaking African countries – Morocco, Togo, Ivory Coast, Cameroon, and Senegal. The campaign is codenamed DangerousSavanna, and its operators are heavily relying on social engineering techniques for initial access, consequently employing customized malware such as AsyncRAT, PoshC2, and Metasploit. The […]

Read More
Raspberry Robin Malware
Raspberry Robin Malware Detection: New Connections Revealed

In late July, Microsoft researchers released new evidence linking Raspberry Robin Windows worm to the activity of the russia-backed Evil Corp gang. Raspberry Robin, a USB-based worm designed as a malware loader, shows similar functionality and structural elements to those of Dridex malware, indicating that a notorious Evil Corp group may be behind the new […]

Read More