Tag: Osman Demir

Threat Hunting Content: Taurus Stealer Detection

Taurus information-stealing malware is a relatively new tool created by Predator The Thief team that promotes it on hacker forums. The infostealer can steal sensitive data from browsers, cryptocurrency wallets, FTP, email clients, and various apps. The malware is highly evasive and includes techniques to evade sandbox detection. Adversaries developed a dashboard where their customers […]

Read More
Rule of the Week: Cobalt Strike Delivered via Multi-Stage APT Attack

This month, researchers discovered a multi-stage attack conducted by an undefined APT group. During this attack, adversaries used the Malleable C2 feature in Cobalt Strike to perform C&C communications and deliver the final payload. Researchers note that attackers use advanced evasion techniques. They observed an intentional delay in executing the payload from the malicious Word […]

Read More
Threat Hunting Content: Malicious Payload in Fake Windows Error Logs

Last week, security researchers discovered a curious way to hide the malicious payload in plain sight, and this method is actively used in the wild. Adversaries use fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. In the discovered […]

Read More
Rule Digest: RATs, Infostealers, and Emotet Malware

Today is Saturday, which means it’s time for our next Rule Digest, in which we will tell you about interesting content for malware detection released this week. And yes, we again pay particular attention to the rules that participants in the Threat Bounty Program have published. We start with the rule published by Ariel Millahuel, […]

Read More
Threat Hunting Content: Phishing Campaign Using Zoom Invites

Zoom-themed lures continue to be actively used by cybercriminals, taking pride of place in the top ten most used topics in phishing campaigns. From the very beginning of the lockdown, as the Zoom popularity grew, the number of attacks increased, and even after researchers discovered serious security problems with the service, many organizations did not […]

Read More
Rule Digest: APT Groups, Malware Campaigns and Windows Telemetry

This week our Rule Digest covers more content than usual. It compiles rules for detecting recent attacks of state-sponsored actors, malware campaigns conducted by cybercriminals, and abusing Windows telemetry.   Mustang Panda is the China-based threat group that has demonstrated an ability to rapidly assimilate new tools and tactics into its operations. This APT group […]

Read More
Threat Hunting Content: Higaisa APT

Higaisa APT has been known since November 2019, when Tencent researchers first documented its activities. The group was discovered recently, but attackers have been operating for several years and use common tools to complicate the attribution. They mainly use mobile malware and the Gh0st and PlugX trojans. Researchers believe that Higaisa APT is a South […]

Read More
Threat Hunting Content: Espionage Campaign by Sandworm Group

Russian state-sponsored cyber espionage unit known for its destructive attacks is actively compromising Exim mail servers via a critical security vulnerability (CVE-2019-10149). At the end of May, the National Security Agency released a Cyber Security Advisory that warned of a campaign linked to Sandworm Group. The group is best known for its BlackEnergy campaign, the […]

Read More
Rule Digest: Emotet, Ransomware, and Trojans

Hello everyone, we are back with five fresh rules submitted this week by participants of the Threat Bounty Program. You can check our previous digests here, and if you have any questions, then welcome to the chat. Pykspa worm-like malware can install itself to maintain persistence, listen to incoming port for additional commands, and drop […]

Read More
Detection Content: Himera Loader

Today’s post is dedicated to the Himera loader malware that adversaries have been using in COVID-19 related phishing campaigns since last month. Cybercriminals continue to exploit the Family and Medical Leave Act requests related to the ongoing COVID19 pandemics as a lure, as this theme have already proven its effectiveness in distributing Trickbot and Kpot […]

Read More