Starting from December 2020, a new version of Zeoticus ransomware has been actively targeting users in the wild. Zeoticus 2.0 comes with better performance and enhanced offline capabilities, posing a bigger threat to businesses worldwide.Ā What is Zeoticus Ransomware? Zeoticus is a relatively new malware sample that appeared in the cyber threat arena in December […]
Quasar remote administration tool (RAT) is a multi-functional and light-weight malware actively used by APT actors since 2014. Quasarās code is publicly available as an open-source project, which makes the Trojan extremely popular among adversaries due to its broad customization options. As a result, a variety of samples exist inside the Quasar malware family. Many […]
Introduction On August 2020 a new type of malware, belonging to the Ransomware category, appeared in the cyber threat landscape. Threat actor responsible for its development called it āDarkSideā and, like others piece of malware of this type, is operated in Big Game Hunting (BGH) campaigns. Around more or less the same time, a DLS […]
Security researchers have spotted an ongoing Confucius APT campaign that leverages Warzone RAT malware to compromise its targets. The campaign is presumably aimed at the governmental sector of China and other South Asia countries. Warzone RAT Description Warzone remote access Trojan (RAT), a prolific successor of AveMaria stealer, first emerged in 2018 as a malware-as-a-service […]
DoppelPaymer ransomware is gaining momentum as a leading threat to critical infrastructure assets. According to the FBI warning released in December 2020, DoppelPaymer has targeted multiple organizations in healthcare, educational, governmental and other sectors. The attack routine is highly sophisticated and aggressive, allowing its operators to extort six- and seven-digit ransoms from their victims. Notably, […]
Companies worldwide are reported to have failed victims of the recent ransomware attack by Mount Locker. The new ongoing ransomware attack targets corporate networks and demands millions of dollars ransom payment is Bitcoins, and the hackers utter threats to reveal the encrypted data publicly if the victims refuse to pay ransom. Mount Locker ransomware activity […]
Today, we want to draw your attention to another ransomware targeting at Italian-speaking users. First spotted by the researchers back in 2013, FTCode is PowerShell based ransomware that is distributed via spam. In the recent attacks, the FTCode ransomware was delivered to the victim machines with an email containing an attachment pretending to be an […]
Delaware, USA ā June 18, 2019 ā One of the leaders of airplane parts manufacturing was informed to have shut down operations at its plants because of a large-scale ransomware attack. Asco Industries who is the leader in the design and manufacture of major functional components for Boeing and Airbus commercial passenger jets, Airbus A400M […]
Delaware, USA ā April 8, 2019 ā Another local infrastructure was hit by massive ransomware attack. Disruption of routine operations requiring a computer and inability to process payments is only the top of the iceberg of all the issues that Genesee County, Michigan faced trying to restore after the Packman ransomware attack, the abc12 informs. […]
Good news everyone! After a rather long day, night and morning of studying the news, researching and hunting the #WannaCryĀ ransomwarewormĀ there are some discoveries to be shared.. This includesĀ HostĀ andĀ NetworkĀ IOCs, their analysis obtained with help of fellowĀ security researchersĀ and practitioners, review of C2 infrastructure and its interactions with Tor. Last but not least are some freeĀ SIEM use casesĀ that […]