Nanocore RAT has been used in cyberattacks for about 7 years, and there are a huge number of modifications of this trojan. Official, “semi-official” and cracked versions of this malware are sold on forums on the DarkNet, and sometimes even given away for free, so it is not surprising that the number of attacks using […]
The Lazarus APT group is one of the few state-sponsored cyber espionage units that also handle financially motivated cybercrimes and it is the most profitable threat actor in the cryptocurrency scene which managed to steal about $2 billion. In 2017 alone, the group stole more than half a billion dollars in cryptocurrency, so their interest […]
Transparent Tribe (aka PROJECTM and MYTHIC LEOPARD) is a cyber espionage unit that is linked to the Pakistani government and has been active since at least 2013. The group has been quite active in the last four years targeting primarily Indian military and government personnel, but during the last year, they attacked more and more […]
Late last week, Ariel Millahuel released community threat hunting rule to detect BLINDINGCAN Remote Access Trojan that is used by North Korean state-sponsored hackers: https://tdm.socprime.com/tdm/info/pi0B7x1SzQlU/FiBkEHQBSh4W_EKGcibk/?p=1 The rule is based on a malware analysis report recently published by CISA experts. Threat actor used BLINDINGCAN RAT in a cyberespionage campaign primarily targeted at the US defense and […]
It’s been a year since the first malware timidly exploited DNS-over-HTTPS (DoH) to retrieve the IPs for the command-and-control infrastructure. Security researchers had already warned that this could be a serious problem and started to look for a solution that would help detect such malicious traffic. More and more malware has been switching to DoH […]
Mekotio is one more Latin American banking trojan that is targeted at users mainly in Brazil, Mexico, Spain, Chile, Peru, and Portugal. This is persistent malware that is distributed via phishing emails and ensures persistence either by creating an LNK file in the startup folder or using a Run key. It is capable of stealing […]
Since the start of the pandemic, video conferencing solutions have become an integral part of the workflow in many organizations. First, Zoom took the lead, and many cybercriminals immediately began using it in phishing campaigns, taking advantage of the fact that a huge number of employees had not previously used this technology. Soon, security researchers […]
Today’s article is somewhat a continuation of Detection Content: Arkei Stealer since the author of the detection rule for Ave Maria RAT is the same, and both malicious tools have recently been actively spread using the Spamhaus Botnet. Ave Maria is a Remote Access Trojan that is often used by adversaries to take over the […]
Arkei Stealer is a variant of infostealer malware and its functionality is similar to Azorult malware: it steals sensitive information, credentials, and private keys to cryptocurrency wallets. The malware is sold on underground forums, and anyone can acquire and use both the “legitimate” version and the cracked version of Arkei Stealer, making it difficult to […]
Today we want to pay attention to the community IOC Sigma rule submitted by Ariel Millahuel to detect the creation of mock directories that can be used to bypass User Account Control (UAC): https://tdm.socprime.com/tdm/info/KB1bISN0mbzm/Hua9s3MBSh4W_EKGTlO2/?p=1 A mock folder is a specific imitation of a Windows folder with a trailing space in its name, and the security […]