Transparent Tribe (aka PROJECTM and MYTHIC LEOPARD) is a cyber espionage unit that is linked to the Pakistani government and has been active since at least 2013. The group has been quite active in the last four years targeting primarily Indian military and government personnel, but during the last year, they attacked more and more […]
Another Infostealer with backdoor functions was discovered in late July. Malware authors advertise it on Russian cybercrime forums and sell various modifications of the utility at an affordable price. New Infostealer is written in C++ and was dubbed PurpleWave by its authors. The malware can perform a number of malicious actions of a hacker’s choice […]
It’s been a year since the first malware timidly exploited DNS-over-HTTPS (DoH) to retrieve the IPs for the command-and-control infrastructure. Security researchers had already warned that this could be a serious problem and started to look for a solution that would help detect such malicious traffic. More and more malware has been switching to DoH […]
The Gamaredon group appeared in 2013 and at first, did not use custom malware, but over time developed a number of cyber espionage tools, including Pterodo and EvilGnome malware. In recent months, the group has been actively sending phishing emails with documents containing malicious macros that download a multitude of different malware variants. The Gamaredon […]
In today’s news, we want to warn you about the ongoing campaign by Water Nue targeting the business Office 365 accounts in the US and Canada. Notably, the fraudsters successfully reached a number of high-level managers in companies worldwide and harvested over 800 sets of credentials. Although their phishing toolset is limited, they do not […]
Today’s article is somewhat a continuation of Detection Content: Arkei Stealer since the author of the detection rule for Ave Maria RAT is the same, and both malicious tools have recently been actively spread using the Spamhaus Botnet. Ave Maria is a Remote Access Trojan that is often used by adversaries to take over the […]
Today, in the Threat Hunting Rules category, we are pleased to present you a new rule developed by Ariel Millahuel, which detects Redaman RAT: https://tdm.socprime.com/tdm/info/gAF3sheoIG9y/qtkZmnMBQAH5UgbBy6do/?p=1 Redaman is a form of banking trojans distributed by phishing campaigns. It was first seen in 2015 and reported as the RTM banking Trojan, new versions of Redaman appeared in […]
As you know, Malware-as-a-Service (MaaS) is a business that has already become commonplace and runs on the underground forums and black markets offering an array of services. The first attacks using Golden Chickens MaaS began back in 2017, and the Cobalt group was among their first “clients”. The success of this project heavily relies on […]
For never was a story of more woe than this of once again returning Emotet. This time, there were no full-scale campaigns for about seven months, although isolated cases of infection were recorded and researchers found documents distributing this malware. The attacks resumed last Friday, with the botnet sending about 250,000 emails in a matter […]
July turned out to be fruitful for disclosed critical vulnerabilities: CVE-2020-5903 (F5 BIG-IP), CVE-2020-8193 (Citrix ADC / Netscaler), CVE-2020-2034 (Palo Alto PAN-OS), CVE-2020-6287 (SAP Netweaver), CVE-2020-3330 (Cisco VPN / Firewalls), and CVE-2020-1350 (aka SIGRed, the vulnerability in Microsoft Windows DNS Server). Last week, Threat Bounty Program contributors and the SOC Prime team published a series […]