Scarab ransomware was spotted for the first time in June 2017 and had been reappearing with new versions since then. This ransomware is one of the many HiddenTear variants, an open source ransomware Trojan released in 2015. The recently discovered versions of ransomware use an improved RSA encryption method and add various extensions to infected […]
PipeMon is a modular backdoor that is signed with a certificate belonging to a video game company, which was compromised by Winnti group in 2018. Researchers at ESET discovered this backdoor used in attacks on companies in South Korea and Taiwan that develop popular Massively Multiplayer Online games. They named the backdoor PipeMon because the […]
Last week, CISA, FBI, and DoD released malware analysis reports on recently discovered tools of the notorious Lazarus group that perform operations in the interests of the North Korean government. The malware variants, called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, can be used for reconnaissance and deleting confidential information on target systems. TAINTEDSCRIBE malware is used as […]
We start the week with a new rule from Emir Erdogan – HawkEye Multiple Detection (Covid19 Themed Phishing Campaign). This malware is also known as Predator Pain steals a variety of sensitive information from the infected system, including bitcoin wallet information and credentials to browsers and mail clients. The stealer is capable of taking screenshots […]
Remcos RAT was first spotted in 2016. Now it hat purports to be a legitimate remote access tool but it was used in multiple global hacking campaigns. On various sites and forums, cybercriminals advertise, sell, and offer the cracked version of this malware. Since the end of February, security researchers have discovered several campaigns that […]
Most of the rules published on the Threat Detection Marketplace are aimed at detecting attacks on Windows systems. This is not surprising since most of the threats specifically targeted at the Microsoft operating system, as it is the most popular. But there are serious threats for other operating systems, so today we will tell you […]
Bladabindi backdoor has been known since at least 2013, its authors monitor cybersecurity trends and improve backdoor to prevent its detection: they recompile, refresh, and rehash it, so IOCs-based detection content is almost useless. In 2018, the Bladabindi backdoor became fileless and was used as a secondary payload delivered by njRAT / Njw0rm malware. The […]
New community rule by Ariel Millahuel that enables detection of Buer loader is available on Threat Detection Marketplace: https://tdm.socprime.com/tdm/info/5F93tXFdZmx9/ Buer is a modular loader that was first spotted at the end of last summer and since then this malware has been actively promoted on the underground marketplaces. Proofpoint researchers tracked multiple campaigns spreading Buer loader, […]