Search cyberveille.decio.ch

Found 5 bookmarks

Custom sorting

HijackLoader evolution: abusing genuine signing certificates

Since mid-September 2024, our telemetry has revealed a significant increase in “Lumma Stealer”1 malware deployments via the “HijackLoader”2 malicious loader. On October 2, 2024, HarfangLab EDR detected and blocked yet another HijackLoader deployment attempt – except this time, the malware sample was properly signed with a genuine code-signing certificate. In response, we initiated a hunt for code-signing certificates (ab)used to sign malware samples. We identified and reported more of such certificates. This report briefly presents the associated stealer threat, outlines the methodology for hunting these certificates, and providees indicators of compromise.

#harfanglab #EN #2024 #HijackLoader #captcha #fake #malicious #loader #campaign

·harfanglab.io·Oct 18, 2024

HijackLoader evolution: abusing genuine signing certificates

WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution

Our TDR team has been investigating the WebDAV infrastructure used to distribute the Emmenhtal loader. Here are some key insights:

#sekoia #EN #2024 #webdav #WebDAV-as-a-Service #Emmenhtal #loader

·blog.sekoia.io·Sep 19, 2024

WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution

Emmenhtal: a little-known Emmenhtal distributing commodity infostealers worldwide

Following detections from our Managed Threat Detection (CyberSOC) teams, our CERT analysts were able to uncover several recent campaigns leading to CryptBot and Lumma infostealers. Some of these campaigns are still active and target various organizations worldwide. These campaigns leverage a little-documented loader we dubbed “Emmenhtal”, (because we are cheese lovers), which hides in the padding of a modified legitimate Windows binary and uses HTA. Emmenhtal likely surfaced at the beginning of 2024 and is possibly being distributed by several financially motivated threat actors through various means (from traditional email phishing lures to fake videos). IoCs can be found on our dedicated GitHub page here. Note: The analysis cut-off date for this report was August 07, 2024.

#orangecyberdefense #EN #2024 #Emmenhtal #loader #infostealers

·orangecyberdefense.com·Sep 19, 2024

Emmenhtal: a little-known Emmenhtal distributing commodity infostealers worldwide

PIKABOT, I choose you!

Elastic Security Labs observed new PIKABOT campaigns, including an updated version. PIKABOT is a widely deployed loader malicious actors utilize to distribute additional payloads.

#elastic.co #EN #2024 #new #campaign #loader

·elastic.co·Feb 27, 2024

PIKABOT, I choose you!

New Go-based Malware Loader Discovered I Arctic Wolf

Arctic Wolf Labs has discovered, based on recent intrusion observations, a new Go-based malware loader named CherryLoader

#arcticwolf #EN #2024 #Go-based #Malware #Loader #analysis #CherryLoader

·arcticwolf.com·Jan 29, 2024

New Go-based Malware Loader Discovered I Arctic Wolf