Search cyberveille.decio.ch

Found 8 bookmarks

Custom sorting

Dissecting TriangleDB, a Triangulation spyware implant

In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details.

#securelist #EN #2023 #Apple #iOS #APT #Malware-Descriptions #Spyware #Targeted-attacks #Triangulation #malware

·securelist.com·Jun 21, 2023

Dissecting TriangleDB, a Triangulation spyware implant

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist

A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020.

#securelist #APT #Backdoor #Data-theft #Lazarus #Malware-Descriptions #Gopuram #guard64.dll #3CX

·securelist.com·Apr 4, 2023

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist

DNS changer in malicious mobile app used by Roaming Mantis

Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.

#securelist #EN #2023 #APT #RoamingMantis #Google-Android #Malware-Descriptions #Shaoye #Malware-Technologies #Mobile-Malware #Targeted-attacks #Trojan

·securelist.com·Jan 20, 2023

DNS changer in malicious mobile app used by Roaming Mantis

Kimsuky’s GoldDragon cluster and its C2 operations | Securelist

Kimsuky is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

#securelist #2022 #EN #APT #Keyloggers #Kimsuky #Malware-Descriptions #Microsoft-Word #Spear-phishing #Targeted-attacks #North-Korea

·securelist.com·Aug 28, 2022

Kimsuky’s GoldDragon cluster and its C2 operations | Securelist

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist

#securelist #APT #Backdoor #Data-theft #Lazarus #Malware-Descriptions #Gopuram #guard64.dll #3CX

·securelist.com·Apr 4, 2023

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist

DNS changer in malicious mobile app used by Roaming Mantis

#securelist #EN #2023 #APT #RoamingMantis #Google-Android #Malware-Descriptions #Shaoye #Malware-Technologies #Mobile-Malware #Targeted-attacks #Trojan

·securelist.com·Jan 20, 2023

DNS changer in malicious mobile app used by Roaming Mantis

Kimsuky’s GoldDragon cluster and its C2 operations | Securelist

Kimsuky is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

#securelist #2022 #EN #APT #Keyloggers #Kimsuky #Malware-Descriptions #Microsoft-Word #Spear-phishing #Targeted-attacks #North-Korea

·securelist.com·Aug 28, 2022

Kimsuky’s GoldDragon cluster and its C2 operations | Securelist

Kimsuky is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

#securelist #2022 #EN #APT #Keyloggers #Kimsuky #Malware-Descriptions #Microsoft-Word #Spear-phishing #Targeted-attacks #North-Korea

·securelist.com·Aug 28, 2022

Kimsuky’s GoldDragon cluster and its C2 operations | Securelist