Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains
Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams.
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
Two ongoing campaigns bear hallmarks of North Korean state-sponsored threat actors, posing in job-seeking roles to distribute malware or conduct espionage.
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
A phony proof-of-concept (PoC) code for CVE-2023-40477 delivered a payload of VenomRAT. We detail our findings, including an analysis of the malicious code.
Six Malicious Python Packages in the PyPI Targeting Windows Users
Malicious packages on PyPI copy W4SP attacks to steal users’ credentials and crypto wallet data. This incident illustrates issues in open-source ecosystems.
Detecting Popular Cobalt Strike Malleable C2 Profile Techniques
We examine malicious Cobalt Strike case studies with distinct techniques using Malleable C2 profiles.
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet.
Threat Actors Rapidly Adopt Web3 IPFS Technology
Web3 technologies are seeing widespread adoption — including by TAs. We discuss Web3 technology InterPlanetary File System (IPFS), and malicious use of it.
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
The Vice Society ransomware gang exfiltrated victim network data using a custom Microsoft PowerShell script. We dissect how each function of it works.
GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers
New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.
Chinese PlugX Malware Hidden in Your USB Devices?
PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.
GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers
New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.
Chinese PlugX Malware Hidden in Your USB Devices?
PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.