Threat Reports

What is the LODEINFO malware? Analysis of LODEINFO The infection flow Update of the Downloader Shellcode Remote Template Injection Maldoc VBA code embedded in M…

Threat Analysis Group sheds light on Russian threat COLDRIVER’s use of malware.

Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, the threat actor used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files.

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash. - GitHub - Bert-JanP/O...

A requirements-driven approach to cyber threat intelligence represents a commitment across the intelligence lifecycle to explicitly meet the specified needs of all relevant stakeholders.

A curated list of Awesome Threat Intelligence Blogs.

In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More

Cyble analyzes SharpPanda, a highly sophisticated APT group utilizing spear-phishing tactics to launch cyberattacks on G20 Nation officials.

Key Findings: Introduction In this report, Check Point research reveals new findings of an activity cluster closely related to Phosphorus. The research presents a new and improved infection chain leading to the deployment of a new version of PowerLess. This implant was attributed to Phosphorus in the past, an Iran-affiliated threat group operating in the Middle East […]

Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the 3CX attack was carried out by Lazarus.

null

We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023.

We at K7 Labs recently identified an interesting technique used by threat actors to execute a Remote Admin Tool. We […]

Overview On Oct 21, 2022, 360Netlab's honeypot system captured a suspicious ELF file ee07a74d12c0bb3594965b51d0e45b6f, which propagated via F5 vulnerability with zero VT detection, our system observces that it communicates with IP 45.9.150.144 using SSL with forged Kaspersky certificates, this caught our attention. After further lookup, we confirmed

Data leak : In-depth forensic & threat intelligence analysis of the tactics, tools & procedures of an advanced and persistant attack, by the Intrinsec CERT.

This commercial malware is used to download and deploy additional malware and ransomware on infected machines. We analyzed the latest version

ORKL Threat Intelligence Library

ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers.

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group

ESET research discovers several previously undocumented post-compromise tools used by the highly active Gamaredon APT group in various malicious campaigns.

ToddyCat is a relatively new APT actor, its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.