Analysis of Redline Infostealer Campaign
Redline Stealer is a highly effective form of malware that is designed to steal sensitive information from infected systems. It was first discovered in 2018 that it can cause significant harm to...
Bumblebee malware is a relatively new type of malware downloader that has been linked to several cybercriminal groups. Previous waves of Bumblebee were delivered through ISO files that contain a malicious DLL and shortcut files (ISO, DLL and LNK files containing Bumblebee loader malware). Now they have moved to the Excel XLSM document to spread their malicious payload files.
Bumblebee infects its victims by initial infection vectors such as phishing and spam emails. These kind of emails contains Microsoft Office documents (Excel) or sometimes arrive in the form of password-protected archives.
Phishing attacks have become the de-facto delivery method of choice for threat actors lately. The idea is straightforward: an attacker creates a dropper and attaches it to an email with a compelling message designed to trick the target into opening the file. Security awareness training on “how to detect and avoid” these attacks is encouraging threat actors to use more sophisticated methods to launch spear phishing attacks in the last 18 months. (Example: sending a document disguised as an invoice or a shipping attachment).
Redline Stealer is a highly effective form of malware that is designed to steal sensitive information from infected systems. It was first discovered in 2018 that it can cause significant harm to...
Agent Tesla is a password-stealer and remote access trojan that collects information about the actions of its victims by eavesdropping on keystrokes and user interactions. It is marketed as...
AsyncRAT (Asynchronous Remote Access Trojan) is an open source remote administration malware that enables an attacker to take control of a victim's computer. It is a powerful tool that allows the...
In the previous post, we have seen the Agent Tesla malware has infected its victims by using .PS1 Powershell script to invoke the web request from the Blacklisted IPs. Agent Tesla’s successful...
Cobalt Strike is a popular penetration testing tool that allows users to emulate advanced threats, perform reconnaissance, hide communications, escalate privileges, move laterally across the...
Qakbot (aka Qbot or Pinkslipbot) is a banking trojan, which steals sensitive data from the targeted victims and attempts to self-propagate to other systems on the network. As we all know,...
QuasarRAT (aka: CinaRAT, Yggdrasil) is a well-known open-source remote access trojan (RAT) that has been widely spread in the wild which is developed using the C# programming language and also as...
Remcos RAT, also known as Remote Control and Surveillance RAT, is a remote access Trojan (RAT) that enables attackers to take control and get unauthorised access to a victim's computer. Malicious...
Lorenz is a human operated ransomware group that targets global organizations. To pressurize the victim, the malware operator threatens the user to leak data online if the ransom is not paid. The...
Qakbot (aka Qbot or Pinkslipbot) is a banking trojan, which steals sensitive data from the targeted victims and attempts to self-propagate to other systems on the network. As we all know,...