Cybersec Sentinel (Page 2)

Detect IOCs with YARA on Ubuntu and Windows

Detect IOCs with YARA on Ubuntu and Windows

YARA is one of the most versatile and powerful tools in the arsenal of security engineers and malware analysts. Whether you're defending Windows fleets or Linux servers, mastering YARA means being able to rapidly scan, classify, and hunt down malicious files and patterns based on known indicators of

Threat Actor Azote Group Expands Nitrogen Ransomware Campaign Targeting IT and Finance

Threat Actor Azote Group Expands Nitrogen Ransomware Campaign Targeting IT and Finance

Threat Group: Azote Group / UNC4696 Threat Type: Ransomware (Double Extortion), Initial Access Broker Exploited Vulnerabilities: Malvertising, DLL Sideloading, Vulnerable Drivers, Social Engineering Malware Used: NitrogenLoader, NitrogenInstaller, NitrogenStager, Sliver, Cobalt Strike, BlackCat/ALPHV, KeeLoader Threat Score: 🔥 Critical (9.1/10) – Due to its modular, evasive attack chain, and confirmed links to

Skitnet Malware C2 via DNS and Rust Loader Threatens Enterprise Networks

Skitnet Malware C2 via DNS and Rust Loader Threatens Enterprise Networks

Threat Group: - LARVA-306 Threat Type: - Post-Exploitation Malware / Remote Access Trojan (RAT) Exploited Vulnerabilities: - Not tied to specific CVEs; deployed post-compromise Malware Used: - Skitnet (Bossnet) Threat Score: - 🔴 High (8.3/10) – Due to its DNS C2, Rust/Nim modular design, stealthy persistence, and ransomware group integration

DefenderNot Tool Disables Microsoft Defender Using Taskmgr Injection and WSC Abuse

DefenderNot Tool Disables Microsoft Defender Using Taskmgr Injection and WSC Abuse

Threat Group: Independent Researcher "es3n1n" Threat Type: Defense Evasion / Security Bypass Utility Exploited Vulnerabilities: None (Abuse of undocumented WSC API functionality) Malware Used: None (Standalone Tool with modular components) Threat Score: 🔴 High (7.3/10) – Due to DLL injection into Taskmgr.exe, WSC spoofing, and reliable persistence mechanisms

PowerShell-Delivered Chihuahua Stealer Distributed via Google Drive Targets Credentials and Wallets

PowerShell-Delivered Chihuahua Stealer Distributed via Google Drive Targets Credentials and Wallets

Threat Group: Unknown Threat Type: Infostealer Malware Exploited Vulnerabilities: None (Relies on social engineering and legitimate services) Malware Used: Chihuahua Stealer Threat Score: 🔴 High (7.8/10) – Due to its advanced encryption techniques, stealthy multi-stage execution, and targeting of sensitive data such as browser credentials and cryptocurrency wallets. Last Threat

PupkinStealer Emerges as New .NET Malware Threat Targeting Browser and Messaging Data

PupkinStealer Emerges as New .NET Malware Threat Targeting Browser and Messaging Data

Threat Group: Ardent (tentative attribution) Threat Type: Information Stealer Exploited Vulnerabilities: None (requires user execution) Malware Used: PupkinStealer Threat Score: 🔶 Elevated (6.5/10) – Due to effective data theft techniques, reliance on trusted platforms like Telegram for exfiltration, and potential for privacy breaches across enterprise and personal systems. Last Threat

LOSTKEYS Malware Campaign Traced to Cold River Threat Group

LOSTKEYS Malware Campaign Traced to Cold River Threat Group

Threat Group: Cold River (linked to Russia’s Federal Security Service) Threat Type: Advanced Persistent Threat (APT) Malware Exploited Vulnerabilities: Not publicly disclosed Malware Used: LOSTKEYS Threat Score: 🔥 Critical (9.2/10) – Due to its advanced data exfiltration capabilities, targeting of high-profile entities, and association with a state-sponsored group Last

Golden Chickens Deploy TerraStealerV2 and TerraLogger in Credential Theft Surge

Golden Chickens Deploy TerraStealerV2 and TerraLogger in Credential Theft Surge

Threat Group: Golden Chickens (aka Venom Spider) Threat Type: Malware-as-a-Service (MaaS) Exploited Vulnerabilities: Social engineering via spear-phishing and LOLBins Malware Used: TerraStealerV2, TerraLogger, TerraLoader Threat Score: 🟠 Elevated (6.5/10) – Due to its credential-harvesting capabilities, stealth techniques, and deployment through widely used social engineering tactics. Last Threat Observation: May 3l

TheWizards APT Exploits IPv6 to Hijack Updates and Deploy Dual-Platform Malware

TheWizards APT Exploits IPv6 to Hijack Updates and Deploy Dual-Platform Malware

Threat Group: TheWizards Threat Type: Advanced Persistent Threat (APT) – Cyberespionage Exploited Vulnerabilities: IPv6 SLAAC/NDP Trust Exploitation Malware Used: Spellbinder (AitM tool), WizardNet (Windows modular backdoor), DarkNights / DarkNimbus (Android spyware) Threat Score: 🔥 Critical (9.1/10) due to use of advanced IPv6-based adversary-in-the-middle techniques, dual-platform malware deployment, and targeting of

Cozy Bear Launches Wine-Tasting Phishing Campaign to Deploy WineLoader

Cozy Bear Launches Wine-Tasting Phishing Campaign to Deploy WineLoader

Threat Group: APT29 (Cozy Bear / Midnight Blizzard / NOBELIUM) Threat Type: Advanced Persistent Threat (APT) – Cyberespionage Exploited Vulnerabilities: None (social engineering and DLL side-loading) Malware Used: GrapeLoader (initial-stage loader), WineLoader (modular backdoor) Threat Score: 🔥 Critical (9.2/10) due to campaign sophistication, high-value diplomatic targeting, and stealth evasion techniques Last Threat