Malware - Cybersec Sentinel (Page 4)

Malware

A collection of 99 posts

SmokeLoader A Modular Malware Loader Returns in Targeted Campaigns

SmokeLoader A Modular Malware Loader Returns in Targeted Campaigns

Threat Group: SMOKY SPIDER Threat Type: Modular Malware Loader Exploited Vulnerabilities: CVE-2017-0199, CVE-2017-11882 Malware Used: SmokeLoader (also known as Dofoil, Sharik) Threat Score: High (8.5/10) — Due to its advanced evasion techniques, modular capabilities, and recent resurgence targeting critical sectors. Last Threat Observation: December 3, 2024 Overview SmokeLoader, a

Rockstar 2FA Phishing Kit Empowers Hackers to Bypass MFA Defenses

Rockstar 2FA Phishing Kit Empowers Hackers to Bypass MFA Defenses

Threat Group: Storm-1575 Threat Type: Phishing-as-a-Service (PhaaS) Exploited Vulnerabilities: User credentials and session cookies Malware Used: Rockstar 2FA phishing kit Threat Score: High (8.5/10) — Due to its capability to bypass multi-factor authentication (MFA) and widespread targeting of Microsoft 365 users. Last Threat Observation: November 30, 2024 Overview The

Matrix Botnet Exploits IoT Devices for Widespread DDoS Attacks

Matrix Botnet Exploits IoT Devices for Widespread DDoS Attacks

Threat Group: Matrix Threat Type: Distributed Denial-of-Service (DDoS) Botnet Exploited Vulnerabilities: Weak/default credentials; known vulnerabilities in IoT devices, routers, and enterprise servers Malware Used: Mirai, PYbot, Pynet, DiscordGo, Homo Network Threat Score: High (8.5/10) — Due to its expansive scope targeting IoT and enterprise systems, easy-to-access attack tools,

Linux UEFI at Risk with Bootkitty Malware Emergence

Linux UEFI at Risk with Bootkitty Malware Emergence

Threat Group: Unknown Threat Type: UEFI Bootkit Exploited Vulnerabilities: Linux UEFI Firmware (Kernel Signature Verification Bypass) Malware Used: Bootkitty Threat Score: High (8.0/10) — Due to its advanced attack vector targeting the boot process and its implications for Linux system security. Last Threat Observation: November 27, 2024, Overview In

Earth Estries Uses GhostSpider Malware to Infiltrate High Value Targets

Earth Estries Uses GhostSpider Malware to Infiltrate High Value Targets

Threat Group: Earth Estries (also known as Salt Typhoon, GhostEmperor, UNC2286) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: Multiple N-day vulnerabilities in Ivanti Connect Secure, Fortinet FortiClient EMS, Sophos Firewall, and Microsoft Exchange Server Malware Used: GHOSTSPIDER backdoor, MASOL RAT, Demodex rootkit, Deed RAT (SNAPPYBEE) Threat Score: High (8.

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

Threat Group: Mysterious Elephant (APT-K-47) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: WinRAR Vulnerability (CVE-2023-38831) Malware Used: Asyncshell (versions 1 through 4), ORPCBackdoor, MSMQSPY Threat Score: High (8.5/10) — Due to its targeted approach, advanced obfuscation techniques, and evolving attack vectors. Last Threat Observation: November 27, Overview APT-K-47,

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Threat Group: Gelsemium APT Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: Linux systems, specifically Apache Tomcat servers Malware Used: WolfsBane (Linux backdoor), FireWood (Linux backdoor) Threat Score: High (8.5/10) — Focus on critical infrastructure, advanced obfuscation, and cross-platform targeting. Last Threat Observation: November 22, 2024. Overview The WolfsBane

Vietnamese Hackers Use Python Based PXA Stealer for Sensitive Data Theft

Vietnamese Hackers Use Python Based PXA Stealer for Sensitive Data Theft

Threat Group: Vietnamese-speaking threat actors (linked to CoralRaider and Lone None) Threat Type: Information Stealer Exploited Vulnerabilities: Targets sensitive data including credentials, VPNs, FTP clients, browser cookies, and gaming platforms Malware Used: PXA Stealer Threat Score: High (9.0/10) — Comprehensive data theft capabilities and strong targeting focus on government

Iranian Hackers Deploy WezRat in Targeted Phishing Campaigns

Iranian Hackers Deploy WezRat in Targeted Phishing Campaigns

Threat Group: - Emennet Pasargad (Cotton Sandstorm) Threat Type: - Remote Access Trojan (RAT) / Infostealer Exploited Vulnerabilities: - Social engineering through phishing campaigns Malware Used: - WezRat Threat Score: - High (8.5/10) — Due to its modular design, advanced espionage capabilities, and targeted nature. Last Threat Observation: - November

HawkEye Malware Continues to Threaten Organizations with Advanced Evasion

HawkEye Malware Continues to Threaten Organizations with Advanced Evasion

Threat Group: Various Cybercriminal Actors Threat Type: Information-Stealing Malware Exploited Vulnerabilities: Primarily delivered via phishing emails and "free" software disguised as malware; also targets vulnerabilities in Microsoft Office to execute malicious code. Malware Used: HawkEye, also known as PredatorPain Threat Score: High (8.5/10) — Given its long