Malware - Cybersec Sentinel (Page 6)

Malware

A collection of 114 posts

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

Threat Group: Mysterious Elephant (APT-K-47) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: WinRAR Vulnerability (CVE-2023-38831) Malware Used: Asyncshell (versions 1 through 4), ORPCBackdoor, MSMQSPY Threat Score: High (8.5/10) — Due to its targeted approach, advanced obfuscation techniques, and evolving attack vectors. Last Threat Observation: November 27, Overview APT-K-47,

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Threat Group: Gelsemium APT Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: Linux systems, specifically Apache Tomcat servers Malware Used: WolfsBane (Linux backdoor), FireWood (Linux backdoor) Threat Score: High (8.5/10) — Focus on critical infrastructure, advanced obfuscation, and cross-platform targeting. Last Threat Observation: November 22, 2024. Overview The WolfsBane

Vietnamese Hackers Use Python Based PXA Stealer for Sensitive Data Theft

Vietnamese Hackers Use Python Based PXA Stealer for Sensitive Data Theft

Threat Group: Vietnamese-speaking threat actors (linked to CoralRaider and Lone None) Threat Type: Information Stealer Exploited Vulnerabilities: Targets sensitive data including credentials, VPNs, FTP clients, browser cookies, and gaming platforms Malware Used: PXA Stealer Threat Score: High (9.0/10) — Comprehensive data theft capabilities and strong targeting focus on government

Iranian Hackers Deploy WezRat in Targeted Phishing Campaigns

Iranian Hackers Deploy WezRat in Targeted Phishing Campaigns

Threat Group: - Emennet Pasargad (Cotton Sandstorm) Threat Type: - Remote Access Trojan (RAT) / Infostealer Exploited Vulnerabilities: - Social engineering through phishing campaigns Malware Used: - WezRat Threat Score: - High (8.5/10) — Due to its modular design, advanced espionage capabilities, and targeted nature. Last Threat Observation: - November

HawkEye Malware Continues to Threaten Organizations with Advanced Evasion

HawkEye Malware Continues to Threaten Organizations with Advanced Evasion

Threat Group: Various Cybercriminal Actors Threat Type: Information-Stealing Malware Exploited Vulnerabilities: Primarily delivered via phishing emails and "free" software disguised as malware; also targets vulnerabilities in Microsoft Office to execute malicious code. Malware Used: HawkEye, also known as PredatorPain Threat Score: High (8.5/10) — Given its long

Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack

Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack

Threat Group: Smoke Sandstorm (also tracked as TA455) Threat Type: Trojan Loader Exploited Vulnerabilities: Phishing and social engineering tactics Malware Used: SnailResin (loader), SlugResin (backdoor) Threat Score: High (8.5/10) — Due to advanced delivery techniques, cross-industry targeting, and evasive C2 methods Last Threat Observation: November 14, 2024. Overview The

Ymir and RustyStealer Malware Duo Escalates Cyber Threat Landscape

Ymir and RustyStealer Malware Duo Escalates Cyber Threat Landscape

Threat Group: Unidentified Threat Actor Threat Type: Ransomware, Info-Stealer Exploited Vulnerabilities: Common file encryption mechanisms, credential theft techniques Malware Used: Ymir Ransomware, RustyStealer Threat Score: High (8.2/10) — Due to its dual-impact functionality that combines data theft with ransomware encryption. Last Threat Observation: November 10, 2024 Overview A newly

Advanced Malware SteelFox Uses Windows Vulnerabilities for System Access

Advanced Malware SteelFox Uses Windows Vulnerabilities for System Access

Threat Group: Unknown Threat Type: Crimeware Bundle (Information Stealer and Cryptominer) Exploited Vulnerabilities: CVE-2020-14979, CVE-2021-41285 Malware Used: SteelFox Threat Score: High (8.5/10) — Due to advanced privilege escalation, data theft, and cryptocurrency mining techniques. Last Threat Observation: November 2024 Overview SteelFox is a sophisticated malware campaign that combines information-stealing

AndroxGh0st Malware Evolves to Target IoT and Critical Infrastructure

AndroxGh0st Malware Evolves to Target IoT and Critical Infrastructure

Threat Group: Unknown Threat Type: Malware/Botnet Exploited Vulnerabilities: CVE-2017-9841, CVE-2018-15133, CVE-2021-41773 Malware Used: AndroxGh0st Threat Score: High (8.5/10) — Due to its focus on critical infrastructure, advanced exploitation techniques, and integration with other botnets. Last Threat Observation: November 8 Overview AndroxGh0st is a Python-based malware that has evolved

Remcos RAT Malware Campaign Poses Persistent Threat to Windows Users

Remcos RAT Malware Campaign Poses Persistent Threat to Windows Users

Cybersec Sentinel November 9, 2024 Threat Group: Various Cybercriminal Entities Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Phishing emails, CVE-2017-0199, multi-layer obfuscation Malware Used: Remcos RAT Threat Score: Medium Last Threat Observation: November 9, 2024 Overview Remcos RAT, a commercial RAT initially marketed as a legitimate tool for remote