Malware - Cybersec Sentinel (Page 8)

Malware

A collection of 121 posts

GHOSTPULSE Infiltration via MSIX Application Packages

GHOSTPULSE Infiltration via MSIX Application Packages

Threat Group: Unknown Threat Type: Multi-stage Malware Loader Exploited Vulnerabilities: DLL Side-loading, Module Stomping, Process Doppelgänging Malware Used: GHOSTPULSE Threat Score: High (8.5/10) — Due to advanced evasion techniques and targeting of commonly used software through deceptive MSIX packages. Last Threat Observation: October 30, 2024 Overview GHOSTPULSE is a

Espionage and Influence Meet Malware in UNC5812's Campaign Against Ukraine

Espionage and Influence Meet Malware in UNC5812's Campaign Against Ukraine

Threat Group: UNC5812 Threat Type: Hybrid Espionage and Influence Operation Exploited Vulnerabilities: Android and Windows vulnerabilities, including CVE-2024-47575 Malware Used: SUNSPINNER, PURESTEALER, CRAXSRAT, Pronsis Loader Threat Score: High (8.5/10) — due to multifaceted espionage and influence tactics targeting military sectors. Last Threat Observation: October 29, 2024 Overview UNC5812, a

IoT Security at Risk as Mirai Variants Intensify DDoS Attacks

IoT Security at Risk as Mirai Variants Intensify DDoS Attacks

Threat Group: - Unknown Threat Type: - IoT Botnet Malware Exploited Vulnerabilities: - Multiple IoT vulnerabilities, including CVE-2024-7029 Malware Used: - V3G4, Corona Mirai Threat Score: - High (8.8/10) due to its ability to exploit critical vulnerabilities in IoT devices and launch massive DDoS attacks. Last Threat Observation:

SocGholish and FakeUpdate Evolved Threats in Browser-Based Attacks

SocGholish and FakeUpdate Evolved Threats in Browser-Based Attacks

Threat Group: TA569 (SocGholish operators) Threat Type: Malware Delivery via Fake Update Alerts Exploited Vulnerabilities: Compromised websites with JavaScript injection Malware Used: SocGholish (FakeUpdate), NetSupport RAT, Raspberry Robin Worm Threat Score: High (8.5/10) — Effective social engineering with broad targeting and advanced persistence techniques Last Threat Observation: October 2024

ValleyRAT Malware Exploits Privilege Escalation and Evasion in Targeted Attacks

ValleyRAT Malware Exploits Privilege Escalation and Evasion in Targeted Attacks

Threat Group: Silver Fox (suspected) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege abuse through COM interfaces (CMSTPLUA, fodhelper.exe), Scheduled Task creation, Registry Run Keys manipulation Malware Used: ValleyRAT Threat Score: High (8.5/10) — Due to advanced evasion, multi-stage infection, and targeted campaign scope within China Last

DarkComet Malware Resurgence Highlights Growing Cybersecurity Concerns

DarkComet Malware Resurgence Highlights Growing Cybersecurity Concerns

Threat Group: DarkComet (a.k.a. Fynloski, Breut, Krademok) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Registry modifications, phishing, drive-by downloads, unpatched software vulnerabilities Malware Used: DarkComet RAT (Versions 5.3.1, other variants) Threat Score: High (8.5/10) Last Threat Observation: October 23, 2024 Overview DarkComet RAT

Bumblebee Malware Adapts to Evade Detection in New Attack Campaign

Bumblebee Malware Adapts to Evade Detection in New Attack Campaign

Threat Group: Likely Trickbot or Conti affiliates Threat Type: Malware Loader Exploited Vulnerabilities: Social engineering, phishing emails, MSI installer misuse Malware Used: Bumblebee Threat Score: High (8.5/10) Last Threat Observation: October 2024 (Resurfaced) Overview Bumblebee, a sophisticated malware loader, has resurfaced in October 2024, just months after law

Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities

Dual Threat Crystal Rans0m Combines Ransomware and Infostealing Capabilities

Threat Group: Unattributed Threat Type: Hybrid ransomware with stealer capabilities Exploited Vulnerabilities: Outdated software, phishing, P2P downloads Malware Used: Crystal Rans0m (Rust-based) Threat Score: High (8.5/10) — Due to the combination of file encryption, information theft, modular structure, and anti-VM techniques. Last Threat Observation: October 21, 2024 Overview Crystal