Powershell - Cybersec Sentinel

Powershell

A collection of 5 posts

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

Gamaredon Revives Remcos RAT in Fileless LNK Shortcut Attacks

$Threat Group: Gamaredon (a.k.a. Primitive Bear, UAC‑0010/UAC‑0184, Hive0156) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: LNK shortcut execution, mshta abuse, PowerShell scripting, DLL sideloading Malware Used: Remcos RAT v6.0.0 Pro Threat Score: 🔴 High (7.5/10) – Due to fileless in-memory execution, sophisticated

Katz Stealer Malware Targets Browsers Wallets and Messaging Platforms

Katz Stealer Malware Targets Browsers Wallets and Messaging Platforms

Threat Group: Unknown (operates via MaaS model) Threat Type: Credential and information-stealing malware (Infostealer) Exploited Vulnerabilities: Chrome ABE Bypass, UAC Bypass via cmstp.exe, Process Hollowing via MSBuild.exe Malware Used: Katz Stealer Threat Score: 🔴 High (8.2/10) Last Observed Activity: May 278 2025 Overview This report delivers a

PowerShell-Delivered Chihuahua Stealer Distributed via Google Drive Targets Credentials and Wallets

PowerShell-Delivered Chihuahua Stealer Distributed via Google Drive Targets Credentials and Wallets

Threat Group: Unknown Threat Type: Infostealer Malware Exploited Vulnerabilities: None (Relies on social engineering and legitimate services) Malware Used: Chihuahua Stealer Threat Score: 🔴 High (7.8/10) – Due to its advanced encryption techniques, stealthy multi-stage execution, and targeting of sensitive data such as browser credentials and cryptocurrency wallets. Last Threat

Evolving Techniques in Cloud Atlas Cyber Attacks

Evolving Techniques in Cloud Atlas Cyber Attacks

Threat Group: Cloud Atlas (also known as Inception) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: * CVE-2017-11882: Memory corruption in Microsoft Office. * CVE-2018-0802: Formula editor vulnerability in Microsoft Office exploited via malicious RTF files. Malware Used: * VBShower: Polymorphic VBS-based backdoor. * PowerShower: PowerShell-based malware for reconnaissance and lateral movement. * VBCloud: New

Ymir and RustyStealer Malware Duo Escalates Cyber Threat Landscape

Ymir and RustyStealer Malware Duo Escalates Cyber Threat Landscape

Threat Group: Unidentified Threat Actor Threat Type: Ransomware, Info-Stealer Exploited Vulnerabilities: Common file encryption mechanisms, credential theft techniques Malware Used: Ymir Ransomware, RustyStealer Threat Score: High (8.2/10) — Due to its dual-impact functionality that combines data theft with ransomware encryption. Last Threat Observation: November 10, 2024 Overview A newly