Windows - Cybersec Sentinel

Windows

A collection of 13 posts

Active Exploitation of NTLM Hash Theft in Windows via CVE-2025-24054

Vulnerabilities

Active Exploitation of NTLM Hash Theft in Windows via CVE-2025-24054

Threat Group: Unattributed (suspected infrastructure overlap with APT28); prior similar CVE exploited by UAC-0194 and Blind Eagle (APT-C-36) Threat Type: NTLM Hash Theft, Relay Attack Vector Exploited Vulnerabilities: CVE-2025-24054 (NTLM Hash Disclosure via .library-ms), variant of CVE-2024-43451 Malware Used: None directly tied; secondary payloads possible (RATs, e.g., SparkRAT in

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Credential Theft and MBR Wipe Drive Severe Impact Rating for Neptune RAT

Threat Group – Individuals using the aliases ABOLHB and Rino, operating as the Mason Team / FreeMasonry group and distributing the malware through a freemium Malware‑as‑a‑Service model. Threat Type – Remote Access Trojan with credential theft, ransomware, destructive wipe, and clipboard hijacking plug‑ins. Exploited Vulnerabilities – Social‑engineering of users

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

PipeMagic Trojan and the Zero-Day Exploits Targeting Windows CLFS

Threat Group: Storm-2460 Threat Type: Modular Malware, Zero-Day Exploitation, Ransomware Deployment Exploited Vulnerabilities: CVE-2025-29824 (CLFS Use-After-Free), CVE-2025-24983 (Win32k Use-After-Free), CVE-2023-28252 (CLFS Out-of-Bounds Write) Malware Used: PipeMagic Trojan Threat Score: 8.4/10 – 🔴 High (due to exploitation of multiple zero-days, advanced evasion techniques, and association with ransomware families like RansomEXX and

Raspberry Robin Malware: USB Worm Turned Initial Access Powerhouse

Raspberry Robin Malware: USB Worm Turned Initial Access Powerhouse

Threat Group: Storm-0856 (Roshtyak) Threat Type: Initial Access Broker (IAB), Malware Loader, USB Worm Exploited Vulnerabilities: CVE-2023-36802, CVE-2023-29360 Malware Used: Raspberry Robin (aka Roshtyak, QNAP worm) Threat Score: 🔴 High (8.4/10) – Ongoing use by ransomware groups and Russian state-backed actors, with evolving delivery techniques and C2 infrastructure. Last Threat

The New Ransomware Menace Vgod Gains Momentum

The New Ransomware Menace Vgod Gains Momentum

Threat Group – Vgod Crew Threat Type – Ransomware Exploited Vulnerabilities – Unpatched remote code execution flaws, vulnerabilities in VPNs, weak passwords Malware Used – Vgod Ransomware, Custom Trojanized Toolsets Threat Score – High (8.7 out of 10) – Reflecting advanced encryption, double extortion tactics, cross-platform targeting, and alignment with broader ransomware trends Last Threat

From Stealers to Ransomware PureCrypter Delivers It All

From Stealers to Ransomware PureCrypter Delivers It All

Threat Group: - Unknown (Distributed by cybercriminals through various malware-as-a-service campaigns) Threat Type: - Malware Loader Exploited Vulnerabilities: - Primarily relies on phishing emails with malicious attachments or links Malware Used: - PureCrypter Threat Score: - High (8.2/10) – Due to its ability to deliver multiple malware strains and

Advanced Evasion Techniques Used by NonEuclid RAT

Advanced Evasion Techniques Used by NonEuclid RAT

Threat Group: Developer unknown, promoted by underground forums and individual actors Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Privilege escalation, outdated security patches, and social engineering Malware Used: NonEuclid RAT Threat Score: High (9.0/10) – Advanced persistence, ransomware capabilities, and widespread appeal within cybercrime circles Last Threat Observation:

Ymir and RustyStealer Malware Duo Escalates Cyber Threat Landscape

Ymir and RustyStealer Malware Duo Escalates Cyber Threat Landscape

Threat Group: Unidentified Threat Actor Threat Type: Ransomware, Info-Stealer Exploited Vulnerabilities: Common file encryption mechanisms, credential theft techniques Malware Used: Ymir Ransomware, RustyStealer Threat Score: High (8.2/10) — Due to its dual-impact functionality that combines data theft with ransomware encryption. Last Threat Observation: November 10, 2024 Overview A newly

Advanced Malware SteelFox Uses Windows Vulnerabilities for System Access

Advanced Malware SteelFox Uses Windows Vulnerabilities for System Access

Threat Group: Unknown Threat Type: Crimeware Bundle (Information Stealer and Cryptominer) Exploited Vulnerabilities: CVE-2020-14979, CVE-2021-41285 Malware Used: SteelFox Threat Score: High (8.5/10) — Due to advanced privilege escalation, data theft, and cryptocurrency mining techniques. Last Threat Observation: November 2024 Overview SteelFox is a sophisticated malware campaign that combines information-stealing

Remcos RAT Malware Campaign Poses Persistent Threat to Windows Users

Remcos RAT Malware Campaign Poses Persistent Threat to Windows Users

Cybersec Sentinel November 9, 2024 Threat Group: Various Cybercriminal Entities Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: Phishing emails, CVE-2017-0199, multi-layer obfuscation Malware Used: Remcos RAT Threat Score: Medium Last Threat Observation: November 9, 2024 Overview Remcos RAT, a commercial RAT initially marketed as a legitimate tool for remote