Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


2023-02-07 21:56   Massive Ransomware Attack Targets VMware ESXi Servers    #alienvault #威胁情报 A massive ransomware attack targeting VMware ESXi servers has infected more than 1,000 servers worldwide, according to a report by CERT-FR, a French cyber security agency, and Shodan.

2023-02-07 01:24   Oilrig Leveraging AutoHotkey To Launch Keyloggers    #alienvault #威胁情报 In this intrusion from August 2022, we observed a compromise that was initiated with a Word document containing a malicious VBA macro, which established persistence and communication to a command and control server (C2). Upon performing initial discovery and user enumeration, the threat actor used A

2023-02-07 01:15   PixPirate: a new Brazilian Banking Trojan    #alienvault #威胁情报 A new Android banking trojan, known as PixPirate, has been discovered in Brazil and is being used to steal sensitive information from users, including bank logins, and money transfers, in the second half of 2022.

2023-02-07 00:55   Dynamic Approaches seen in AveMaria    #alienvault #威胁情报 AveMaria is a Remote Access Trojan (RAT) infostealer malware that targets sensitive data with added capabilities of remote camera control and privilege escalation. This stealer has been growing in popularity among threat actors since appearing in December 2018. Over the past six months, researchers

2023-02-07 00:27   Phishing Attacks Against Ecuador    #alienvault #威胁情报 APT-C-36, also known as Blind Eagle, is an APT organization driven by economic interests. Since 2018, the group has been launching indiscriminate cyberattacks against citizens across South America. In a recent Blind Eagle campaign targeting Ecuadorian groups, researchers detected a new infection cha

2023-02-07 00:12   TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users    #alienvault #威胁情报 We analyzed an ongoing campaign that has been targeting Android users in Southeast Asia since July 2022. Its goal is to steal victims’ assets from finance and banking applications (such as cryptocurrency wallets, credentials for official bank apps on mobile, and money in deposit), via a banking troj

2023-02-06 22:12   New Medusa Botnet Emerging Via Mirai Botnet Targeting Linux Users    #alienvault #威胁情报 Since 2016, Mirai has been an active botnet that targets networking devices running Linux with vulnerabilities. The botnet takes advantage of these vulnerabilities in devices such as routers, IP cameras, and IoT devices to exploit them and gain complete control over the machine. With this control, M

2023-02-04 05:23   Qakbot’s Evolution Continues with New Strategies    #alienvault #威胁情报 The Qakbot malware has been delivered to victims through spam emails and a fake OneNote page, according to research by Cyble Research Intelligence Labs (CRIL) and the University of California, Los Angeles.

2023-02-04 04:10   Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware    #alienvault #威胁情报 EclecticIQ researchers continue to track a Chinese state-sponsored APT group called Mustang Panda. In December 2022, this group started targeting Europe with a new spearphishing campaign using a customized variant of the PlugX backdoor.

2023-02-04 03:55   NETWIRE Dynamic Configuration Extraction    #alienvault #威胁情报 NETWIRE is a Remote Access Tool (RAT) that has been used since at least 2014. It is a publicly available commodity malware and has been observed being used by financially motivated and nation-state actors.

2023-02-04 03:44   New APT34 Malware Targets The Middle East    #alienvault #威胁情报 Trend Micro analyzed an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.

2023-02-04 03:33   No Pineapple! –DPRK Targeting of Medical Research and Technology Sector    #alienvault #威胁情报 A report by WithSecure™ Threat Intelligence (DPRK) on a cyber-attack conducted in 2022 has been published by the International Institute for Strategic Studies (IISS) in the United States.

2023-01-20 22:58   Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)    #alienvault #威胁情报 Mandiant is tracking a suspected China-nexus campaign believed to have exploited a recently announced vulnerability in Fortinet's FortiOS SSL-VPN, CVE-2022-42475, as a zero-day. Evidence suggests the exploitation was occurring as early as October 2022 and identified targets include a European govern

2023-01-20 07:08   Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures    #alienvault #威胁情报 While threat hunting, Trend Micro found an active campaign using Middle Eastern geopolitical themes as a lure to target potential victims in the Middle East and Africa. Earth Bogle, the threat actor uses public cloud storage services such as and to host malware, while compromised

2023-01-20 06:42   Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner    #alienvault #威胁情报 Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results. At least one prominent user on the cryptocurrency scene has fallen victim to the campaign, claiming it allowed hacker hackers steal all their