Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


38min ago   Analysis of SideWinder's new infrastructure and tool that narrows their reach to Pakistan    #alienvault #威胁情报 Researchers from Group-IB Threat Intelligence have discovered a new malicious infrastructure and a custom tool of the Indian nation-state cyber-attack group SideWinder, which has been targeting Pakistani targets since 2012.

38min ago   State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage    #alienvault #威胁情报 State-sponsored cyber-espionage groups around the world are using the ongoing Russia-Ukraine war as a bait for their attacks, according to research by Check Point Research and Kaspersky Technologies.

17hour ago   Revive: from spyware to android banking trojan    #alienvault #威胁情报 A new Android banking trojan, dubbed Revive, has been discovered in the wild and it is able to steal login credentials from customers of a top-tier Spanish bank through phishing campaigns.

17hour ago   YTStealer Malware: “YouTube Cookies!”    #alienvault #威胁情报 In 2006, the term “data is the new oil” was coined. Ever since then, the value of data has just increased. We live in a world where many corporations collect data on users in an attempt to monetize it. This is not just limited to legitimate corporations; the same occurs on the Dark Web. With data, s

17hour ago   Ransomware: MedusaLocker    #alienvault #威胁情报 The MedusaLocker ransomware is a type of ransomware that encrypts data and demands a ransom to unlock the files, but only if the victim pays a specific Bitcoin wallet address.

dby 18:14   ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks    #alienvault #威胁情报 A report from Black Lotus Labs on a sophisticated remote access trojan campaign targeting small office/home office routers in North American and European networks from 2020-20. the first of its kind.

dby 17:53   GlowSand    #alienvault #威胁情报 A look at some of the key technology and services used to protect the enterprise from cyber-attacks in Ukraine and other countries in Eastern Europe.

dby 17:38   Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs    #alienvault #威胁情报 Researchers recently discovered of a new version of the AstraLocker ransomware (AstraLocker 2.0) that was being distributed directly from Microsoft Office files used as bait in phishing attacks. Analysts suggest that the threat actor responsible for this campaign likely obtained the underlying code

dby 16:39   Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem    #alienvault #威胁情报 Bumblebee, a recently developed malware loader, has quickly become a key component in a wide range of cyber-crime attacks and appears to have replaced a number of older loaders, which suggests that it is the work of established actors and that the transition to Bumblebee was pre-planned.

dby 16:20   Raccoon Stealer v2 - Part 1: The return of the dead    #alienvault #威胁情报 Raccoon Stealer was one of the most prolific information stealers in 2021, but was shut down by cybercriminal actors following a Russian special operation in Ukraine in March 2022, according to researchers.

dby 16:00   New Info-stealer Disguised as Crack Being Distributed    #alienvault #威胁情报 Researchers found various malware types that are being distributed by disguising themselves as software cracks and installers. CryptBot, RedLine, and Vidar are major example cases. Recently, a single malware type of RedLine has disappeared (it is still being distributed as a dropper type) and a new

dby 15:43   Attacks on industrial control systems using ShadowPad    #alienvault #威胁情报 In mid-October 2021 researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan. Infected machines included engineering computers in building automation systems that are part of the infrastructure of a telecommunications company.

dby 15:23   Evilnum APT returns with updated TTPs and New Targets    #alienvault #威胁情报 Researchers identified several instances of their low-volume targeted attack campaigns launched against the UK and Europe. In earlier campaigns observed in 2021, the main distribution vector used by this threat group was Windows Shortcut files (LNK) sent inside malicious archive files (ZIP) as email

2022-06-28 18:10   Lazarus Mobile Malware    #alienvault #威胁情报 North Korean malware targeting Android phones

2022-06-28 15:01   Babar APT    #alienvault #威胁情报