Evasive Panda Uses SSH Backdoor to Target Network Devices
Feb 10, 2025 1:56:30 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Evasive Panda, Daggerfly, ELF/Sshdinjector.A!tr
Coyote Banking Trojan
Feb 7, 2025 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Windows, Banker, Banking Trojan, Evolving Threat, Coyote
Verticals Targeted: Financial
Executive Summary
Coyote, which was first observed in early 2024, is a banking trojan that has targeted over 1030 sites and 73 financial institutions.
Lynx Ransomware
Feb 3, 2025 1:43:43 PM / by The Hivemind posted in Threat Bulletin, Ransomware, INC, Emerging Threat, Lynx
Related Families: INC
Verticals Targeted: Legal Services, Retail, Finance, Telecommunications, Agriculture, Manufacturing, Construction, Transportation, Healthcare, Energy
Executive Summary
Lynx ransomware is a ransomware-as-a-service (RaaS) that was first observed in July 2024. Since its debut, the ransomware has gained momentum and has continued its activity into early 2025.
MintsLoader Delivering StealC and BOINC
Jan 31, 2025 12:35:53 PM / by The Hivemind posted in Threat Bulletin, Loader, MintsLoader, BOINC, StealC
Verticals Targeted: Oil & Gas, Energy, Legal Services
Executive Summary
MintsLoader, a PowerShell-based loader, was recently observed delivering StealC and BOINC.
AIRASHI Botnet
Jan 27, 2025 11:08:56 AM / by The Hivemind posted in Threat Bulletin, DDoS, Botnet, Emerging Threat, Evolving Threat, AIRASHI
Related Families: AISURU
Executive Summary
AIRASHI is a variant of the AISURU botnet that has been active since at least late 2024. It is in active development and has the capability to conduct large-scale DDoS attacks.
Medusa Ransomware
Jan 24, 2025 2:18:04 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Medusa
Verticals Targeted: Government, Insurance, Real Estate, Healthcare, Manufacturing, Legal Services, Construction, Retail, Business Services, Energy, Education, Telecommunications, Software, Hospitality, Transportation, Financial
Executive Summary
Medusa ransomware is a RaaS that has been active since at least 2023. Medusa has claimed several victims so far in 2025, including UK’s Gateshead Council.
FunkSec Ransomware
Jan 21, 2025 2:22:27 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Emerging Threat, FunkSec
Verticals Targeted: Government, Business Services, Education, Insurance, Software, Media, Finance, Agriculture, Manufacturing, Construction, Healthcare, Retail
Banshee MacOS Stealer
Jan 17, 2025 2:31:03 PM / by The Hivemind posted in Threat Bulletin, Infostealer, MacOS, Banshee