Verticals Targeted: Cryptocurrency, Social Media, Communications
Regions Targeted: Russia, United Kingdom, Germany, Netherlands, Brazil
Related Families: Dwphon, MobOk
Recent Posts
Triada Android Trojan
May 2, 2025 2:12:14 PM / by The Hivemind posted in Threat Bulletin, Android, Trojan, Evolving Threat, Triada
ResolverRAT Targets Healthcare Sector
Apr 28, 2025 1:19:17 PM / by The Hivemind posted in Threat Bulletin, Healthcare, RAT, Emerging Threat, ResolverRAT
Verticals Targeted: Healthcare, Pharmaceutical
Regions Targeted: Language based targeting of Czech, Hindi, Indonesian, Italian, Portuguese, Turkish
Related Families: Rhadamanthys, Lumma
Executive Summary
ResolverRAT is a sophisticated remote access trojan (RAT) targeting healthcare and pharmaceutical sectors globally. Deployed via localized phishing campaigns, this previously undocumented malware employs advanced in-memory execution and evasion techniques to steal sensitive data.
Mustang Panda Emerges With New TTPs
Apr 25, 2025 1:46:23 PM / by The Hivemind posted in Threat Bulletin, China, TTPs, Mustang Panda, ToneShell, StarProxy
Verticals Targeted: Government, Military, NGOs
Regions Targeted: Myanmar, East Asia, Europe
Executive Summary
Mustang Panda has enhanced its arsenal with updated ToneShell backdoor variants and a new lateral movement tool, StarProxy, targeting organizations in Myanmar and other regions. These tools employ advanced evasion techniques, including FakeTLS protocols and DLL sideloading, to facilitate espionage.
Cozy Bear Uses GRAPELOADER in Recent Phishing Campaign
Apr 21, 2025 2:15:53 PM / by The Hivemind posted in Russia, Threat Bulletin, Cozy Bear, GRAPELOADER
Verticals Targeted: Government, Diplomatic Entities
Regions Targeted: Europe, Middle East
Related Families: WINELOADER, ROOTSAW
Executive Summary
A sophisticated phishing campaign by Cozy Bear, a Russia-linked threat actor, was recently observed targeting European diplomatic entities with GRAPELOADER and WINELOADER malware.
BPFDoor Campaign Targets Asia and Middle East
Apr 18, 2025 1:50:39 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Backdoor, Red Menshen, BPFDoor
Verticals Targeted: Telecommunications, Financial, Retail
Regions Targeted: South Korea, Hong Kong, Myanmar, Malaysia, Egypt
Related Families: Symbiote
Executive Summary
A newly discovered BPFDoor controller enhances the backdoor’s stealth, targeting Linux and Solaris systems in Asia and the Middle East. Attributed to Red Menshen, this state-sponsored threat compromises critical sectors with advanced evasion techniques.
GIFTEDCROOK Stealer Targets Ukraine
Apr 14, 2025 2:00:22 PM / by The Hivemind posted in Ukraine, Threat Bulletin, Espionage, Stealer, Infostealer, GiftedCrook
Verticals Targeted: Military, Law Enforcement, Government
Regions Targeted: Ukraine
Executive Summary
The Computer Emergency Response Team of Ukraine (CERT-UA) has identified a new phishing campaign by UAC-0226, deploying the GIFTEDCROOK stealer through malicious Excel files to compromise Ukrainian institutions. This operation targets sensitive data from military, law enforcement, and local government entities, leveraging socially engineered lures for execution.
CoffeeLoader
Apr 11, 2025 2:29:33 PM / by The Hivemind posted in Threat Bulletin, Loader, Emerging Threat, CoffeeLoader
Related Families: SmokeLoader, Rhadamanthys
Crocodilus Android Banking Trojan
Apr 7, 2025 1:41:20 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banking Trojan, Emerging Threat, Crocodilus
Verticals Targeted: Financial