Related Families: BlackByte
Executive Summary
BlackByte NT
May 30, 2023 2:25:39 PM / by The Hivemind posted in BlackByte, Ransomware, BlackByte NT
Geacon - Cobalt Strike for MacOS
May 26, 2023 2:57:15 PM / by The Hivemind posted in Cobalt Strike, MacOS, Pentesting, Geacon
Related Families: Cobalt Strike
RedStinger Targets Critical Infrastructure
May 22, 2023 3:49:00 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Government, Critical Infrastructure, Transportation, Bad Magic
Related Families: DboxShell, PowerMagic
Verticals Targeted: Defense, Critical Infrastructure, Transportation
Executive Summary
RedStinger, a relatively unknown threat actor group, targeted multiple entities in Ukraine, including those in the defense, transportation, and critical infrastructure verticals.
Winnti Subgroup Earth Longzhi Uses New TTPs
May 19, 2023 2:28:29 PM / by The Hivemind posted in Threat Bulletin, China, Winnti, TTPs, Stack Rumbling, Earth Longzhi
Related Families: Croxloader, SPHijacker, Behinder
Verticals Targeted: Government, Healthcare, Technology, Manufacturing
Reaper Uses New TTPs to Drop RokRAT
May 15, 2023 2:27:27 PM / by The Hivemind posted in Threat Bulletin, RokRAT, Reaper, Ricochet Chollima, LNK
Related Families: CloudMensis, RambleOn
Executive Summary
Reaper was recently observed using new TTPs to drop RokRAT. The infection chain leveraged LNK files delivered via the energy sector and politic
BlueNoroff's RustBucket MacOS Malware
May 12, 2023 3:48:04 PM / by The Hivemind posted in Threat Bulletin, Lazarus, North Korea, Financial, MacOS, Mac, RustBucket, BlueNoroff
Verticals Targeted: Financial
Executive Summary
PingPull Linux Variant
May 8, 2023 3:05:38 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, PingPull, Gallium, RAT, Sword2033
Related Families: Sword2033
Executive Summary
China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.
Tomiris Targets Central Asia in Espionage Campaign
May 5, 2023 2:00:47 PM / by The Hivemind posted in Russia, Threat Bulletin, Kopiluwak, TunnusSched, Roopy, Tomiris, Central Asia, Telemiris, JLORAT
Related Families: Telemiris, TunnusSched, Roopy, JLORAT, KopiLuwak
Verticals Targeted: Government, Diplomatic Entities
Executive Summary
A Russian-speaking threat actor group dubbed Tomiris was recently observed conducting an espionage campaign targeting countries in Central Asia. The group uses a variety of tools, some of which overlap with the Russian threat actor group Venomous Bear.
Key Takeaways