BadSpace Backdoor
Jun 25, 2024 1:23:38 PM / by The Hivemind posted in Threat Bulletin, Backdoor, BadSpace, WarmCookie, SocGholish
BloodAlchemy Targeted Government Entities in Asia
Jun 3, 2024 1:36:40 PM / by The Hivemind posted in Threat Bulletin, Government, China, Backdoor, Deed RAT, Asia, APAC, ShadowPad, BloodAlchemy
Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government
Ebury Compromised 400K Linux Servers
May 20, 2024 2:59:44 PM / by The Hivemind posted in Threat Bulletin, Stealer, Linux, Backdoor, Cryptocurrency, Ebury, HelimodSteal, HelimodProxy, HelimodRedirect
Related Families: HelimodSteal, HelimodProxy, HelimodRedirect
Executive Summary
A longstanding botnet campaign is known to deliver Ebury, an OpenSSH backdoor and credential stealer.
Evasive Panda's Nightdoor Backdoor
Mar 22, 2024 2:57:50 PM / by The Hivemind posted in Threat Bulletin, China, Backdoor, Evasive Panda, Nightdoor, MgBot
Related Families: MgBot
Executive Summary
Evasive Panda was recently observed targeting Tibetans using a combination of strategic web compromise and supply chain attacks to deliver Nightdoor.
KrustyLoader Backdoor
Mar 11, 2024 3:09:11 PM / by The Hivemind posted in Threat Bulletin, Windows, Linux, Backdoor, KrustyLoader, Avanti, UNC5221
Verticals Targeted: Government, Defense, Finance, Technology, Telecommunications, Aerospace, Pharmaceuticals
Executive Summary
Multiple industry sources recently reported on KrustyLoader, a Rust-based backdoor with both Windows and Linux variants.
RustDoor MacOS Backdoor
Feb 26, 2024 11:51:18 AM / by The Hivemind posted in Threat Bulletin, Ransomware, ALPHV, Backdoor, MacOS, Mac, Apple, RustDoor, GateDoor
Related Families: GateDoor
Verticals Targeted: Cryptocurrency
Executive Summary
RustDoor is a new MacOS backdoor written in Rust. RustDoor was observed targeting companies in the cryptocurrency sector.
PurpleFox Botnet Targeting Entities in Ukraine
Feb 16, 2024 11:44:26 AM / by The Hivemind posted in Ukraine, Threat Bulletin, Backdoor, Trojan, Botnet, rootkit, Exploit Kit, PurpleFox
Executive Summary
ColdRiver Using Spica Backdoor
Feb 2, 2024 1:06:16 PM / by The Hivemind posted in Russia, Threat Bulletin, Backdoor, Spica, ColdRiver