Related Families: RansomHub
Verticals Targeted: Healthcare, Government, Critical Infrastructure
RansomHub Affiliate Uses Custom Betruger Backdoor
Mar 28, 2025 1:37:43 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Backdoor, TTPs, Betruger
StilachiRAT
Mar 24, 2025 11:54:35 AM / by The Hivemind posted in Threat Bulletin, Backdoor, Cryptocurrency, RAT, Emerging Threat, StilachiRAT
Executive Summary
StilachiRAT is a newly discovered remote access trojan (RAT) that employs advanced evasion techniques to conduct system reconnaissance, steal credentials, and target cryptocurrency wallets.
HZ Rat MacOS Variant
Sep 13, 2024 2:19:08 PM / by The Hivemind posted in Threat Bulletin, Backdoor, RAT, MacOS, HZ Rat
Executive Summary
A MacOS variant of HZ Rat was recently discovered targeting messaging apps in China. HZ Rat is a basic backdoor, and shell commands received from the C2 provide additional functionality.
Voldemort
Sep 9, 2024 12:52:20 PM / by The Hivemind posted in Threat Bulletin, Espionage, Backdoor, Voldemort
Verticals Targeted: Insurance, Aerospace, Transportation, Education, Finance, Technology, Healthcare, Automotive, Hospitality, Energy, Government, Media, Manufacturing, Telecommunications
Executive Summary
An espionage campaign delivering the Voldemort backdoor was recently observed targeting over 70 organizations. The campaign uses a novel attack chain to deliver the malware, leveraging Google Sheets for command and control (C2).
BitSloth
Aug 9, 2024 2:44:04 PM / by The Hivemind posted in Threat Bulletin, Windows, Backdoor, BITS, BitSloth
Verticals Targeted: Government
Executive Summary
BitSloth is a recently discovered Windows backdoor that uses a built-in feature called Background Intelligent Transfer Service (BITS) for C2.
BadSpace Backdoor
Jun 25, 2024 1:23:38 PM / by The Hivemind posted in Threat Bulletin, Backdoor, BadSpace, WarmCookie, SocGholish
Executive Summary
BadSpace, also known as WarmCookie, is a novel backdoor delivered via a multistage attack leveraging infected websites.
BloodAlchemy Targeted Government Entities in Asia
Jun 3, 2024 1:36:40 PM / by The Hivemind posted in Threat Bulletin, Government, China, Backdoor, Deed RAT, Asia, APAC, ShadowPad, BloodAlchemy
Related Families: ShadowPad, Deed RAT
Verticals Targeted: Government
Ebury Compromised 400K Linux Servers
May 20, 2024 2:59:44 PM / by The Hivemind posted in Threat Bulletin, Stealer, Linux, Backdoor, Cryptocurrency, Ebury, HelimodSteal, HelimodProxy, HelimodRedirect
Related Families: HelimodSteal, HelimodProxy, HelimodRedirect