Verticals Targeted: Financial
Brokewell Android Banking Trojan
May 6, 2024 2:48:46 PM / by The Hivemind posted in Threat Bulletin, Financial, Android, Trojan, Banker, Banking Trojan, Baron Samedit, Brokewell
MOIS Affiliated Threat Actor Using Liontail Framework
Nov 6, 2023 12:58:47 PM / by The Hivemind posted in Threat Bulletin, APT, Financial, Government, Iran, Telecommunications, framework, Military, MOIS, Liontail, OilRig, Scarred Manticore, IT, NGOs
Verticals Targeted: Government, Defense, Telecommunications, Finance, NGO, IT services
Executive Summary
Scarred Manticore, a threat actor group associated with Iran’s MOIS, was observed using Liontail framework in an espionage campaign.
New BBTok Variant
Oct 2, 2023 2:44:45 PM / by The Hivemind posted in Threat Bulletin, Financial, Banker, Banking Trojan, BBTok, Latin America
Verticals Targeted: Financial
Executive Summary
BBTok, written in Delphi, is a banking trojan that has been active since at least 2020. A new variant was recently observed targeting financial entities in Latin America.
Vixen Panda's Graphican Backdoor
Jul 17, 2023 2:08:32 PM / by The Hivemind posted in Threat Bulletin, Financial, Government, China, Backdoor, Vixen Panda, Graphican
Related Families: Ketrican, BS2005
Verticals Targeted: Government, Financial
Executive Summary
Vixen Panda was recently observed using the Graphican backdoor to target government, financial, and other entities in the Americas and Europe. It is based on Ketrican and is one of many tools in Vixen Panda’s arsenal.
Anatsa Android Banking Trojan
Jul 3, 2023 12:37:11 PM / by The Hivemind posted in Threat Bulletin, Banking, Financial, Android, Trojan, Banking Trojan, Anatsa
Verticals Targeted: Financial
Executive Summary
Anatsa is a banking trojan targeting Android devices that is distributed through the Google Play store, disguised as a seemingly innocuous app.
Asylum Ambuscade
Jun 20, 2023 1:49:52 PM / by The Hivemind posted in Financial, Government, Cryptocurrency, Asylum Ambuscade, SMB, SunSeed, AHKBOT, NODEBOT
Related Families: SunSeed, AHKBOT, NODEBOT
Verticals Targeted: Government, Cryptocurrency, Financial
Executive Summary
Asylum Ambuscade is a threat actor group known to engage in both cybercrime and espionage activity. Their targets include government, financial, and SMB entities, primarily in Europe and North America.
BlueNoroff's RustBucket MacOS Malware
May 12, 2023 3:48:04 PM / by The Hivemind posted in Threat Bulletin, Lazarus, North Korea, Financial, MacOS, Mac, RustBucket, BlueNoroff
Verticals Targeted: Financial
Executive Summary
North Korea nexus threat actor group BlueNoroff was recently observed using malware to target MacOS systems. Dubbed RustBucket, the malware can be used to communicate with the C2 to download and execute additional payloads.
Phishing and Android Malware Campaign Targets Indian Banks
Nov 21, 2022 1:12:25 PM / by PolySwarm Tech Team posted in Threat Bulletin, Financial, India, Android, Phishing, Elibomi, FakeReward, AxBanker, IcRA, IcSpy
Related Families: Elibomi, FakeReward, AxBanker, IcRAT, IcSpy
Verticals Targeted: Financial
Executive Summary
Trend Micro recently reported on a phishing and Android malware campaign targeting clients of multiple banks in India. The campaign leverages multiple malware families, including Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy.