Qakbot Threat Actors Distributing Ransom Knight And Remcos
Oct 20, 2023 4:30:11 PM / by PolySwarm Tech Team posted in Threat Bulletin, Qbot, RAT, Remcos RAT, Ransom Knight, Qakbot
Executive Summary
Threat actors affiliated with Qakbot were observed distributing Ransom Knight ransomware and Remcos RAT.
DcRAT Distributed Via Adult Content Themed Lures
Jun 26, 2023 1:57:42 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Infostealer, RAT, DcRAT, AsyncRAT
Related Families: AsyncRAT
Verticals Targeted: Consumer Services
Executive Summary
DcRAT is a clone of AsyncRAT and is used for remote access and stealing information. It also has ransomware capabilities. DcRAT has distributed via adult content-themed lures, including lures for OnlyFans pages.
Related Families: AhMyth
Executive Summary
AhRAT, an Android RAT, was disguised as the iRecorder app. This malicious version of the iRecorder app is capable of recording audio and exfiltrating files from a victim’s device.
PingPull Linux Variant
May 8, 2023 3:05:38 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, PingPull, Gallium, RAT, Sword2033
Related Families: Sword2033
Executive Summary
China nexus threat actor group Gallium was recently observed using a new Linux variant of PingPull in an espionage campaign.
SysUpdate Linux Variant
Mar 14, 2023 3:30:50 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, RAT, Trojan, SysUpdate, Iron Tiger, Emissary Panda, APT27
Verticals Targeted: Gambling
Executive Summary
Trend Micro recently reported on a new Linux variant of Emissary Panda’s SysUpdate. SysUpdate is one of Emissary Panda’s custom tools.
Parallax RAT Targeting Crypto
Mar 7, 2023 11:36:09 AM / by The Hivemind posted in Threat Bulletin, Cryptocurrency, RAT, Parallax, ParallaxRat
Verticals Targeted: Cryptocurrency, DeFi, Finance
Executive Summary
Uptycs recently reported on activity in which threat actors used Parallax RAT to target entities in the cryptocurrency sector.
Hook Android Banking Trojan
Jan 31, 2023 12:25:40 PM / by The Hivemind posted in Threat Bulletin, Banking, Android, RAT, Trojan, Hook, Ermac, DukeEugene
Related Families: Ermac
Verticals Targeted: Financial
Executive Summary
Threat Fabric recently reported on Hook, an Android banking trojan that is a fork of Ermac.