Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.
Mar 24, 2023 2:58:36 PM / by The Hivemind posted in Threat Bulletin, Government, Healthcare, YoroTrooper, CIS, Energy
Related Families: Custom Python tools, AveMaria, Warzone RAT, LodaRAT, Stink
Verticals Targeted: Energy, Government, Healthcare
Executive Summary
YoroTrooper is a threat actor group observed targeting energy and government entities and an EU healthcare organization. Although YoroTrooper uses commodity and open-source tools, most of their final payloads are custom developed.
Mar 21, 2023 2:09:02 PM / by The Hivemind posted in Threat Bulletin, LockBit, Lockbit 3.0, Exfiltrator-22, EX-22, framework
Related Families: LockBit, LockBit 3.0
Verticals Targeted: Multiple
CYFIRMA recently reported on Exfiltrator-22, also known as EX-22, a new post-exploitation framework capable of spreading ransomware while evading detection.
Key Takeaways
Mar 17, 2023 2:56:51 PM / by The Hivemind posted in Threat Bulletin, Ransomware, IceFire, CVE-2022-47986
Verticals Targeted: media, entertainment
Executive Summary
Sentinel Labs recently reported on a new Linux variant of IceFire ransomware. The threat actors responsible for IceFire exploit CVE-2022-47986 to deploy the ransomware.
Mar 14, 2023 3:30:50 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, RAT, Trojan, SysUpdate, Iron Tiger, Emissary Panda, APT27
Verticals Targeted: Gambling
Trend Micro recently reported on a new Linux variant of Emissary Panda’s SysUpdate. SysUpdate is one of Emissary Panda’s custom tools.
Mar 10, 2023 12:13:45 PM / by The Hivemind posted in Threat Bulletin, Windows, UEFI, CVE-2022-21894, BlackLotus, Bootkit, Windows 11, Baton Drop
BlackLotus is the first known bootkit to bypass UEFI Secure Boot on fully updated Windows 11 systems. It leverages CVE-2022-21894 to bypass UEFI Secure Boot.
Mar 7, 2023 11:36:09 AM / by The Hivemind posted in Threat Bulletin, Cryptocurrency, RAT, Parallax, ParallaxRat
Verticals Targeted: Cryptocurrency, DeFi, Finance
Uptycs recently reported on activity in which threat actors used Parallax RAT to target entities in the cryptocurrency sector.
Mar 3, 2023 1:25:10 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Royal
Verticals Targeted: IT, Financial, Materials, Healthcare, Food Production
Trend Micro recently reported on a new Linux variant of Royal ransomware that targets Linux systems and ESXi servers. Royal ransomware is yet another contender among the many ransomware families now targeting Linux systems.
Feb 28, 2023 12:53:32 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Cl0p
Verticals Targeted: Education, Various
Executive Summary
SentinelLabs recently reported on a newly discovered Linux variant of Cl0p ransomware. The Linux variant is similar to the Windows variant but uses a flawed encryption logic.