Verticals Targeted: Financial
Crocodilus Android Banking Trojan
Apr 7, 2025 1:41:20 PM / by The Hivemind posted in Threat Bulletin, Android, Mobile, Banking Trojan, Emerging Threat, Crocodilus
Primitive Bear Using LNK Files to Deploy Remcos Backdoor Against Ukrainian Targets
Apr 4, 2025 2:48:44 PM / by The Hivemind posted in Ukraine, Russia, Threat Bulletin, Primitive Bear, LNK, Gamaredon, Remcos
Related Families: Remcos
Executive Summary
Primitive Bear has been observed targeting Ukrainian users with malicious LNK files since at least November 2024. This operation employs a PowerShell downloader and DLL side-loading techniques to deliver the Remcos RAT, exploiting war-related themed lures to deceive victims.
VanHelsing Ransomware
Mar 31, 2025 2:19:18 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Emerging Threat, VanHelsing
Executive Summary
VanHelsing is an emerging ransomware threat. VanHelsing targets an expansive array of platforms, including Windows, Linux, BSD, ARM, and ESXi systems, positioning it as a versatile threat across diverse IT environments.
RansomHub Affiliate Uses Custom Betruger Backdoor
Mar 28, 2025 1:37:43 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Backdoor, TTPs, Betruger
Related Families: RansomHub
Verticals Targeted: Healthcare, Government, Critical Infrastructure
StilachiRAT
Mar 24, 2025 11:54:35 AM / by The Hivemind posted in Threat Bulletin, Backdoor, Cryptocurrency, RAT, Emerging Threat, StilachiRAT
Executive Summary
StilachiRAT is a newly discovered remote access trojan (RAT) that employs advanced evasion techniques to conduct system reconnaissance, steal credentials, and target cryptocurrency wallets.
Ricochet Chollima Using KoSpy Android Spyware
Mar 17, 2025 1:34:36 PM / by The Hivemind posted in Threat Bulletin, Espionage, North Korea, Android, Spyware, Ricochet Chollima, KoSpy, APT37
Executive Summary
KoSpy is a sophisticated Android spyware linked to North Korean threat actor Ricochet Chollima. It has been targeting Korean and English-speaking users since March 2022.
Sidewinder Using New Tools to Target Maritime and Nuclear Sectors
Mar 14, 2025 3:14:11 PM / by The Hivemind posted in Threat Bulletin, Sidewinder, TTPs, Nuclear, Evolving Threat, Maritime
Verticals Targeted: Maritime, Nuclear
Executive Summary
SideWinder, an APT group thought to be of Indian nexus, was recently observed using new TTPs and expanding their targeting to include entities in the maritime and nuclear energy sectors.
Lotus Panda Uses Sagerunex to Target Multiple Verticals
Mar 10, 2025 2:08:01 PM / by The Hivemind posted in Threat Bulletin, Espionage, China, Lotus Panda, Lotus Blossom, Sagerunex
Verticals Targeted: Government, Telecommunications, Media, Manufacturing