RAT Trojan – Page 2 – WindowsTechs.com

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Posted on August 10, 2022 by Pierre Delcher, Giampaolo Dedola

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies. Continue reading VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges→

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Posted on August 10, 2022 by Pierre Delcher, Giampaolo Dedola

A new secret stash for “fileless” malware

Posted on May 4, 2022 by Denis Legezo

We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden from plain sight in the file system. Continue reading A new secret stash for “fileless” malware→

APT trends report Q1 2022

Posted on April 27, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022. Continue reading APT trends report Q1 2022→

MysterySnail attacks with Windows zero-day

Posted on October 12, 2021 by Boris Larin, Costin Raiu

We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail. Continue reading MysterySnail attacks with Windows zero-day→

SAS 2021: Operation Software Concepts

Posted on October 12, 2021 by Securelist

Experts from NTT Security (Japan) will cover a new APT named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting government and defense sector. Continue reading SAS 2021: Operation Software Concepts→

Ferocious Kitten: 6 years of covert surveillance in Iran

Posted on June 16, 2021 by GReAT

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings. Continue reading Ferocious Kitten: 6 years of covert surveillance in Iran→

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign

Posted on March 30, 2021 by Suguru Ishimaru

A41APT is a long-running campaign with activities detected from March 2019 to the end of December 2020. Most of the discovered malware families are fileless malware and they have not been seen before. Continue reading APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign→

Ghimob: a Tétrade threat actor moves to infect mobile devices

Posted on November 9, 2020 by GReAT LatAm

Guildma’s new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies. Continue reading Ghimob: a Tétrade threat actor moves to infect mobile devices→

Attacks on industrial enterprises using RMS and TeamViewer: new data

Posted on November 5, 2020 by Kaspersky Lab ICS CERT

In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. Continue reading Attacks on industrial enterprises using RMS and TeamViewer: new data→