Akira: Undetectable Stealer Unleashed
Blog Introduction A new Stealer named Akira has been put up for sale on Telegram. It has the following features: Password grabber Cookies grabber Bookmarks grabber Crypto wallets and 2fa extensions dump (Grabs 💸 Zcash, 🚀 Armory, 📀 Bytecoin, 💵 Jaxx, 💎 Exodus desktop/extension, 📉 Ethereum, 🔨 Electrum, 🕹 AtomicWallet, 💹 Guarda, ⚡️ Coinbase, 🦊 […]
TA558 APT Group Uses Malicious Microsoft Compiled HTML Help Files
Blog Who is TA558? TA558, a financially-motivated cybercrime group, has been targeting the hospitality, travel, and related industries located in Latin America, North America, and Western Europe since 2018. The group sends malicious emails in Portuguese, Spanish, and sometimes English, using lures related to reservations and business themes such as hotel bookings. The emails may […]
Phishing Attack Targeting Turkish Companies
Blog Phishing mail targeting Turkish companies has been detected. Mail attachment contains an RFQ file. Normally, a request for quotation (RFQ) is a company’s document to request pricing and packaging information from a potential supplier. This RFQ-looking file is actually a RAR file. It contains a malicious EXE file that is simply a Keylogger and […]
What is “Cyber Threat”?
Blog The “cyber threat” refers to actions that are deemed malicious and are carried out deliberately or inadvertently by; hackers, criminals, business rivals, spies, dissatisfied workers, organized crime groups, and hactivist societies, in order to obtain unauthorized access, interrupt infrastructure, intercept classified data, and/or share data with third parties. Phishing, 0-day attacks, APT (Advanced Persistent […]
Who is DarkSide Ransomware Group?
Blog Who is DarkSide Ransomware Group? FBI claims attack on the Colonial Pipeline has been attributed to DarkSide Ransomware, a kind of new ransomware family that emerged on the crimeware market at the beginning of November 2020. DarkSide is a Ransomware-as-a-Service with the stated goal of targeting ‘large corporations.’ They are primarily focused on recruiting […]
REvil Ransomware Malware Analysis
Blog 1. Overall Summary The REvil (also known as Sodinokibi) is a Ransomware-as-a-Service (RaaS). The first attack of REvil in the middle of April 2019, got huge attention from the Cyber Security world due to sharing many similarities with GandCrab Ransomware and the distribution techniques of ransomware they are using such as exploit kits, scan […]
PetitPotam (MS-EFSRPC) Exploit – CVE2021-36942
Blog PetitPotam (MS-EFSRPC) Exploit – Summary PetitPotam Exploit needs Active Directory Certificate Services, specifically the default settings behind the Web Enrollment service because of this Vulnerability. Adversaries can achieve full Domain Admin (DC) takeover of a target Active Directory by using PetitPotam, which takes attention among Ransomware Gangs, they are able to use this Vulnerability […]
FluBot Android Malware Technical Analysis
Blog The FluBot it’s an Android malware that targets Android devices and spreads to victims via phishing SMS messages that contain a malicious link to download the FluBot app. Victims click on this link and then download a file with an.apk extension. Right after the installation process is completed, the FluBot malware communicates with the […]
The Dark Face of the Web: Dark Web&Deep Web
Blog Web is the common name of the “World Wide Web“, which is a subset of the internet that consists of pages that can be accessed via any web browser. There are those who think the internet is just search engines, but the internet is a huge world. The internet world is divided into three. […]
What is BOTNET?
Blog Cyber attackers establish a network by infecting computers with malware. This remotely controlled malware is called a “bot“. The network of these bots is called a “botnet“. These computers are also called zombies. Sometimes cyber attackers set up a large botnet to make it easier and more organized for attacks to be carried out. […]