Threat Intelligence

The many tentacles of Magecart Group 8

September 13, 2021 - In this blog we follow different leads to unravel sprawling infrastructure used by Magecart Group 8.

Read more

New variant of Konni malware used in campaign targetting Russia

August 20, 2021 - A North Korean APT is targeting Russian interests with new version of Konni RAT.

Read more

Crimea “manifesto” deploys VBA Rat using double attack vectors

July 29, 2021 - A Crimean "manifesto" hides an attack that infects victims with a VBA Rat, which we also found being deployed through a separate exploit.

Read more

AvosLocker enters the ransomware scene, asks for partners

July 23, 2021 - We examine AvosLocker, a new ransomware aiming to grow into the coveted big game hunting space.

Read more

Remcos RAT delivered via Visual Basic

July 19, 2021 - We review a malware distribution campaign via malspam involving the Remcos remote access Trojan.

Read more

Lil’ skimmer, the Magecart impersonator

June 28, 2021 - We review Lil' Skim, a simple yet busy Magecart skimmer found via a number of lookalike domains.

Read more

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

June 1, 2021 - Kimsuky, the North Korean threat actor active since 2012, is still targeting the South Korean government. We take a look at the phishing infrastructure and command and control mechanisms of this APT.

Read more

Revisiting the NSIS-based crypter

May 31, 2021 - In this blog we look at the constantly evolving NSIS crypter which malware authors have been leveraging as a flexible tool to pack and encrypt their samples.

Read more

Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity

May 13, 2021 - This skimmer is using a hybrid approach to bypass detection and target vulnerable e-commerce websites.

Read more