Top 10 last week's threats by uploads 🌐
⬇️ #Lumma 592 (644)
⬇️ #Snake 306 (513)
⬇️ #Xworm 281 (341)
⬇️ #Asyncrat 277 (303)
⬆️ #Tofsee 264 (194)
⬆️ #Remcos 240 (203)
⬇️ #Agenttesla 195 (326)
⬆️ #Neconyd 169 (154)
⬆️ #Amadey 108 (95)
⬆️ #Quasar 91 (82)
Track them all: https://any.run/malware-trends/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=210425
Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis
A multi-layered attack chain was uncovered in December 2024, employing distinct stages to deliver malware like Agent Tesla variants, Remcos RAT, or XLoader. The campaign uses phishing emails posing as order release requests with malicious attachments. The attack chain leverages multiple execution paths, including .NET and AutoIt compiled executables, to evade detection and complicate analysis. The final payload is typically an Agent Tesla variant, a well-known infostealer. This approach demonstrates how attackers are increasingly relying on complex delivery mechanisms to bypass traditional sandboxes and ensure successful payload execution. Despite the multi-layered approach, Advanced WildFire effectively detects each stage, providing better protection for customers.
Pulse ID: 680034fcd109b8fdaf831f36
Pulse Link: https://otx.alienvault.com/pulse/680034fcd109b8fdaf831f36
Pulse Author: AlienVault
Created: 2025-04-16 22:53:48
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AgentTesla #Autoit #CyberSecurity #Email #InfoSec #InfoStealer #Malware #NET #OTX #OpenThreatExchange #Phishing #RAT #Remcos #RemcosRAT #SMS #Tesla #XLoader #bot #AlienVault
Top 10 last week's threats by uploads 🌐
⬇️ #Lumma 630 (647)
⬆️ #Tofsee 529 (524)
⬇️ #Xworm 305 (789)
⬇️ #Snake 251 (376)
⬆️ #Neconyd 218 (36)
⬇️ #Asyncrat 165 (377)
⬇️ #Amadey 146 (962)
⬇️ #Remcos 127 (876)
⬇️ #Agenttesla 116 (145)
⬆️ #Quasar 111 (107)
🛡️ Track them all: https://any.run/malware-trends/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=140425
Top 10 last week's threats by uploads 🌐
⬇️ #Lumma 630 (647)
⬆️ #Tofsee 529 (524)
⬇️ #Xworm 305 (789)
⬇️ #Snake 251 (376)
⬆️ #Neconyd 218 (36)
⬇️ #Asyncrat 165 (377)
⬇️ #Amadey 146 (962)
⬇️ #Remcos 127 (876)
⬇️ #Agenttesla 116 (145)
⬆️ #Quasar 111 (107)
🛡️ Track them all: https://any.run/malware-trends/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=070425
Top 10 last week's threats by uploads 🌐
⬆️ #Amadey 963 (156)
⬇️ #Remcos 880 (923)
⬇️ #Xworm 792 (967)
⬆️ #Lumma 673 (659)
⬆️ #Tofsee 535 (144)
⬆️ #Snake 403 (326)
⬇️ #Asyncrat 380 (433)
⬇️ #Stealc 157 (171)
⬇️ #Agenttesla 153 (245)
⬇️ #Vidar 151 (178)
🛡️ Track them all: https://any.run/malware-trends/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=310325
Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 983 (391)
⬆️ #Remcos 936 (172)
⬆️ #Lumma 686 (531)
⬆️ #Asyncrat 436 (279)
⬆️ #Snake 346 (315)
⬆️ #Agenttesla 251 (161)
⬇️ #Dcrat 189 (192)
⬆️ #Vidar 184 (59)
⬆️ #Stealc 176 (49)
⬆️ #Amadey 160 (91)
Track them all: https://any.run/malware-trends/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_content=tracker&utm_term=240325
2025-02-12 (Wed): #VIP_Recovery (an #AgentTesla variant) from Brazil #malspam --> zip attachment --> extracted EXE.
File name: Factura Gastos.exe
Email accounts for data exfiltration: antonipont@grupobdb[.]com --> cludsewe3@gmail[.]com
EXE available at: https://bazaar.abuse.ch/sample/c7620ccaf9c2d47ba08cf85e65e55ea974f8887e18d96574a1aa63f09e836451/
2025-01-31 (Friday): Two pcaps with traffic of #AgentTesla-style data exfil.
One #pcap has FTP exfil, while the other pcap is "VIP Recovery" and has SMTP exfil.
Pcaps available at https://www.malware-traffic-analysis.net/2025/01/31/index.html
👾 #Lumma, #AgentTesla, and #AsyncRAT became the top uploaded threats in 2024
Explore the most prevalent #malware types and MITRE ATT&CK techniques in ANYRUN's 2024 Malware Trends Report to stay informed and proactive: https://any.run/cybersecurity-blog/malware-trends-2024/?utm_source=mastodon&utm_medium=post&utm_campaign=malware_families2024&utm_content=linktoblog&utm_term=220125
ANY.RUN
OTX Bot
Brad