Mastodawn

DPRK-Related Campaigns with LNK and GitHub C2

FortiGuard Labs recently detected a series of LNK files targeting users in South Korea. These attacks use a multi-stage scripting process and leverage GitHub as Command and Control (C2) infrastructure to evade detection. Although these LNK files can be traced back to 2024, earlier versions had less obfuscation and contained significant metadata, allowing us to track similar attacks spreading the XenoRAT malware.

Pulse ID: 69cfceee4f7a6c4305b3d1a4
Pulse Link: https://otx.alienvault.com/pulse/69cfceee4f7a6c4305b3d1a4
Pulse Author: AlienVault
Created: 2026-04-03 14:30:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DPRK #FortiGuard #FortiGuardLabs #GitHub #InfoSec #Korea #LNK #Malware #OTX #OpenThreatExchange #RAT #SouthKorea #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

secsolution Dec 30, 2024

La "stagione degli acquisti" nel mirino di minacce informatiche avanzate: Durante le festivita’, i consumatori di tutto il mondo "corrono" agli acquisti, pronti a cogliere le migliori occasioni. Il conseguente aumento dell’attivita’...
#Fortinet #sicurezzainformatica #cybercrime #FortiGuardLabs #intelligenzaartificiale http://dlvr.it/TH493X

La "stagione degli acquisti" nel mirino di minacce informatiche avanzate

Durante le festività, i consumatori di tutto il mondo corrono agli acquisti, pronti a cogliere le migliori occasioni. Il conseguente aumento dell’attività...

jpmellojr Nov 27, 2024

Fake web stores and evolving cyberattacks pose new perils for holiday shoppers, according to recent reports. https://jpmellojr.blogspot.com/2024/11/fake-web-stores-evolving-cyberattacks.html #HolidayShopping #OnlineFraud #ECommerce #Netcraft #Fortinet #FortiGuardLabs

Fake Web Stores, Evolving Cyberattacks Plague Holiday Shoppers

Mushrooming fake store sites, deceptive domains, and compromised e-commerce sites are just a few of the threats facing online shoppers and...

teh_daemon Sep 12, 2023

Very happy to release our latest blog at #FortiGuardLabs! We recently encountered a case of a previously unseen dropper that we're calling #MidgeDropper. It has an intricate infection chain involving sideloading and code obfuscation. https://www.fortinet.com/blog/threat-research/new-midgedropper-variant

New MidgeDropper Variant | FortiGuard Labs

A malware analysis on a new dropper variant that has a complex infection chain that includes code obfuscation and sideloading. Learn more.…

Fortinet Blog

pro2c@ll Aug 25, 2023

Attackers love web shells. Check out my latest post on @csoonline a 101 guide to what are webshells - https://www.csoonline.com/article/650335/webshells-why-an-old-tactic-is-still-relevant.html - #fortinet #FortiGuardLabs

Webshells: Why an old tactic is still relevant

The threat landscape is constantly evolving, but often, it’s the same old tricks that pay off.

CSO Online

Freemind Jul 12, 2023

"One Big Head ransomware variant displays a fake Windows Update, potentially indicating that the ransomware was also distributed as a fake Windows Update," Fortinet researchers said at the time. "One of the variants has a Microsoft Word icon and was likely distributed as counterfeit software."

#ransomware #cybersecurity #fortiguardlabs #Microsoft #Windows

https://thehackernews.com/2023/07/beware-of-big-head-ransomware-spreading.html?m=1

Beware of Big Head Ransomware: Spreading Through Fake Windows Updates

Protect your systems against Big Head ransomware's diverse attack vectors! It's not just about encryption—it also incorporates a file infector.

The Hacker News

teh_daemon Jun 27, 2023

Really pleased to share this one! #FortiGuardLabs recently came across an interesting, previously unseen infostealer that we've named #ThirdEye - https://www.fortinet.com/blog/threat-research/new-fast-developing-thirdeye-infostealer-pries-open-system-information

New Fast-Developing ThirdEye Infostealer Pries Open System Information | FortiGuard Labs

FortiGuard Labs recently came across files that look suspicious, even during a cursory review. Our subsequent investigation confirmed that the files are malicious and revealed there is more to them…

Fortinet Blog

ITSEC News Jan 6, 2020

DeathRansom Campaign Linked to Malware Cornucopia - One threat actor appears to be behind several ongoing, related campaigns. more: https://threatpost.com/deathransom-campaign-malware-cornucopia/151567/ #ongoingcampaigns #malwareanalysis #fortiguardlabs #deathransom #egornedugov #malware #azorult #evrial #scat01 #vidat

DeathRansom Campaign Linked to Malware Cornucopia

One threat actor appears to be behind several ongoing, related campaigns.

Threatpost - English - Global - threatpost.com