Mastodawn

SANS Internet Storm Center - SANS.edu - Go Sentinels!15h ago

ISC Diary: #SmartApeSG campaign pushes #Remcos #RAT, #NetSupportRAT, #StealC and #SectopRAT (#ArechC https://isc.sans.edu/diary/32826

OTX Bot 1d ago

Tracing a Multi-Vector Malware Campaign: From VBS to Open Infrastructure

A multi-stage malware delivery campaign was uncovered, initially detected through a suspicious VBS file. The investigation revealed a complex attack infrastructure using Unicode obfuscation, PNG-based payload staging, and reflectively loaded .NET execution. The attacker utilized open directories to host multiple obfuscated VBS files, each mapping to different malware payloads including XWorm and Remcos RAT. A secondary infection vector involving a weaponized 'PDF' and batch script was also discovered. The campaign demonstrated a modular approach, allowing for payload rotation and multiple attack vectors from the same domain. This sophisticated infrastructure design enables rapid modification and expansion of available payloads without altering the initial delivery mechanism.

Pulse ID: 69c2502fe450207e3f4855c3
Pulse Link: https://otx.alienvault.com/pulse/69c2502fe450207e3f4855c3
Pulse Author: AlienVault
Created: 2026-03-24 08:49:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #NET #OTX #OpenThreatExchange #PDF #RAT #Remcos #RemcosRAT #VBS #Worm #XWorm #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

ANY.RUN 2d ago

Top 10 last week's threats by uploads 🌐
⬆️ #Stealc 600 (403)
⬇️ #Asyncrat 541 (782)
⬆️ #Xworm 510 (431)
⬆️ #Vidar 368 (351)
⬆️ #Gh0st 298 (281)
⬆️ #Remcos 272 (267)
⬇️ #Agenttesla 216 (307)
⬇️ #Dcrat 201 (427)
⬆️ #Salatstealer 195 (181)
⬇️ #Quasar 185 (187)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=230326&utm_content=linktoregister#register

OTX Bot Mar 18

Analysis of the Spear-Phishing and KakaoTalk-Linked Threat Campaign

The Konni Group conducted a sophisticated multi-stage attack campaign, initiating with a spear-phishing email disguised as a North Korean human rights lecturer appointment. The attack progressed through execution of a malicious LNK file, installation of remote access malware, and long-term persistence for data theft. A key feature was the unauthorized access to victims' KakaoTalk PC applications, used to distribute additional malicious files to selected contacts. The campaign employed multiple RAT families, including EndRAT, RftRAT, and RemcosRAT, with a distributed C2 infrastructure across Finland, Japan, and the Netherlands. The threat actor's tactics included trust-based propagation, account session abuse, and modular payload deployment, highlighting the need for advanced behavior-based detection and multi-layered defense strategies.

Pulse ID: 69ba831f2287b29db4e4645e
Pulse Link: https://otx.alienvault.com/pulse/69ba831f2287b29db4e4645e
Pulse Author: AlienVault
Created: 2026-03-18 10:49:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DRat #DataTheft #Email #Finland #ICS #InfoSec #Japan #Konni #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #RAT #Remcos #RemcosRAT #Rust #SpearPhishing #TheNetherlands #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

ANY.RUN Mar 16

Top 10 last week's threats by uploads 🌐
⬆️ #Asyncrat 782 (533)
⬆️ #Xworm 431 (350)
⬆️ #Dcrat 427 (268)
⬆️ #Stealc 403 (215)
⬆️ #Vidar 351 (249)
⬆️ #Agenttesla 309 (241)
⬆️ #Gh0st 281 (143)
⬆️ #Remcos 270 (193)
⬆️ #Quasar 187 (158)
⬇️ #Salatstealer 181 (189)
Explore malware in action: https://app.any.run/?utm_source=mastodon&utm_medium=post&utm_campaign=top_ten&utm_term=160326&utm_content=linktoregister#register

#cybersecurity #infosec

OTX Bot Mar 14

Phishing Campaign Delivers Fileless Remcos RAT Using JavaScript and PowerShell to Evade Detection

A phishing campaign distributes Remcos RAT using a fileless multi-stage execution chain involving JavaScript, PowerShell and a .NET injector.

Pulse ID: 69b5d44a49e28d19f3338d0b
Pulse Link: https://otx.alienvault.com/pulse/69b5d44a49e28d19f3338d0b
Pulse Author: cryptocti
Created: 2026-03-14 21:34:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Java #JavaScript #NET #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #Remcos #RemcosRAT #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

SANS Internet Storm Center - SANS.edu - Go Sentinels!Mar 14

ISC diary: #SmartApeSG campaign uses #ClickFix page to push #Remcos #RAT (#RemcosRAT) https://isc.sans.edu/diary/32796