Mastodawn

#Remcos #malware is now at v7.0. No significant changes to the payload side, but improvements to enhance reliability and address bugs based on operator experience added.
Samples:
tria.ge/250709-3vxwa...
tria.ge/250710-vba87...

Looks to be distributed via email campaigns from reboundue[.]com emails

idr0p Oct 9, 2024

Julian-Ferdinand Vögele Oct 9, 2024

At #PREDICT2024, we just presented a report on Rhysida's multi-tiered infrastructure. In combination with Recorded Future Network Intelligence, it allowed us to identify #Rhysida #ransomware victims on average 30 days before they appeared on their extortion site (1/8).

https://www.recordedfuture.com/research/outmaneuvering-rhysida-advanced-threat-intelligence-shields-critical-infrastructure-ransomware

Outmaneuvering Rhysida: How Advanced Threat Intelligence Shields Critical Infrastructure from Ransomware

Discover how Rhysida ransomware leverages multi-tiered infrastructure, CleanUp Loader C2s, and SEO poisoning. Learn how Recorded Future’s Network Intelligence detects victims on average 30 days in advance of ransomware being deployed, offering a critical window for prevention.