Category: Community Content

Qakbot
Community Content

Qakbot

Qakbot malware (also known as: QakBot, Quakbot, Pinkslipbot) is a prevalent information-stealing malware that was discovered in 2007.

Read More »
Follina
Community Content

Follina Vulnerability – CVE-2022-30190

Follina (CVE-2022-30190) or the remote code execution vulnerability discovered that will abuse the Microsoft Windows Support Diagnostic Tool (MSDT.exe) in order to exploit and execute remote code was observed in Late May of 2022. The vulnerability itself was first mentioned by a security research group named “Nao Sec” via Twitter on May 27th and acknowledged by Microsoft on May 31st.

Read More »
BlackCat Ransomware
Community Content

BlackCat Ransomware

OVERVIEW BlackCat Ransomware, also known as ALPHV, is a variant that operates under the RaaS (Ransomware as a Service) model and has target many countries

Read More »
QUANTUM RANSOMWARE
Community Content

Quantum Ransomware

OVERVIEW Quantum Ransomware is a variant that was first discovered in August 2021, linked to the Quantum Locker operation and is observed as a rebrand

Read More »
Community Content

Tarrask Malware

OVERVIEW Tarrask is a malware variant being used by the Hafnium group in order to achieve persistence via abuse of Windows scheduled tasks. First appearing

Read More »
Community Content

Spring4Shell: CVE-2022-22965

Summary Spring4Shell (CVE-2022-22965) or the remote code execution vulnerability found in Spring Core Framework was observed and confirmed in March of 2022. Spring Framework is

Read More »
Community Content

CONTI Ransomware

OVERVIEW The Conti Ransomware group is a notorious and active ransomware gang that has successfully pulled multi-million dollar payments from victims and are one of

Read More »
Community Content

HermeticWiper Malware

OVERVIEW The HermeticWiper malware variant was first identified by researchers from ESET and Broadcom’s Symantec on February 23, 2022 and has been observed attacking Ukrainian

Read More »
Community Content

LockBit Ransomware

OVERVIEW LockBit is a ransomware variant that was first seen in September 2019, and has been prevalent in ransomware attacks ever since. The variant encrypts

Read More »
Community Content

Proxy VBScript Execution via CurrentVersion Registry Key

Many adversaries abuse Visual Basic (VB) for execution. VB is a programming language created by Microsoft with interoperability with many Windows technologies such as Component Object Model and the Native API through the Windows API. Although tagged as legacy with no planned future evolutions, VB is integrated and supported in the .NET Framework and cross-platform .NET Core. VB can be abused in Microsoft Office Macros, as standalone script files, within HTA files and run on the command line as a method of evading detection, hiding code or otherwise used as a method of general execution. In the targeted technique, an adversary will utilize a registry key containing an HTA application or vbscript and utilize a script interpreter or rundll32 to run vbscript that will execute the code from the registry. This is a method of defense evasion to hide code in unsuspecting places, but still be able to execute it.

Read More »