ALERTS MARCH 2024
HOME APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY | March(16) April(92) May(99) June(94) July(5)
DATE | NAME | CATEGORY | SUBCATE | INFO |
| 30.3.24 | CVE-2024-20767 - Adobe ColdFusion vulnerability | ALERTS | Vulnerebility | CVE-2024-20767 is a directory traversal vulnerability in Adobe ColdFusion, which is a development platform for building and deploying web and mobile applications. |
| 30.3.24 | Sync-Scheduler Infostealer | ALERTS | Virus | A Infostealer dubbed as Sync-Scheduler, written in C++, has been reported as being distributed concealed within Office document files. |
| 30.3.24 | WarzoneRAT malware re-emerges with new samples | ALERTS | Virus | WarzoneRAT (also known as AveMaria) is a commodity Remote Access Trojan variant used by various threat groups in recent years. |
| 30.3.24 | TheMoon malware targets thousands of insecure routers | ALERTS | Virus | A new malicious campaign featuring an updated version of TheMoon, a notorious malware family has been reported. This latest variant of TheMoon appears to target insecure outdated home routers, |
| 30.3.24 | Beware of FlightNight | ALERTS | Virus | A new threat actor has been observed using similar Tactics, Techniques and Procedures (TTPs) to recent Go-Stealer campaigns targeting Indian government entities. |
| 28.3.24 | Dropper disguised as legitimate PuTTy Software | ALERTS | Virus | A threat actor has been reported purchasing an ad claiming to be the PuTTY homepage. This ad appeared at the top of the Google search results page, although it has since been removed. It appeared just before the official PuTTY website |
| 28.3.24 | Mispadu Stealer extends its reach | ALERTS | Virus | Mispadu Stealer (known also as Ursa) has shown some increased activity in recent distribution campaigns. |
| 28.3.24 | Qilin ransomware remains an active threat in the landscape | ALERTS | Ransom | Qilin, also known as Agenda, is a Rust-based ransomware variant discovered in 2022. The malware has been spreading actively in the wild in recent months, with ongoing developments evident in new versions. |
| 28.3.24 | SnowLight downloader spread in campaigns exploiting F5 BIG-IP and ScreenConnect vulnerabilities | ALERTS | Virus | Recent malicious campaigns attributed to the UNC5174 threat group have been reported to exploit F5 BIG-IP (CVE-2023-46747) and Connectwise ScreenConnect (CVE-2024-1709) vulnerabilities for malware delivery. |
| 27.3.24 | Stately Taurus APT Campaign Targeting Asian Countries | ALERTS | APT | Researchers observed a recent Stately Taurus (aka Mustang Panda) APT campaign during an ASEAN-Australia Special Summit held just this month targeting Asian countries. |
| 27.3.24 | VCURMS and STRRAT being delivered via links in spam messages | ALERTS | Virus | A java downloader has been discovered delivering VCURMS and STRRAT remote access trojans. This downloader is deployed via email with links to malicious JAR files. These two RATs will then download a modified Rude Stealer and keylogger for data exfiltration. |
| 26.3.24 | VCURMS and STRAT being delivered via links in spam messages | ALERTS | Virus | A java downloader has been discovered delivering VCURMS and STRRAT remote access trojans. This downloader is deployed via email with links to malicious JAR files. These two RATs will then download a modified Rude Stealer and keylogger for data exfiltration. |
| 26.3.24 | VCURMS and STRRAT being delivered via links in spam messages | ALERTS | Virus | A java downloader has been discovered delivering VCURMS and STRRAT remote access trojans. This downloader is deployed via email with links to malicious JAR files. These two RATs will then download a modified Rude Stealer and keylogger for data exfiltration. |
| 26.3.24 | New backdoor WineLoader | ALERTS | Virus | Phishing attacks impersonating political parties with an invite lure to diplomats for a wine-tasting event has been used to deploy WineLoader malware. |
| 26.3.24 | New remote control backdoor leveraging malicious drivers emerges in China | ALERTS | Virus | In a recent campaign observed in China, a new remote control backdoor was distributed. |
| 26.3.24 | Emergence of Mirai Nomi in the Threat Landscape | ALERTS | Botnet | A new Mirai botnet variant, named Mirai Nomi, has emerged in the threat landscape. This variant features modified UPX packing, a time-dependent Domain Generation Algorithm (DGA) for command and control, and multiple encryption and hashing algorithms. |