Estimated reading time: 4 minutes
Introduction XWorm is an evasive and flexible malware recognized for its modular design. It uses obfuscation techniques to avoid detection. It communicates with a Command and Control server and executes malicious activities. After execution, the malware decrypts its configuration...
Estimated reading time: 11 minutes
Contents Introduction Key Targets. Industries Affected. Geographical Focus. Initial Findings. Looking into the decoy-document – I Looking into the decoy-document – II Infection Chain. Technical Analysis Stage 1 – Malicious LNK Script & VBScript. Stage 2 – Malicious Cobalt...
Estimated reading time: 6 minutes
In the wake of numerous security incidents in which attackers exploited unsegmented networks to spread malware and access sensitive data, it’s clear that traditional network architectures often fail to prevent the lateral movement of threats. This blog will illustrate...
Estimated reading time: 11 minutes
In the recent past, cyberattacks on Indian government entities by Pakistan-linked APTs have gained significant momentum. Seqrite Labs APT team has discovered multiple such campaigns during telemetry analysis and hunting in the wild. One such threat group, SideCopy, has...
Estimated reading time: 5 minutes
Our recent research has highlighted the presence of the MedusaLocker ransomware, which first surfaced in mid-2019. Its primary targets are the Hospital and Healthcare industries. MedusaLocker employs AES and RSA encryption techniques to encrypt victims’ data. Technical analysis At...
Estimated reading time: 4 minutes
Openfire is an open-source, real-time collaboration server based on the XMPP (Extensible Messaging and Presence Protocol) protocol. It facilitates instant messaging, group chat, and other real-time communication services. Openfire is popular for its flexibility, scalability, and robust security features....
Estimated reading time: 4 minutes
Zero-day vulnerabilities represent an imminent threat to cyber security, and in this case, two such vulnerabilities, CVE-2023-38831 and CVE-2023-40477, have been identified in the widely utilized WinRAR software. These vulnerabilities pose a grave concern due to their potential for...