Estimated reading time: 10 minutes
Table of Contents Introduction Initial Findings. Infection Chain. Technical Analysis. Initial Infection – Malicious Document. Second Stage – Malicious PyInstaller Executable. Final Stage – Malicious Python Scripts. Discord Bot Features. Ransomware Features. Conclusion Seqrite Protection. IOCs MITRE ATT&CK. Authors...Search Results
Estimated reading time: 4 minutes
Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks Introduction In today’s digital landscape, ransomware attacks are evolving at an alarming rate, leveraging overlooked vulnerabilities to infiltrate systems. One such weakness is misconfigured Server Message Block (SMB) services, which...
Estimated reading time: 10 minutes
Silent Lynx APT Targets Various Entities Across Kyrgyzstan & Neighbouring Nations Contents Key Targets Industries Affected Geographical Focus Infection Chain Initial Findings Campaign 1 Looking into the malicious email Looking into decoy document. Campaign 2 Looking into the malicious...
Estimated reading time: 3 minutes
In the cinematic tapestry of cybersecurity, where tales of intrigue and innovation collide, one story emerges from the shadows of the past. It’s a story that began in the early 1990s, during the DOS era, when computer viruses were...
Estimated reading time: 11 minutes
Contents Introduction Key Targets. Industries Affected. Geographical Focus. Initial Findings. Looking into the decoy-document – I Looking into the decoy-document – II Infection Chain. Technical Analysis Stage 1 – Malicious LNK Script & VBScript. Stage 2 – Malicious Cobalt...
Estimated reading time: 9 minutes
Seqrite Labs APT-Team has recently found a campaign targeting the Czech Republic. The campaign targets government and military officials with multiple lures aimed at the relationship between NATO and the Czech Republic. The entire malware ecosystem is involved in...
Estimated reading time: 8 minutes
Seqrite Labs APT-Team has recently discovered multiple campaigns involving fake PayPal lures. These are targeting individuals around the globe with a new variant of ransomware known as Cronus. In this case, the malware is developed in PowerShell and is...
Estimated reading time: 16 minutes
An open directory hosting malware linked to Transparent Tribe (APT36) has been found by SEQRITE Labs APT team. Further analysis revealed hidden URLs on the same domain containing payloads used by its sub-division APT group SideCopy. Targeting of Indian...
Estimated reading time: 2 minutes
A recent email scam titled “You Have Been Under Surveillance” is a classic example of a sextortion scam. These scams involve cybercriminals threatening to expose sensitive or compromising information about the recipient unless a ransom is paid. Recipients must...
Estimated reading time: 11 minutes
In the recent past, cyberattacks on Indian government entities by Pakistan-linked APTs have gained significant momentum. Seqrite Labs APT team has discovered multiple such campaigns during telemetry analysis and hunting in the wild. One such threat group, SideCopy, has...