Payload Ransomware: Early Profile
Tags: Payload ransomware, data broker extortion, double extortion, Tor leak site, ESXi ransomware, RECOVERY-xx0001.txt, IOCs, incident response
65 reports
Tags: Payload ransomware, data broker extortion, double extortion, Tor leak site, ESXi ransomware, RECOVERY-xx0001.txt, IOCs, incident response
APT33, Elfin, Peach Sandstorm, HOLMIUM, Refined Kitten, Iran, aerospace, energy, petrochemical, spearphishing, password spraying, Outlook Home Page, Ruler, TurnedUp, DropShot, ShapeShift, StoneDrill
APT28 is a long-running Russian state-aligned cyber espionage actor widely attributed to the GRU’s 85th Main Special Service Center (GTsSS), military unit 26165, active since at least 2004. (…
LAPSUS$ is an extortion-focused cybercriminal collective best known for high-tempo intrusions against large enterprises and service providers, frequently leveraging social engineering and identity…
In September 2024, JPCERT/CC released a detailed blog post uncovering how Windows Event Logs can be a powerful tool for identifying human-operated ransomware campaigns. The research focuses on…
A recent analysis of the LummaC2 (LUMMAC.V2) malware reveals its use of advanced obfuscation techniques, specifically leveraging indirect control flow manipulation to make reverse engineering…
As we approach the final quarter of 2024, the cyber threat intelligence (CTI) landscape continues to evolve, driven by a combination of emerging threats, geopolitical factors, and the maturation…
Microsoft’s June 2024 Patch Tuesday brought important security updates addressing 78 vulnerabilities across a range of products, including Windows , Microsoft Office , Azure , and Microsoft Edge .…
CVE-2022-38028 is a critical vulnerability in the Windows Print Spooler service that allows for arbitrary code execution with elevated privileges. The exploit was addressed by Microsoft in a…
A new phishing campaign leveraging Autodesk Drive has come to light, targeting corporate users through seemingly legitimate PDF files. Cybersecurity experts at Netcraft have uncovered that…
In a significant development reported by Akamai's Security Intelligence Response Team (SIRT) in late October 2023, heightened malicious activity was detected, indicating the exploitation of…
Hunters International is a newly identified ransomware group that has recently come to prominence. This group is particularly notable for its use of code with similarities to the now-defunct Hive…