Stop of publications from 30 January to 6 February 2023
We stop for a week for technical updates. Activities will resume regularly from February 7th.
Cybercrime, false payment spread zgRAT via AgentTesla
The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Syria, SDF and Inherent Resolve capture the Islamic State Walid in Raqqa
The man, Atallah al-Maythan, headed pro-ISIS jihadists across the quadrant. He was arrested along with 68 militiamen in the "Revenge for Al-Raqqah deaths" operation.
Cybercrime, Raccoon Stealer hidden in a fake complaint about a purchase
The link points to a page from which you download an xll file: the loader. This then in turn downloads a zip with the malware inside.
Cybercrime, second consecutive day for SnakeKeylogger via Garanti BBVA
The email changes the text and the compressed attachment. Inside, however, there is an exe with the same malware and the stolen data is exfiltrated via Telegram Api to the same C2.
Cybercrime, new zgRAT campaign via AgentTesla and fake offer list
The rar attachment contains an exe file: the first malware, that downloads the second payload.
Ukraine, Russia also use conscripts from Africa
Two students from Zambia and Tanzania killed in the fighting. They had been recruited by Wagner in Federation prisons. They are not isolated cases.
Cybercrime, Snakekeylogger hides in a SWIFT transfer
The tar attachment of a fake email from Garanti BBVA contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Syria, SDF and Inherent Resolve capture two pro-ISIS leaders in Deir Ezzor
Heli-transported operation in Shahil against the networks of facilitators and logisticians of the Islamic State. More than 270 jihadists have already been arrested in January.
Cybercrime, BlueStealer (alias DarkCloud) is back
A fake email from an Indian company contains an r.00 attachment, with an exe file inside: the malware. The infostealer doesn’t have a C2, but sends the stolen data by email.