smokeloader (4)

12634541464?profile=RESIZE_400xLaw enforcement agencies in the United States and Europe announced on 30 May Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.  Titled: “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedIDSmokeloader and Trickbot.

Link to full report: IR-24-151-001_OPendgame.p

10923797266?profile=RESIZE_400xRisePro is an information-stealing malware that was first discovered in mid-December 2022.  The earliest log recording from this malware, as of the time of this writing, was December 12th, 2022.  The logs found were posted to Russian Market, which is a log shop that is like other markets, such as Genesis.  There appeared to be multiple thousands of logs posted [2].  RisePro appears to be written in C++ and acts similarly to the “Vidar” malware.  According to a Joe Sandbox analysis, RisePro exhib

10913981254?profile=RESIZE_400xCybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems.  Azov is the name of ransomware, malware that blocks access to files by encrypting them.  It encrypts all files (except files with .ini, .dll, and .exe extensions) and appends the ".azov" extension to their filenames. Also, Azov drops ransom notes (the "RESTORE_FILES.txt" files) in all folders that i

10764228452?profile=RESIZE_400xActivity Summary - Week Ending on 12 August 2022:

  • Red Sky Alliance identified 23,968 connections from new IP’s checking in with our Sinkholes
  • Hit
  • Analysts identified 765 new IP addresses participating in various Botnets
  • Zeppelin Ransomware
  • Exim
  • SmokeLoader
  • RapperBot
  • AiTM Phishing
  • BlenderBot
  • PortDoor & CotSam

Link to full report: IR-22-224-001_weekly224.pdf