Hunting for Mythic in network traffic

Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization’s network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4, open-source projects like Mythic, Sliver, Read More …

Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations

During the lead up to Ukraine’s counteroffensive, Mandiant and Google’s Threat Analysis Group (TAG) have tracked an increase in the frequency and scope of APT29 phishing operations. Investigations into the group’s recent activity have identified an intensification of operations centered Read More …

Attackers use SVG files to smuggle QBot malware onto Windows systems

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. This attack is made through embedded SVG files containing JavaScript that reassemble a Base64 encoded Read More …

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

C&C systems are useful collaboration tools for penetration testers and red teamers. They provide a common place for all victim machines to reach out to, be controlled from, and allow multiple users to interact with the same victims. When performing Read More …

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

QAKBOT’s malware distribution resumed on September 8, 2022 following a brief hiatus, when our researchers spotted several distribution mechanisms on this date. The distribution methods observed included SmokeLoader (using the ‘snow0x’ distributor ID), Emotet (using the ‘azd‘ distributor id), and Read More …

Ransomware, hacking groups move from Cobalt Strike to Brute Ratel

Hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. Corporate cybersecurity teams commonly consist of employees who attempt to breach corporate networks (red Read More …