July 25, 2024
Gurucul Threat Research: DisGoMoji Malware
Threat Research
The DisGoMoji malware operates under the control of its creators through the popular messaging platform Discord. To maintain secrecy, the attackers have ingeniously devised a system of using emojis within Discord messages to transmit commands to the malware. The unusual…
Read More
June 10, 2024
Lockkey Golang Ransomware
Threat Research
Lockkey is a ransomware variant written in the Go programming language, making it potentially more cross-platform and resilient than ransomware traditionally written in languages like C++. While the specifics of its technical mechanisms are unavailable due to the restricted source,…
Read More
May 24, 2024
Leprechaun – A New Malware Loader
Threat Research
Introduction The Leprechaun malware loader is a nascent threat that has emerged as a potential replacement for the IcedID malware. Leprechaun is a sophisticated malware loader with capabilities that make it a serious threat. In the current landscape, a novel malware…
Read More
May 7, 2024
Bellingcat Malware Investigation
Threat Research
Introduction Bellingcat, known for its investigative journalism, recently became the target of a sophisticated cyber attack. The analysis revolves around an email campaign that aimed to compromise Bellingcat’s systems. Here are the key details: Attack Vector: The attackers used an…
Read More
March 23, 2024
Royal Ransomware
Threat Research
Executive Summary 1. Origins and Activity: The Royal ransomware made its debut in 2022, swiftly establishing itself as a significant menace in the cybersecurity landscape. During its reign, Royal has targeted both U.S. and international organizations, infiltrating their networks with malicious…
Read More
March 20, 2024
APT28’s OCEANMAP Backdoor
Threat Research
OCEANMAP: This sophisticated backdoor, attributed to the notorious Russian cyber espionage group APT28 (also known as Sofacy or Fancy Bear), was initially identified by CERT-UA. Let’s break down. Key Features: On December 28, 2023, CERT-UA reported a cyber attack attributed…
Read More
March 7, 2024
BackMyData Ransomware
Threat Research
Starting on February 11, a widespread ransomware attack struck 100 hospitals across Romania. The attackers exploited vulnerabilities in the hospitals’ systems, forcing them to take critical infrastructure offline. Ransomware Type: BackMyData The malware responsible for this attack belongs to the…
Read More
March 1, 2024
GO Stealer Malware Targeting Indian Air force – Cyber Espionage Campaign
Threat Research
In the ever-evolving landscape of cyber threats, a recent incident caught the attention of security experts and government agencies alike. Unidentified cyber attackers attempted to breach the internal computer systems of the Indian Air Force (IAF), aiming to steal sensitive…
Read More
February 22, 2024
TicTacToe Malware Dropper
Threat Research
Malware droppers are malicious software designed to deliver and execute additional malware on a victim system and are employed to obfuscate final payloads during load and initial execution. Droppers within this group employ multiple stages of obfuscated payloads loading reflectively…
Read More
February 2, 2024
DarkGate Malware
Threat Research
DarkGate is a complete toolkit that provides attackers with extensive capabilities to fully compromise victim systems. Darkgate is loader/botnet malware. DarkGate malware has been out there since 2017. Infection Chain: The analysis mentioned in our report is based on the…
Read More
January 24, 2024
Gurucul Threat Research: Androxgh0st Malware
Threat Research
AndroxGh0st is a “SMTP cracker” which is primarily intended to scan for and parse Laravel application secrets from exposed .env files. (Note: Laravel is an open source PHP framework and the Laravel .env file is often targeted for its various…
Read More
December 12, 2023
Zero Trust Matures, Insider Threat Programs Take Off, and AI Doesn’t Change Things as Much as You’d Think Just Yet: Gurucul’s 2024 Cybersecurity Predictions
Threat Research SOC Security Analytics
At Gurucul, we’re experts in security analytics, machine learning/AI, and applied data science with many decades of combined experience in cybersecurity, working to enable Security Operations Center people, processes and tools. We’re always trying to stay on the…
Read More