Threat reports

Posted on November 09, 2022

Black Friday and Cyber Monday Bring on the Scariest Sales

Black Friday and Cyber Monday typically reel in the biggest profits for shops across North America. It’s only natural then for cybercriminals the world over to take advantage of the events.¹

Posted on October 25, 2022

A Call for Help May Lead to Malware: BazarCall IoC Analysis and Expansion

Recently seen callback phishing tactics highlight threat actors’ manipulative skills. They bait potential victims using urgent emails then employ legitimate-looking domains and web pages when victims call back for help.

Posted on October 11, 2022

Should Cracks and Keygens Remain a Cybersecurity Concern?

Many users, particularly those that don’t want to spend tons of money on software licenses, still troop to crack and keygen sites. While not all of them are malicious, many of their offerings could put individuals and companies at great risk.¹

Posted on September 12, 2022

XCSSET Shows How Threat Actors Cope with OS Changes, Does Away with Python Like macOS

XCSSET first appeared in 2020.¹ But it fell off cybersecurity researchers’ radar last year after macOS Monterey discontinued its support for Python—the malware’s primary language. Since April this year, however, XCSSET minus Python has resurfaced.²

Posted on July 15, 2022

Matanbuchus with Cobalt Strike: Not Your Favorite Combo

A malware-as-a-service (MaaS) package called “Matanbuchus” was found dropping Cobalt Strike beacons, allowing threat actors to communicate with the compromised network.¹

Posted on June 13, 2022

Phishing Automated through Chatbots, We Found Potentially Connected Domains

There is a new phishing tactic that employs chatbots to automate credential theft and increase the legitimacy of phishing sites. Bleeping Computer¹mentioned only one IoC, a cybersquatting subdomain targeting DHL.

Posted on May 09, 2022

Don’t Hit That Update Button Just Yet, It Could Lead to Malware Infection

Microsoft regularly pushes out updates, sometimes even upgrades, for its software in an effort to heighten their security and fix bugs. But it’s also usual, too, to see news about threat actors taking advantage of the huge Windows user base by rolling out updates that are actually malware in disguise.

Posted on April 01, 2022

A Look at Actinium/Gamaredon’s Infrastructure: More Artifacts Revealed

Nearly-a-decade-old advanced persistent threat (APT) group Actinium/Gamaredon seemed to have gained a new lease on life as they recently resurfaced to target several Ukrainian organizations.¹

Posted on February 24, 2022

When Safe Doesn’t Mean Threat-Free, Watch Out for Rogue Internet Safety Sites

Threat actors will capitalize on anything, even sites that hint at promoting digital safety, to spread mayhem. We looked at thousands of Internet safety-themed domains and subdomains in commemoration of Safer Internet Day¹ to identify how many of them may not be worth trusting.

Posted on September 17, 2021

Q2 2021 Paypal Phishing & Typosquatting Report

PayPal phishing attacks are highly prevalent and the company remains one of the most impersonated brands. As typosquatting domains are often associated with phishing and impersonation attacks, Threat Intelligence Platform (TIP) prepared the Q2 2021 PayPal Phishing Report.

In this report, we uncovered PayPal-related domains and subdomains registered or added within the period.

Try our Threat Intelligence API for free

Get FREE trial

Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.