Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
A more_eggs Malware Infection From Recruitment Scams
The more_eggs malware, part of the Golden Chickens malware-as-a-service (MaaS) toolkit, continues to spread through fake job recruitment scams. Threat actors like FIN6 and the Cobalt Group are leveraging this toolkit to target industries involved in hiring, particularly finance and retail, using deceptive social engineering techniques.
Perfctl Malware Adapts and Evades Detection Targeting Linux Servers
Aqua Security researchers uncover the perfctl malware targeting Linux servers by exploiting misconfigurations and vulnerabilities like CVE-2021-4034. The malware adapts to evade detection, impacts server operations, and is linked to cryptomining. It uses stealth tactics, including masking processes and leveraging user-agent filtering to deliver payloads.
Royal Mail Impersonated in Latest Prince Ransomware Phishing Scam
Proofpoint researchers unveil a phishing campaign that impersonates Royal Mail to deliver Prince ransomware. Active in the UK and US, the campaign uses public contact forms and direct emails, leveraging ZIP files with malicious scripts. Despite no clear attribution, the ransomware is available on GitHub for free.
Storm-0501’s Impact on On-Prem and Cloud Infrastructure
Storm-0501, a financially motivated threat actor, exploits vulnerabilities in on-prem and cloud environments. Linked to major ransomware groups, it uses credential theft and hybrid infrastructure attacks. Microsoft highlights Storm-0501’s tactics, including leveraging Microsoft Entra ID and synchronization processes, and recommends implementing MFA and other security measures.
SnipBot, A New RomCom Malware Variant Targets Broad Industries for Espionage
SnipBot, a newly discovered variant of RomCom malware, is targeting global industries with advanced obfuscation and stealth techniques. Unit 42 researchers suspect the malware, previously linked to ransomware, now focuses on espionage. This multi-stage attack utilizes legitimate certificates, PowerShell commands, and data exfiltration tools to compromise networks.
Hackers Could Exploit ATG Flaws to Cause Environmental and Economic Havoc
Researchers from Bitsight have identified critical vulnerabilities in Automatic Tank Gauges (ATGs) that could enable attackers to manipulate fuel storage systems, causing environmental damage and economic disruption. CISA advises immediate security measures to mitigate the risks as some vendors delay patches.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
-min.png)
The World's Best SOC Teams Use Anvilogic
.svg)
