Uncover the threats of tomorrow, today.

Securonix Threat Labs helps your team fend off rising threats by bringing the industry’s brightest minds together to equip you with the latest countermeasures and best practices.

Powered by Threat Labs

Autonomous Threat Sweeper

Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.

Learn More

Latest ATS Entries

All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.

2024-04-15
Zero_Day_Exploitation_of_Unauthenticated_RCE_Vulnerability_in_GlobalProtect
HIGH
+

Intel Source:
Palo Alto, Volexity
Intel Name:
Zero_Day_Exploitation_of_Unauthenticated_RCE_Vulnerability_in_GlobalProtect
Date of Scan:
2024-04-15
Impact:
HIGH
Summary:
Researchers at PaloAlto have identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS. A critical command injection vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. The vulnerability, assigned CVE-2024-3400, has a CVSS score of 10.0.


Source:
https://unit42.paloaltonetworks.com/cve-2024-3400/#post-133365-_ydqdbjg0dngh
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/

2024-04-15
The_spread_of_infostealers_by_a_Russian_cybercriminal_campaign
LOW
+

Intel Source:
Recorded Future
Intel Name:
The_spread_of_infostealers_by_a_Russian_cybercriminal_campaign
Date of Scan:
2024-04-15
Impact:
LOW
Summary:
The Insikt Group has uncovered a large-scale Russian-language cybercrime operation that leverages fake Web3 gaming projects to distribute infostealer malware targeting both macOS and Windows users.


Source:
https://www.recordedfuture.com/cybercriminal-campaign-spreads-infostealers-highlighting-risks-to-web3-gaming

2024-04-15
Malvertising_campaigns_hijack_social_media_to_spread_stealers
LOW
+

Intel Source:
Bitdefender
Intel Name:
Malvertising_campaigns_hijack_social_media_to_spread_stealers
Date of Scan:
2024-04-15
Impact:
LOW
Summary:
Threat actors have been copying AI software such as Midjourney, Sora AI, DALL-E 3, Evoto, and ChatGPT 5 on Facebook to trick users into downloading purported official desktop versions of these AI software. The malicious webpages then download intrusive stealers such as Rilide, Vidar, IceRAT, and Nova Stealer.


Source:
https://www.bitdefender.com/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns/#new_tab

2024-04-12
Observed_spike_of_LockBit_related_activity_of_vulnerabilities_in_ScreenConnect
MEDIUM
+

Intel Source:
Trellix
Intel Name:
Observed_spike_of_LockBit_related_activity_of_vulnerabilities_in_ScreenConnect
Date of Scan:
2024-04-12
Impact:
MEDIUM
Summary:
Recently, Trellix Researchers have observed a rise in LockBit-related cyber activity in vulnerabilities in ScreenConnect. Researchers are confident that the cybercriminals group behind LockBit ransomware partially restored their infrastructure and created a feeling that the LE actions did not affect their normal operation.


Source:
https://www.trellix.com/blogs/research/the-lockbits-attempt-to-stay-relevant-its-imposters-and-new-opportunistic-ransomware-groups/

2024-04-12
Embedding_a_credit_card_skimmer_in_a_fake_Facebook_Pixel_tracker_script
LOW
+

Intel Source:
Sucuri
Intel Name:
Embedding_a_credit_card_skimmer_in_a_fake_Facebook_Pixel_tracker_script
Date of Scan:
2024-04-12
Impact:
LOW
Summary:
Recently Sucuri discovered an interesting case of this: the attackers took that a step further by embedding a credit card skimmer in a well-concealed fake Facebook Pixel tracker script.


Source:
https://blog.sucuri.net/2024/04/credit-card-skimmer-hidden-in-fake-facebook-pixel-tracker.html

2024-04-12
SolarMarker_malware_campaigns
LOW
+

Intel Source:
Esentire
Intel Name:
SolarMarker_malware_campaigns
Date of Scan:
2024-04-12
Impact:
LOW
Summary:
This month, eSentire’s researchers discovered that SolarMarker malware campaigns now utilize PyInstaller to hide malicious PowerShell scripts, marking a shift from previous methods such as Inno Setup and PS2EXE.


Source:
https://www.esentire.com/blog/solarmarkers-shift-to-pyinstaller-tactics

2024-04-12
A_series_of_tax_themed_phishing_emails_delivering_the_Remcos_RAT
LOW
+

Intel Source:
Esentire
Intel Name:
A_series_of_tax_themed_phishing_emails_delivering_the_Remcos_RAT
Date of Scan:
2024-04-12
Impact:
LOW
Summary:
Last month, eSentire researchers detected a series of tax-themed phishing emails delivering the Remcos RAT as the final payload through GuLoader. The phishing email contained the link to the password-protected ZIP archive hosted on Adobe Document Cloud.


Source:
https://www.esentire.com/blog/tax-season-alert-beware-of-guloader-and-remcos-rat

2024-04-12
A_New_Banking_Trojan_Called_Coyote
LOW
+

Intel Source:
Seqrite
Intel Name:
A_New_Banking_Trojan_Called_Coyote
Date of Scan:
2024-04-12
Impact:
LOW
Summary:
Researchers at Seqrite have discovered a brand-new banking trojan known as Coyote, which makes use of a tool/library known as Squirrel Installer, designed to install and control Windows application updates. The software appears to be more sophisticated than typical banking trojans, and in the coming days, it may pose a more serious threat. This recently discovered malware identifies the market it targets and targets various banking institutions in Brazil.


Source:
https://www.seqrite.com/blog/exposing-coyote-the-next-gen-banking-trojan-revolutionizing-cyber-threats-in-brazil/

2024-04-12
The_XWorm_Tax_Scam
LOW
+

Intel Source:
Esentire
Intel Name:
The_XWorm_Tax_Scam
Date of Scan:
2024-04-12
Impact:
LOW
Summary:
Recently, Esentire SOC Analysts shared with their Threat Response Unit about the tax-themed threat delivering XWorm as the final payload. Researchers are certain the initial infection vector is via the phishing email.


Source:
https://www.esentire.com/blog/dont-take-the-bait-the-xworm-tax-scam

2024-04-12
Halcyon_Threat_Insights_003
LOW
+

Intel Source:
Halcyon
Intel Name:
Halcyon_Threat_Insights_003
Date of Scan:
2024-04-12
Impact:
LOW
Summary:
Halcyon researchers indicated and blocked a big range of threats that were missed by other security layers in their client’s environments that are often precursors to the delivery of the ransomware payload.


Source:
https://www.halcyon.ai/blog/halcyon-threat-insights-003-march-2024

 

View All
Threat Content

Shared Security Content on Sigma

Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.

Visit our Sigma Page

Why Security Content Matters

Learn how Securonix is paving the way to make precise, and actionable security content a reality for our customers.

What's New from Threat Labs

  • Blog
    Securonix Threat Research Knowledge Sharing Series: Detecting DLL Sideloading Techniques Found In Recent Real-world Malware Attack Chains
    Learn More
  • Blog
    Securonix Threat Research Security Advisory: Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware
    Learn More
  • Blog
    Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor
    Learn More

Threat Labs Archives

  • Threat Research