Reddit NetSec

CVE Database V5

AlienVault OTX General

Exploit-DB RSS Feed

Reddit InfoSec News

CIRCL OSINT Feed

ThreatFox MISP Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

CyberEye is a modular, .NET-based Remote Access Trojan that utilizes Telegram for Command and Control, eliminating the need for attackers to maintain their own infrastructure. It offers a wide array of surveillance and data theft capabilities, including keylogging, file grabbing, and clipboard hijacking. The malware employs advanced defense evasion techniques, disabling Windows Defender through PowerShell and registry manipulations. Its modules harvest browser credentials, Wi-Fi passwords, gaming profiles, and session data from various applications. The builder framework allows adversaries to customize payloads, making it accessible to less technically skilled threat actors. CyberEye's persistence mechanisms, anti-analysis features, and use of public messaging platforms for C2 make it a significant threat to both consumers and enterprises.

CyberEye is a modular Remote Access Trojan (RAT) developed using the .NET framework, notable for its use of Telegram as a Command and Control (C2) channel. This design choice allows attackers to leverage a public messaging platform, eliminating the need to maintain dedicated C2 infrastructure, thereby increasing operational stealth and reducing costs. The RAT provides extensive surveillance and data theft capabilities, including keylogging to capture keystrokes, file grabbing to exfiltrate files, and clipboard hijacking to intercept copied data. It also harvests sensitive credentials such as browser-stored passwords, Wi-Fi keys, gaming profiles, and session information from various applications, enabling broad access to victim data. 

CyberEye employs advanced defense evasion techniques, notably disabling Windows Defender via PowerShell scripts and registry modifications, which complicates detection and removal. Its persistence mechanisms ensure the malware remains active across system reboots, while anti-analysis features hinder reverse engineering and forensic investigations. The RAT builder framework allows adversaries to customize payloads, lowering the technical barrier for less skilled threat actors to deploy sophisticated malware. The use of Telegram for C2 communications (leveraging techniques mapped to MITRE ATT&CK techniques such as T1102.002) also helps evade traditional network-based detection methods. Overall, CyberEye represents a versatile and stealthy threat capable of extensive data exfiltration and system control, targeting both consumer and enterprise Windows environments.

Detailed information about Understanding CyberEYE RAT Builder: Capabilities and Implications. Get real-time updates, technical details, and mitigation strategie

Understanding CyberEYE RAT Builder: Capabilities and Implications - Live Threat Intelligence - Threat Radar | OffSeq.com

Understanding CyberEYE RAT Builder: Capabilities and Implications

As artificial intelligence (AI) surges into mainstream adoption, millions of users turn daily to AI-powered tools for content creation—from generating art and music to transforming photos into videos. But amid this excitement, cybercriminals have uncovered a potent new lure: fake AI platforms promising cutting-edge content generation in exchange for user uploads.

The Noodlophile stealer is a newly identified malware strain distributed through fake AI-powered video generation platforms. As AI content creation tools gain popularity, cybercriminals exploit user trust by offering fraudulent services that promise advanced video generation capabilities in exchange for user uploads. These fake platforms serve as a lure to deliver the Noodlophile stealer, which is an infostealer malware designed to harvest sensitive information from infected systems. The malware is linked to multiple attack techniques including credential theft, remote access capabilities, and worm-like propagation features. It is implemented in Python and leverages social engineering tactics such as malicious Word documents and fake AI platform downloads (e.g., VideoLumaAI.zip, Creation_Luma.zip) to infect victims. The malware employs techniques identified by MITRE ATT&CK such as T1036 (Masquerading), T1204 (User Execution), T1041 (Exfiltration Over C2 Channel), T1503 (Steal Application Access Token), T1539 (Steal Web Session Cookie), and T1055 (Process Injection). Once executed, it can steal credentials, session cookies, and potentially establish remote access to compromised systems. The malware distribution is facilitated via URLs hosted on various IP addresses and domains mimicking legitimate AI content creation services. Although no known exploits in the wild have been reported, the malware’s use of social engineering and common user behaviors (downloading AI tools, opening documents) increases its infection potential. The presence of worm-like capabilities suggests it may propagate within networks, increasing its impact. The malware hashes and URLs provide indicators of compromise for detection and response efforts.

MD5 of 18c14dcfb9a54c5359026a5fcbdb3e4ba6ced2628a9cd9ae589baedbb29beaa6

SHA1 of 18c14dcfb9a54c5359026a5fcbdb3e4ba6ced2628a9cd9ae589baedbb29beaa6

Detailed information about New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms. Get real-time updates, technical details, and mitigation 

New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms - Live Threat Intelligence - Threat Radar | OffSeq.com

New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms

The article discusses updates to the OtterCookie malware utilized by the North Korea-linked attack group WaterPlum. The malware has evolved through four versions, with v3 and v4 being the focus. OtterCookie v3 introduced Windows support and enhanced file collection capabilities. Version 4 added new Stealer modules for credential theft, improved virtual environment detection, and modified clipboard stealing methods. The malware now targets various file types, including those related to cryptocurrencies, and has sophisticated methods for stealing browser credentials. The continuous updates to OtterCookie demonstrate WaterPlum's active development efforts, posing an ongoing threat to financial institutions and cryptocurrency operators worldwide.

OtterCookie is a malware family actively developed and deployed by the North Korea-linked threat actor WaterPlum. The malware has evolved through at least four versions, with versions 3 and 4 introducing significant enhancements. OtterCookie v3 expanded its platform support to include Windows systems and improved its file collection capabilities, enabling it to harvest a broader range of sensitive data. Version 4 further advanced the malware's capabilities by integrating new Stealer modules specifically designed for credential theft, including sophisticated methods for stealing browser credentials and clipboard data. The clipboard stealing functionality was modified to evade detection and capture cryptocurrency-related information effectively. Additionally, OtterCookie v4 improved its ability to detect virtualized environments, a common technique used by analysts to study malware, thereby increasing its chances of evading sandbox analysis and persisting in victim environments. The malware targets a variety of file types, with a particular focus on those related to cryptocurrencies, reflecting WaterPlum's strategic interest in financial gain through theft from cryptocurrency operators and financial institutions. The malware communicates with command and control infrastructure via domains such as alchemy-api-v3.cloud, chainlink-api-v3.cloud, modilus.io, and moralis-api-v3.cloud, which may masquerade as legitimate services to avoid detection. Despite no known public exploits in the wild, the continuous updates and active development of OtterCookie demonstrate WaterPlum's commitment to maintaining and enhancing this threat, posing an ongoing risk to targeted organizations globally, especially those in the financial and cryptocurrency sectors.

Detailed information about Additional Features of OtterCookie Malware Used by WaterPlum. Get real-time updates, technical details, and mitigation strategies.

Additional Features of OtterCookie Malware Used by WaterPlum - Live Threat Intelligence - Threat Radar | OffSeq.com

Additional Features of OtterCookie Malware Used by WaterPlum

A spear phishing campaign targeting Polish entities has been observed, exploiting the CVE-2024-42009 vulnerability in Roundcube to steal user credentials. The campaign, attributed to UNC1151, involves sending emails with malicious JavaScript that installs a Service Worker in the victim's browser. This worker intercepts login attempts and sends credentials to the attackers. The exploit allows code execution when an email is opened. A new vulnerability, CVE-2025-49113, has also been discovered in Roundcube, potentially creating a more effective attack chain. The attackers use harvested credentials to analyze mailboxes, download address books, and spread further phishing messages. Organizations using Roundcube are advised to update their installations and review logs for indicators of compromise.

The threat involves a spearphishing campaign attributed to the threat actor UNC1151 targeting Polish entities by exploiting a known vulnerability in the Roundcube webmail client, specifically CVE-2024-42009. Roundcube is a widely used open-source webmail solution, often deployed by organizations for email access. The attack vector leverages malicious JavaScript embedded in spearphishing emails that, when opened, execute code allowing the installation of a Service Worker in the victim's browser. This Service Worker operates stealthily to intercept login attempts to Roundcube, capturing user credentials and transmitting them to attacker-controlled infrastructure. The campaign exploits the ability to execute code upon email opening, bypassing traditional security controls that rely on user interaction beyond opening the message. Additionally, a newly discovered vulnerability, CVE-2025-49113, in Roundcube may be chained with CVE-2024-42009 to create a more effective and persistent attack vector, potentially increasing the scope and impact of the campaign. After credential theft, UNC1151 uses the compromised accounts to analyze mailboxes, extract address books, and propagate further phishing emails internally, facilitating lateral movement and expanding their foothold within targeted organizations. The campaign's technical details include the use of advanced tactics such as service worker abuse (T1059.007), credential access (T1078), and spearphishing (T1566.001). Indicators of compromise include specific IP addresses, domains, URLs, and file hashes linked to the campaign. Organizations running Roundcube installations are urged to update their software promptly and conduct thorough log reviews for signs of compromise, such as unusual service worker registrations or unexpected login patterns.

Detailed information about UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign. Get real-time updates, technical details, and mit

UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign - Live Threat Intelligence - Threat Radar | OffSeq.com

UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign

Russian government-backed threat group COLDRIVER has developed a new malware called LOSTKEYS, capable of stealing files and system information. The group targets high-profile individuals, NGOs, and former intelligence officers through credential phishing and malware delivery. LOSTKEYS is delivered through a multi-step infection chain, starting with a fake CAPTCHA and involving PowerShell commands. The malware evades detection in VMs and uses a substitution cipher for decoding. COLDRIVER's primary goal is intelligence collection for Russia's strategic interests, targeting Western governments, militaries, journalists, and Ukraine-related individuals. The group has been linked to hack-and-leak campaigns in the UK and against NGOs.

COLDRIVER is a Russian government-backed advanced persistent threat (APT) group that has developed a new malware family named LOSTKEYS. This malware is designed primarily for espionage and intelligence collection, targeting Western governments, militaries, journalists, NGOs, and individuals connected to Ukraine. The infection vector begins with credential phishing campaigns that lure victims into interacting with a fake CAPTCHA page. This initial step is part of a multi-stage infection chain that ultimately delivers the LOSTKEYS malware payload. The malware leverages PowerShell commands for execution, enabling it to operate stealthily within Windows environments. LOSTKEYS employs anti-analysis techniques such as evading detection in virtual machines (VMs) and uses a substitution cipher to decode its payload, complicating detection and analysis efforts. Once active, LOSTKEYS collects sensitive documents and system information, facilitating data exfiltration aligned with COLDRIVER's strategic intelligence objectives. The group has a history of hack-and-leak operations, notably against UK targets and NGOs, underscoring its focus on high-value Western entities. Indicators of compromise include specific malicious domains (e.g., cloudmediaportal.com, njala.dev) and numerous file hashes associated with the malware components. The tactics, techniques, and procedures (TTPs) used by COLDRIVER align with MITRE ATT&CK techniques such as credential phishing (T1566), PowerShell execution (T1059.001), data theft (T1005), and command and control communications (T1071). The malware’s stealth features and targeted approach highlight a sophisticated threat actor focused on long-term intelligence gathering rather than immediate disruption.

MD5 of e7b6bfbfb6e496e57ceaba00fabe7df1d6b5061c

MD5 of 94bfd6fba2dec53a4df9b815d1f7dc150b37d4af

MD5 of 0ac32fd4e6ef96163084fdb09d05e1ae7124e6d9

MD5 of 56b0d6d7fb81b77c0713361f0b95994d19414bf1

MD5 of bd907c2512facbeef31d4e683828dfece01849e2

MD5 of ff9824395c18e1cf70960862654eb0a8b012eeaa

MD5 of de2e039c69f6f4f5af23d4eac2d3235e2ce4f20c

SHA256 of ff9824395c18e1cf70960862654eb0a8b012eeaa

SHA256 of de2e039c69f6f4f5af23d4eac2d3235e2ce4f20c

SHA256 of bd907c2512facbeef31d4e683828dfece01849e2

SHA256 of 94bfd6fba2dec53a4df9b815d1f7dc150b37d4af

SHA256 of e7b6bfbfb6e496e57ceaba00fabe7df1d6b5061c

SHA256 of 0ac32fd4e6ef96163084fdb09d05e1ae7124e6d9

SHA256 of 56b0d6d7fb81b77c0713361f0b95994d19414bf1

Detailed information about COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs. Get real-time updates, technical details, and mitigatio

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs - Live Threat Intelligence - Threat Radar | OffSeq.com

COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs

A sophisticated phishing campaign has been identified that leverages Google Apps Script to create a false sense of security. The attack begins with an email masquerading as an invoice, containing a link to a webpage hosted on Google's trusted environment. When clicked, the link redirects to a fake invoice page, followed by a fraudulent login window designed to capture credentials. The use of Google's domain (script.google.com) adds credibility to the scam, making it more likely for users to fall victim. Once credentials are entered, they are transmitted to the attacker, and the user is redirected to a legitimate Microsoft login page to avoid suspicion. This technique demonstrates how threat actors are exploiting trusted platforms to make their attacks more convincing and effective.

This phishing campaign exploits Google Apps Script to conduct highly convincing credential theft attacks. The attack starts with a phishing email that impersonates an invoice notification, containing a link hosted on script.google.com, a trusted Google domain. By leveraging Google Apps Script, attackers create a webpage within Google's infrastructure, which inherently benefits from the trust users place in Google's domains and security. When a user clicks the link, they are redirected to a fake invoice page designed to appear legitimate. Subsequently, the victim encounters a fraudulent login prompt mimicking a Microsoft login interface. This step is critical as it captures the user's credentials under the guise of a trusted Microsoft authentication page. After credentials are submitted, the data is transmitted to the attacker-controlled infrastructure, specifically linked to the IP 167.250.5.66 and the domain solinec.com, which are indicators of compromise. To avoid raising suspicion, the user is then redirected to the genuine Microsoft login page, making the entire interaction appear seamless and legitimate. The campaign cleverly combines social engineering, domain spoofing, and the abuse of trusted cloud platforms to bypass traditional security filters and user skepticism. The use of Google Apps Script allows the attacker to host malicious content on a domain that is less likely to be blocked by email or web filters, increasing the likelihood of successful exploitation. This attack aligns with multiple MITRE ATT&CK techniques such as T1566 (Phishing), T1539 (Steal Web Session Cookie), T1185 (Man-in-the-Middle), T1528 (Steal Credentials), T1204 (User Execution), T1534 (Internal Spearphishing), and T1056 (Input Capture). The campaign does not require exploiting software vulnerabilities but relies heavily on social engineering and the exploitation of user trust in cloud platforms and well-known brands.

Detailed information about Behind the Script: Unmasking Phishing Attacks Using Google Apps Script. Get real-time updates, technical details, and mitigation stra

Behind the Script: Unmasking Phishing Attacks Using Google Apps Script - Live Threat Intelligence - Threat Radar | OffSeq.com

Behind the Script: Unmasking Phishing Attacks Using Google Apps Script

A new Go-based Linux botnet named PumaBot has been identified targeting IoT devices, particularly surveillance systems. It brute-forces SSH credentials using lists from a C2 server, then deploys itself and establishes persistence. The malware disguises itself as legitimate system files, creates systemd services, and adds SSH keys for backdoor access. It also includes components for credential theft and system monitoring. The botnet demonstrates sophisticated evasion techniques and aims for long-term access to compromised devices.

PumaBot is a newly identified Linux-based botnet written in Go, specifically targeting IoT surveillance devices. It primarily compromises devices by brute-forcing SSH credentials using credential lists retrieved from a command and control (C2) server. Once access is gained, PumaBot deploys itself onto the device, establishing persistence by disguising its components as legitimate system files and creating systemd services. It also adds SSH keys to maintain backdoor access, enabling long-term control. The malware includes modules for credential theft and system monitoring, allowing attackers to harvest sensitive information and maintain situational awareness of the compromised environment. PumaBot employs sophisticated evasion techniques to avoid detection, including masquerading as trusted system components and leveraging legitimate Linux service management mechanisms. The botnet’s focus on IoT surveillance devices is notable, as these devices often have weak security configurations and are widely deployed in both private and public sectors. The attack chain involves initial brute-force SSH login attempts (MITRE ATT&CK T1110), reconnaissance of system information (T1082), credential access (T1552.001), persistence via systemd service creation (T1547.006, T1543.002), and evasion tactics (T1562.004, T1036.004). PumaBot’s modular design and use of Go language facilitate cross-platform compatibility and ease of deployment across diverse Linux-based IoT devices. Indicators of compromise include multiple domain names linked to C2 infrastructure and numerous file hashes associated with the malware components. No known public exploits exist yet, but the botnet’s capabilities and stealthy persistence mechanisms pose a significant threat to IoT device ecosystems.

Detailed information about PumaBot: Novel Botnet Targeting IoT Surveillance Devices. Get real-time updates, technical details, and mitigation strategies.

PumaBot: Novel Botnet Targeting IoT Surveillance Devices - Live Threat Intelligence - Threat Radar | OffSeq.com

PumaBot: Novel Botnet Targeting IoT Surveillance Devices

A sophisticated campaign using typo-squatted 'Spectrum' domains has been uncovered, spreading a new Atomic macOS Stealer (AMOS) variant. The attack, disguised as a CAPTCHA verification, employs dynamic payloads based on the victim's operating system. For macOS users, a malicious shell script steals system passwords and downloads an AMOS variant. The script uses native macOS commands to harvest credentials, bypass security, and execute malicious binaries. Russian-language comments in the source code suggest involvement of Russian-speaking cybercriminals. The campaign's delivery sites show flawed logic, indicating hasty assembly. This multi-platform social engineering attack targets both consumer and corporate users, highlighting an increasing trend in cross-platform threats.

This threat involves a sophisticated cyber campaign leveraging typo-squatted domains mimicking legitimate 'Spectrum' branded sites to distribute a new variant of the Atomic macOS Stealer (AMOS). The attackers use social engineering techniques, presenting victims with a fake CAPTCHA verification to trick them into executing malicious payloads. The campaign dynamically delivers payloads tailored to the victim's operating system, with a focus on macOS users. For macOS, the attack employs a malicious shell script that utilizes native macOS commands to harvest system passwords and credentials, bypass security controls, and download and execute the AMOS stealer variant. The presence of Russian-language comments in the source code indicates involvement by Russian-speaking threat actors. Despite the campaign's sophistication, some delivery site logic flaws suggest it was assembled hastily. This multi-platform attack targets both consumer and corporate users, reflecting an emerging trend of cross-platform threats that combine social engineering, credential theft, and dynamic payload delivery. Indicators of compromise include several suspicious domains such as applemacios.com and spectrum-ticket.net, which are used to host or deliver the malicious content. The attack techniques correspond to several MITRE ATT&CK tactics and techniques including credential dumping (T1555), command and scripting interpreter use (T1059), and user execution (T1204). No known exploits are currently reported in the wild, but the campaign's dynamic nature and social engineering components increase its potential reach and effectiveness.

Detailed information about AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers. Get real-time updates

AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers - Live Threat Intelligence - Threat Radar | OffSeq.com

AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers

This analysis explores the connections between two Phishing-as-a-Service (PhaaS) platforms: Tycoon2FA and Dadsec. The investigation reveals shared infrastructure and operational similarities, suggesting a common origin or adaptation. The report details the evolving tactics of Tycoon2FA, including its use of Cloudflare Turnstile, anti-analysis techniques, and sophisticated phishing pages. Key findings include the rapid expansion of Tycoon2FA's infrastructure, with thousands of new phishing pages detected since July 2024. The analysis also uncovers the platform's advanced features, such as MFA bypass capabilities and real-time credential interception. The report emphasizes the growing threat posed by PhaaS platforms and the need for continued vigilance and adaptation in cybersecurity defenses.

The threat detailed in this report centers on two interconnected Phishing-as-a-Service (PhaaS) platforms: Tycoon2FA and Dadsec. These platforms provide cybercriminals with turnkey phishing infrastructure, enabling rapid deployment of sophisticated phishing campaigns without requiring deep technical expertise. The analysis reveals shared infrastructure and operational tactics between Tycoon2FA and Dadsec, indicating either a common origin or one platform adapting techniques from the other. Tycoon2FA has notably evolved its capabilities by integrating Cloudflare Turnstile, an anti-bot and anti-abuse mechanism, to evade automated detection and analysis tools. It also employs advanced anti-analysis techniques to hinder forensic investigation and automated defenses. The platform hosts thousands of phishing pages, rapidly expanding since July 2024, targeting multi-factor authentication (MFA) mechanisms with bypass capabilities and real-time credential interception. This enables attackers to capture not only user credentials but also session tokens and MFA codes, facilitating account takeover. The phishing pages are highly sophisticated, mimicking legitimate login portals and leveraging adversary-in-the-middle (AITM) tactics to intercept authentication flows. The threat actor group associated with these platforms is identified as Storm-1575, known for targeting financial and enterprise credentials. Indicators of compromise include domains such as 704movers.com, americanwealthllc.com, and a Russian domain srciek0t8a31dz4.o4dnumvbqy.ru, which are used as phishing infrastructure. The threat leverages multiple MITRE ATT&CK techniques, including credential dumping, scripting, obfuscation, and command and control via web protocols, highlighting a complex and adaptive attack methodology. Overall, this PhaaS ecosystem represents a significant escalation in phishing sophistication, emphasizing the need for dynamic and layered defense strategies.

Detailed information about PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations. Get real-time updates, technical details, and mitigatio

PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations - Live Threat Intelligence - Threat Radar | OffSeq.com

PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations

A malicious campaign utilizing VenomRAT, a Remote Access Trojan, is analyzed. The attackers use a fake Bitdefender download website to spread malware, including VenomRAT, StormKitty, and SilentTrinity. These tools work together to provide initial access, steal credentials, and maintain long-term hidden access. The campaign's infrastructure includes multiple command and control servers and phishing sites impersonating banks and IT services. The analysis reveals the attackers' focus on harvesting financial credentials and crypto wallets while establishing persistent access for potential exploitation or sale. This campaign highlights the growing trend of sophisticated, modular malware built from open-source components, posing a significant threat to everyday internet users.

The analyzed threat is a malware campaign leveraging VenomRAT, a Remote Access Trojan (RAT), distributed via a fake Bitdefender download website. The campaign also employs additional malware components such as StormKitty and SilentTrinity, which are modular, open-source tools that collectively facilitate initial access, credential theft, and persistent, stealthy control over infected systems. The attackers utilize phishing sites impersonating banks and IT service providers to harvest sensitive financial credentials and cryptocurrency wallet information. The campaign infrastructure includes multiple command and control (C2) servers, enabling attackers to maintain long-term access and potentially exploit or sell compromised systems. VenomRAT and its associated tools use a variety of techniques mapped to MITRE ATT&CK tactics and techniques, including credential dumping (T1003.001), input capture (T1056.001), masquerading (T1036.005), user execution via phishing (T1204.002, T1566.002), persistence mechanisms (T1543.003, T1547.001), and obfuscation (T1027). The malware is distributed through URLs and domains mimicking legitimate security software downloads, increasing the likelihood of user interaction and infection. Indicators of compromise include multiple IP addresses linked to C2 infrastructure, malicious URLs, and file hashes for detection. The campaign exemplifies the growing sophistication of modular malware built from open-source components, posing a significant threat to both individual users and organizations by enabling credential theft, data exfiltration, and persistent unauthorized access.

MD5 of e33b8b32bccfb50f604f06a306d1af89ae7b0d583bca20c41fa5811f526aa420

MD5 of 59a08decb8b960b65afe4d5446ef0e00e3a49ab747599b5ee6e7d43813040287

SHA1 of 59a08decb8b960b65afe4d5446ef0e00e3a49ab747599b5ee6e7d43813040287

SHA1 of e33b8b32bccfb50f604f06a306d1af89ae7b0d583bca20c41fa5811f526aa420

MD5 of 4541fd01a19f1e484f24eff86f42ac36ea9b30686fd405ca0a50f3e517657a61

MD5 of 7c3a49906e67a1928113554ff75f684ee54ab74abcf26ac1211d0cd8726cb086

MD5 of 72b7856f3c6851a36642e952b4fb772b9ea0a6a4075c2ed4b59e60cb922f82e3

MD5 of 68f6ff2543066ec8028d9bc101a17a60c47b693bdc0ee4d6167f17d5d4921ab9

MD5 of eb2b61a5f15b19bf7dd0ff3914d3019c26499dd693647b00c1b073037db72e35

MD5 of f0e479cf0dadc7f7d1f999e091b013d236f2c7959591a6b1268ba31b89442ec6

MD5 of ab81ceeb26e22a7c6981a8479cccaa184675ad194b83e447185a1ce42abfbcb0

MD5 of 2d3dc51e6752c4fe95b2b7928ed11b5e06c6a68d19b7d884ab2c8eaab97d4e07

SHA1 of 72b7856f3c6851a36642e952b4fb772b9ea0a6a4075c2ed4b59e60cb922f82e3

SHA1 of ab81ceeb26e22a7c6981a8479cccaa184675ad194b83e447185a1ce42abfbcb0

SHA1 of 7c3a49906e67a1928113554ff75f684ee54ab74abcf26ac1211d0cd8726cb086

SHA1 of eb2b61a5f15b19bf7dd0ff3914d3019c26499dd693647b00c1b073037db72e35

SHA1 of f0e479cf0dadc7f7d1f999e091b013d236f2c7959591a6b1268ba31b89442ec6

SHA1 of 68f6ff2543066ec8028d9bc101a17a60c47b693bdc0ee4d6167f17d5d4921ab9

SHA1 of 2d3dc51e6752c4fe95b2b7928ed11b5e06c6a68d19b7d884ab2c8eaab97d4e07

SHA1 of 4541fd01a19f1e484f24eff86f42ac36ea9b30686fd405ca0a50f3e517657a61

Detailed information about Inside a VenomRAT Malware Campaign. Get real-time updates, technical details, and mitigation strategies.

Title	Severity	Type	Source	Date

Threats Tagged 'credential theft'

Filter Threats

Threats Tagged 'credential theft'