Links submitted by the Threat Radar community and AI curated for defenders.

Community Curated

CVE Database V5

AlienVault OTX General

Real-world exploitation and exposure telemetry from the OffSeq Mirage honeypot fleet and Sonar internet scans — which CVEs attackers are actually exploiting and which are exposed in the wild, plus attacker IoCs. All IPs are masked; no raw victim or sensor identity is ever published.

OffSeq Mirage

Bleeping Computer

SANS ISC Handlers Diary

SecurityWeek

Threatpost

Reddit ExploitDev

Latest exploits, shellcode, and vulnerability proofs-of-concept from Exploit-DB

Exploit-DB RSS Feed

Reddit ThreatIntel

Reddit BlueTeam

Reddit Reverse Engineering

Reddit Malware

Reddit Cybersecurity

Reddit NetSec

ThreatFox MISP Feed

CIRCL OSINT Feed

NCSC UK

GCP Compute Engine Security

GCP Kubernetes Security

AWS Security Bulletins

CERT/CC

Tenable Research

Google Project Zero

Microsoft Security Blog

Cisco Talos

Zero Day Initiative

Palo Alto Unit 42

Krebs on Security

Kaspersky Security Blog

Check Point Research

GCVE Database

Reddit InfoSec News

The Hacker News

Dark Reading

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

JVN Japan

A global phishing campaign targets business functions with emails carrying malicious Excel attachments that initiate a multi-stage infection chain when macros are enabled.
The attack uses layered obfuscation, including HTA scripts, PowerShell, encoded payloads, and steganography in PNG files, to deliver and execute Remote Access Trojans such as Remcos and AsyncRAT in a largely fileless manner.
It achieves scale and persistence through high variability, automation, disposable infrastructure, and consistent patterns that help evade detection despite relatively simple techniques.

This campaign targets business functions worldwide through phishing emails containing malicious Excel attachments. When macros are enabled, the attachments trigger a multi-stage infection chain that uses heavy obfuscation methods, including HTA scripts, PowerShell commands, encoded payloads, and steganography embedded in PNG images, to deliver AsyncRAT and Remcos Remote Access Trojans. The attack is designed to be largely fileless, enhancing stealth and persistence. The campaign uses automation and disposable infrastructure to scale and evade detection despite using relatively simple techniques.

e6faa8d9189b089d38c728bec9e02b709346650796503807b928e5b0c0a680f9

SHA1 of 0b47f8d79e37ebec7edd2333ab70caa1e3e710b310b8201c5447820886ce8d49

MD5 of 0b47f8d79e37ebec7edd2333ab70caa1e3e710b310b8201c5447820886ce8d49

MD5 of 5e17e44fe2ef3e44904a65bfc787ddb9a5109350ce9636f4470f765e7f6fb1ec

MD5 of a136fce65870643b187eada0d60d8b338a9f4d20762b2a550cadf03597f68017

MD5 of e6faa8d9189b089d38c728bec9e02b709346650796503807b928e5b0c0a680f9

MD5 of c92c8d5ea7e0e05e0f19fabd4111731ef4b9e7d5e0b028797e23481b6afde212

MD5 of eb5ec9fca46e31da933f3a52aed3e483aec25e59c7540b89740fbe6dc19b0bc8

MD5 of ef00251d4b7f56bf3a08afc6fbbbef268de470fb6d387e1c72909999a3b2c652

MD5 of 7ffd8ab8cad744263a4f16c8e96da8b8c38818b480dbeaec91e4224ac70b7ec1

MD5 of f4d6b2437e33500195e3e1607704ffb7b544c2dd8f2333ed06d42d625b7a7f8d

MD5 of 248da1553ce35bb6c499a660fcd92bde6e3545b56b65b63308e7b7630f376bfc

MD5 of ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606

MD5 of 256f595afb005303a693fe26a03f9fce6d47b225bfc2300e418f5f80a89089d2

MD5 of bb551faff31c0a2c073b8a8cde34b41b6aed6e3aa7ca190e4764fdbc037be2c3

MD5 of c63b921b71be21eb964f085fa9d39dd720b183174ad40ec195b09b62f5ad2581

SHA1 of ef00251d4b7f56bf3a08afc6fbbbef268de470fb6d387e1c72909999a3b2c652

SHA1 of 248da1553ce35bb6c499a660fcd92bde6e3545b56b65b63308e7b7630f376bfc

SHA1 of a136fce65870643b187eada0d60d8b338a9f4d20762b2a550cadf03597f68017

SHA1 of bb551faff31c0a2c073b8a8cde34b41b6aed6e3aa7ca190e4764fdbc037be2c3

SHA1 of 5e17e44fe2ef3e44904a65bfc787ddb9a5109350ce9636f4470f765e7f6fb1ec

SHA1 of f4d6b2437e33500195e3e1607704ffb7b544c2dd8f2333ed06d42d625b7a7f8d

SHA1 of ee4f710c68bc2214febeb0127ccb5e111e1a4d01f6d4503efd22a88fb1464606

SHA1 of e6faa8d9189b089d38c728bec9e02b709346650796503807b928e5b0c0a680f9

SHA1 of eb5ec9fca46e31da933f3a52aed3e483aec25e59c7540b89740fbe6dc19b0bc8

SHA1 of 7ffd8ab8cad744263a4f16c8e96da8b8c38818b480dbeaec91e4224ac70b7ec1

SHA1 of c92c8d5ea7e0e05e0f19fabd4111731ef4b9e7d5e0b028797e23481b6afde212

SHA1 of c63b921b71be21eb964f085fa9d39dd720b183174ad40ec195b09b62f5ad2581

SHA1 of 256f595afb005303a693fe26a03f9fce6d47b225bfc2300e418f5f80a89089d2

Detailed information about AsyncRAT and Remcos delivered in an optimistic campaign. Get real-time updates, technical details, and mitigation strategies.

Threats Tagged 'heavy obfuscation'

Stop chasing alerts. Route them.

Check if your credentials are on the dark web

Filter Threats

Threats Tagged 'heavy obfuscation'

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility