Threats Tagged 't1560'
View all threats tagged with 't1560'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 't1560'
Click on any threat for detailed analysis and mitigation recommendations
From Invoice to AnyDesk: Uncovering a Phishing Campaign Targeting Russian Aerospace Organizations 0 A spear-phishing campaign attributed to the Rare Werewolf group targets Russian aerospace and aviation organizations. The attack uses fraudulent emails impersonating a Russian aerospace research institute, delivering password-protected archives with malicious installers. It abuses legitimate tools such as AnyDesk, Blat, WinRAR, and Tray Minimizer to establish persistent remote access. The campaign configures portable AnyDesk for unattended access with a predefined password, exfiltrates configuration data via SMTP, and maintains persistence through scheduled tasks. The operators conceal their presence by minimizing the AnyDesk interface and removing forensic artifacts. This campaign aligns with previous Rare Werewolf activity targeting strategic sectors in Russia, Belarus, and Kazakhstan. Join the discussion | AlienVault OTX General | 07/09/2026, 11:27:09 UTC Added: 07/09/2026, 13:04:37 UTC |
Threat Actors Weaponizing RAR Archives to Target Thailand's Healthcare Sector 0 An active malware campaign is targeting Thailand's healthcare sector, including Ministry of Health personnel and affiliated organizations. The operation leverages healthcare-themed spear-phishing lures distributed through malicious RAR archives containing obfuscated batch scripts and executable payloads. The infection chain employs multiple stages of obfuscation, GitHub-hosted payload delivery, and persistence mechanisms. The final payload is a Python-based information stealer designed to harvest browser credentials, session data, and cookies, with exfiltration attempts through Telegram Bot API. The campaign demonstrates sophisticated tradecraft including Rouki-obfuscated batch loaders, Startup folder persistence, and bundled Python interpreters. Active operational window spans from April to June 2026, with all samples uploaded from Thailand. Join the discussion | AlienVault OTX General | 06/19/2026, 14:27:26 UTC Added: 06/22/2026, 09:24:35 UTC |
Gamers beware: malicious wallpapers on Steam found stealing accounts 0 Since late 2025, cybercriminals have been exploiting Wallpaper Engine, a popular live wallpaper application on Steam, to distribute malware through Steam Workshop. Attackers target primarily Chinese and Russian gamers by embedding malicious code within application wallpapers shared on the platform. These compromised wallpapers deliver various malware types including infostealers, backdoors, crypto miners, and ransomware. One analyzed sample dropped DarkKomet backdoor while hijacking Steam sessions to steal account credentials. The malware modifies system libraries to locate Steam installations and exfiltrate data to attacker-controlled servers. Compromised accounts are then used to upload additional malicious wallpapers. The diverse malware families suggest multiple independent hacking groups are exploiting this distribution method. Infected wallpapers received thousands of downloads before removal, with 89% of infections occurring in China. Join the discussion | AlienVault OTX General | 06/16/2026, 09:50:13 UTC Added: 06/16/2026, 11:30:21 UTC |
Showing 1 to 3 of 3 results