Threats Tagged 'tightvnc'
View all threats tagged with 'tightvnc'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'tightvnc'
Click on any threat for detailed analysis and mitigation recommendations
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack 0 The Warlock ransomware group has enhanced its attack chain with improved methods for persistence, lateral movement, and evasion. Their updated toolset includes TightVNC, Yuze, and a persistent BYOVD technique exploiting the NSec driver. The group's primary targets were technology, manufacturing, and government sectors, with the US, Germany, and Russia being the most affected countries. Warlock continues to exploit unpatched Microsoft SharePoint servers for initial access, and has expanded its post-exploitation toolkit. New additions include TightVNC for persistent remote access, Yuze for establishing SOCKS5 connections, and a BYOVD technique using the NSecKrnl.sys driver to terminate security products. The group also leverages Velociraptor, VS Code tunnels, and Cloudflare Tunnel for C&C communications. Join the discussion | AlienVault OTX General | 03/16/2026, 11:01:03 UTC Added: 03/16/2026, 18:57:30 UTC |
From Dream Job to Malware: DreamLoaders in Recent Campaign 0 The Lazarus group is conducting a sophisticated malware campaign called DreamJobs, deploying modular loaders known as DreamLoaders to deliver various payloads. These loaders include a trojanized TightVNC client, DLL sideloaders such as TSVIPSrv.dll, and other components designed to stealthily extract administrator credentials. The malware authenticates to Microsoft tenants, retrieves SharePoint URLs, and loads encrypted payloads, leveraging legitimate system binaries and encrypted communications to evade detection. The campaign targets organizations’ administrative accounts to gain persistent access and exfiltrate sensitive data. The modular and flexible architecture of DreamLoaders allows the attackers to adapt payloads dynamically. No known exploits are publicly reported yet, but the campaign’s complexity and stealth techniques pose a significant threat. European organizations using Microsoft cloud services and remote administration tools like TightVNC are at risk. Mitigation requires advanced detection of sideloading and anomalous authentication behaviors. The threat is assessed as medium severity due to the need for initial access and the targeted nature of the attack. Join the discussion | AlienVault OTX General | 10/27/2025, 10:10:41 UTC Added: 10/27/2025, 10:43:45 UTC |
MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access 0 A sophisticated phishing campaign targeting Japanese users employs MostereRAT, a Remote Access Trojan that utilizes advanced evasion techniques. The attack chain involves multiple stages, including an Easy Programming Language (EPL) payload, security tool disabling, and mTLS-secured C2 communications. The malware can deploy popular remote access tools like AnyDesk and TightVNC, granting attackers full system control. It employs techniques such as running as TrustedInstaller, blocking AV traffic, and creating hidden administrator accounts. The campaign's complexity and use of legitimate tools make detection and prevention challenging, highlighting the importance of user education and up-to-date security solutions. Join the discussion | AlienVault OTX General | 09/09/2025, 04:48:36 UTC Added: 09/09/2025, 11:40:31 UTC |
Showing 1 to 3 of 3 results