Threat Research

 View Only

Search Community

Latest Discussions

  • It should be the case that, if you have those libraries present on a managed endpoint, it will show in the "Vulnerabilities" page, and you should be able to search there by CVE ID.

  • Good morning and thanks everyone for the support, a few days ago, a malicious file changed its reputation from "Not Listed" to "Known Malware", after removing it we didn't see weird connections from svchost.exe process anymore. Thanks everyone again!



Recent Shared Files List Add

  • Posted in: Threat Research

  • volt typhoon

    Posted in: Threat Research

Unanswered Threads

  • Posted in: Threat Research

    krb.exe from GitHub - ShorSec/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). #Other

  • Profile Picture

    volt typhoon

    Posted in: Threat Research

    Product:windows Description of attack: APT Mitigation steps: upload IOC Any additional information https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/ # ...

Latest Blog Posts

  • Threat Analysis Unit - Threat Intelligence Notification Title: Sussy Ransomware Summary Sussy ransomware is seen using the RAR vulnerability CVE-2023-38831 to infect the users. Upon infection it removes volume shadow copies, making ...

    5 people recommend this.
  • Threat Analysis Unit - Threat Intelligence Notification Title: DoNex Ransomware Summary DoNex ransomware was first discovered in March 2024 . It has recently been seen in the wild targeting European and U.S. companies. The ransomware has ...

    2 people recommend this.