STOCKSTAY: Turla’s .NET Backdoor for Cyber Espionage
STOCKSTAY is a multi-component .NET backdoor attributed to the Russian state-sponsored threat actor Turla. It uses a secure WebSocket connection for C2…
Category: Malware
Malware families, payloads, loaders, ransomware and related tooling.
Kazuar: Turla’s Staple Implant
Kazuar is a staple implant used by the Russian state-sponsored threat actor Turla since 2017. It shares significant code and functional overlaps…
JDY Botnet: Covert Reconnaissance Network Expanding to 1,500+ Devices
The JDY botnet is a covert network of compromised SOHO and IoT devices used for targeted scanning and service fingerprinting. It has…
China-Linked JDY Botnet Expands to Over 1,500 Devices for Cyber Reconnaissance
Cybersecurity researchers at Lumen's Black Lotus Labs have identified a significant expansion of the JDY botnet, a covert network linked to China-nexus…
SPECTRALVIPER Backdoor Analysis
SPECTRALVIPER is a backdoor used by OceanLotus, first documented by Elastic Security Labs in June 2023. It is deployed via DLL side-loading,…
FireAnt Metakit Software Platform
FireAnt Metakit is a popular software platform used by stock investors in Vietnam. It was compromised in a supply chain attack by…
ZiChatBot Malware Family
ZiChatBot is a previously unknown malware family discovered by Kaspersky on PyPI, delivered via malicious packages and linked to OceanLotus through dropper…
SOUNDBITE — Malware profile
SOUNDBITE was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
PHOREAL — Malware profile
PHOREAL was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…
WINDSHIELD — Malware profile
WINDSHIELD was identified as a relevant cybersecurity entity in recently ingested reporting. This profile is generated so related cyber news, CVEs, malware,…