Threatland Report – H2 2023
The second half of 2023 saw a significant increase in cyber-attacks aimed at stealing data and demanding ransoms in exchange for restoring affected systems. Swascan’s SOC and Threat Intelligence Team conducted an in-depth analysis on ransomware, malware and phishing scenarios, providing a detailed picture of emerging threats and evolving trends. Numerous ransomware campaigns were observed […]
DISCOVER MOREChatGPT Ransomware: analysis of the source code
With the advent of new technologies based on artificial intelligence and virtual assistants, some tasks have been automated and made faster. However, since the emergence of the concept of AI and virtual assistants, the risk that artificial intelligence may also satisfy dangerous, harmful and unethical queries rose. An example could be a request for information […]
DISCOVER MOREVenomRAT & RemcosRAT: february 2024 update
Between January and February 2024, the following configurations of VenomRAT and RemcosRAT and the process killing library RumpeDLL were found uploaded to the host 45.XX.XX.XX From 23 January 2024 onwards, uploads and modification timestamps of RAT malware configuration files uploaded to the distribution host can be seen. This distribution session is subsequent to the article […]
DISCOVER MOREBotnet & Infostealers: Financial Threat Landscape 2023
Botnets pose a significant and insidious threat. Their resistant nature to mitigation efforts makes them particularly dangerous. Through analysis by Swascan’s Cyber Security Team, not only have botnets that have directly affected Italian financial sector assets been identified, but also those that may have infected personal devices or those used by employees in remote work […]
DISCOVER MOREBiBi Wiper: malware analysis
Important elements of the analysis: Introduction BiBi Wiper is a “destructive” malware used in the Israel-Hamas conflict by activists of the Sunni terrorist group. As of 30 October 2023, the threat has also been infecting Unix operating systems, although a more widely used variant is also Windows, which is analyzed in this article. The artefact, […]
DISCOVER MORETemu: Android analysis
Temu is a new e-commerce application, available for Windows, Android and iOS, which allows the purchase of various products at very low prices. Several concerns and fears about data security and user privacy emerged after the publication of the analysis prepared by GlizzlyReports
DISCOVER MOREVenomRAT Darknet: malware analysis
In the present analysis a malware sample of VenomRAT obtained from a Darknet forum, which only allows the download of source code and compiled samples if there is a reaction to the post by a user.
DISCOVER MOREXWorm Darknet: malware analysis
In the present analysis, a malware sample XWorm obtained from a Darknet forum was considered, which only allows the download of source code and compiled samples if there is a reaction to the post by a user.
DISCOVER MOREPowrprof.dll library: malware analysis
In this analysis, the library powrprof.dll was taken in consideration, which is identified by OSINT sources mainly due to heuristic and behavioural detections and machine learning algorithm
DISCOVER MORECactus Ransomware: malware analysis
Important elements of the analysis: Introduction Cactus Ransomware is a new threat, first identified in March 2023, with some special characteristics. It is distributed in compromised infrastructures mainly using certain Fortinet VPN vulnerabilities as an attack vector, allowing unauthorized access. The main feature of this ransomware is the auto-encryption, so the encryption of the ransomware […]
DISCOVER MORE