T1490 – D E C E I V E R . I O

Hunt 4 Zloader Trojan – DNS Tunneling

Attackers are using hidden files and directories to evade detection and maintain persistence within the environment.

Hunt for Termite

The threat actor gains initial access, likely via phishing or exploitation, then moves laterally to encrypt files on the network.

Engage Report: Termite Ransomware

The Termite ransomware attempts to delete all Shadow Copies on the victim’s machine by executing the vssadmin.exe process with the necessary arguments. This is done to prevent the victim from recovering their system to a state before the files were encrypted.

Threat Hunting Report: CyberVolk

The CyberVolk group is actively developing and deploying ransomware, potentially targeting organizations based on geopolitical motivations.

CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks

T1566 – CyberVolk has been observed utilizing phishing emails and LinkedIn messages to distribute malicious links to targets.

T1490 – The ransomware terminates processes associated with Microsoft Management Console (MMC) or Task Manager.

T1486 – The ransomware displays a payment screen with a decryption timer and payment details, including BTC and USDT options. The ransom amount is set to $1000.00, and the timer is set to 5 hours.

Tag: T1490

Hunt 4 Zloader Trojan – DNS Tunneling

Hunt for Termite

Engage Report: Termite Ransomware

Threat Hunting Report: CyberVolk

CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense