Lucene search
K

12 matches found

ThreatPost
ThreatPost
added 2022/02/15 10:31 p.m.154 views

SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming

SquirrelWaffle – the newish malware loader that first showed up in September – once again got its scrabbly little claws into an unpatched Microsoft Exchange server to spread malspam with its tried-and-true trick of hijacking email threads. That’s the same-old, same-old, as in, a SquirrelWaffle...

8.9AI score
Exploits0References16
The Hacker News
The Hacker News
added 2022/01/13 2:6 p.m.19 views

Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly...

2.6AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/12/17 12:0 a.m.10 views

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign...

3.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/12/13 8:10 a.m.20 views

Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan

Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to proactively detect and block the threat in an effective manner. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a...

0.8AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/12/03 12:0 a.m.14 views

This Week in Security News - December 3, 2021

This week, learn about how Squirrelwaffle utilized ProxyLogon and ProxyShell to hack email chains. Also, read on a recent data breach of the Los Angeles Planned Parenthood Network...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2021/11/22 7:26 p.m.271 views

Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws

Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say. What’s still under discussion: whether the offensive is delivering SquirrelWaffle, the new email loader tha...

10CVSS10AI score0.99999EPSS
Exploits78References39
The Hacker News
The Hacker News
added 2021/11/22 11:47 a.m.460 views

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...

10CVSS9.4AI score0.99999EPSS
Exploits78
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/11/19 12:0 a.m.16 views

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/28 7:59 a.m.14 views

New Wslink Malware Loader Runs as a Server and Executes Modules in Memory

Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it run...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/10/27 1:47 p.m.31 views

Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike

A new spam email campaign has emerged as a conduit for a previously undocumented malware loader that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads on compromised systems. "These infections are also used to facilitate the delivery of...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2021/10/27 7:26 a.m.18 views

SQUIRRELWAFFLE Leverages malspam to deliver Qakbot, Cobalt Strike

By Edmund Brumaghin, Mariano Graziano and Nick Mavis. Executive summary Recently, a new threat, referred to as "SQUIRRELWAFFLE" is being spread more widely via spam campaigns, infecting systems with a new malware loader. This is a malware family that's been spread with increasing regularity and...

4.5AI score
Exploits0
ThreatPost
ThreatPost
added 2021/10/26 10:25 p.m.20 views

SquirrelWaffle Loader Malspams, Packs Qakbot, Cobalt Strike

SquirrelWaffle, a new malware loader, is mal-spamming malicious Microsoft Office documents to deliver Qakbot malware and the penetration-testing tool Cobalt Strike – two of the most common threats regularly observed targeting organizations around the world. Cisco Talos researchers said on Tuesday...

7.6AI score
Exploits0References10
Rows per page
Query Builder