The Updated APT Playbook: Tales from the Kimsuky threat actor group

Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains constant. As part of this process, we routinely identify evolving tactics from...

ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks

A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...

BlueNoroff introduces new methods bypassing MoTW

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...

How to use vhd-util to Scan for Orphaned or Bad VHD Files

This article details how to use vhd-util to scan for Orphaned/Bad VHD Files. Requirements CLI connection to XenServer host, preferably through an SSH client Basic CLI command usage grep, less, tail LVM, EXT, or NFS storage type...

How to introduce a new SMB SR path to a already existing SR with same SR-UUID in xenserver

Sometimes we may need to change the IP of the SMB share where VHD files are stored. This article will help in changing the SR parameters without changing the UUID of the Storage repository...