Blog

Taking your threat intelligence seriously

Unveiling Sharp Panda’s New Loader

Checkpoint recently published a report on Sharp Panda, mentioning an extension of its victimology as well as the utilization of a new dropper to deploy the 5.t framework. To avoid confusion with other vendors naming, Checkpoint decided to rename Sharp Panda to Sharp Dragon. Associated in open sources to China, this intrusion set is mostly…
Lire la suite

Analysis of Sarwent loader: Old ways die hard

A few days ago, I saw a tweet from malware C2 hunter Viriback (kudos for all your great work) mentioning the Sarwent loader. This malware appeared at least in 2018 and was notably used in a campaign reported by Talos using Amnesty International as lure in 2021. Since I had never worked on this malware…
Lire la suite

Exploring MadMxShell’s Infrastructure: Rapid Pivoting for Actionable Insights

In a great blog post, Xscaler revealed a recent campaign targeting IT professionals via Google maldvertising in order to distribute a new backdoor named « MadMxShell ». In this campaign, the attackers registered domains mimicking the names of well-known IP scanners to lure their victims into downloading a zip archive containing a legitimate executable that sideloads a…
Lire la suite