Introduction ThunderShell is an open source[1] Remote Access Tool (RAT)
that has been reportedly used as part of various campaigns since at
least March 2022. Variants of ThunderShell are also tracked as Parcel
RAT[2], SMOKEDHAM[3] and WorkersDevBackd...
Introduction RansomHub is a cybercriminal ransomware/extortion group
which emerged in February 2024 and was first reported in same month. The
group operate a ransomware as a service (RaaS) business model and offer
use of their self-named ransomware t...
Introduction On 21 February 2024 two critical vulnerabilities in the
ScreenConnect were released on NVD. ScreenConnect is software for remote
desktop and access software from company ConnectWise. The first was
CVE-2024-1708[1] which is path-traversal...
Introduction Faust ransomware is a recent variant of the Phobos
ransomware family. Phobos ransomware group operate through a ransomware
as a service (RaaS) model and started their operations as early as 2018.
The group is known to instigate and sprea...
Introduction Pikabot is an advanced loader malware recently used by
threat actor ‘Water Curupira’[1]. Researchers have identified
similarities between Qakbot and Pikabot[2] with Pikabot appearing to
replace Qakbot. As a result of this changeover ther...