Cyber alerts

101 results

April 2020

Published Thursday 30 April 2020 (12:00) (updated 29 June 2021)

Lockbit Ransomware

Lockbit is a ransomware-as-a-service (RaaS) tool offered through Russian-speaking hacking forums and dark web sites. It has recently undergone rapid changes to incorporate functionality from more well-known RaaS tools such as Sodinokibi and Maze, potentially to compete commercially with these tools.

CC-3435 Low

Published Thursday 23 April 2020 (12:00) (updated 29 June 2021)

CoronaLocker Trojan

CoronaLocker is a newly observed trojan apparently designed to inconvenience users instead of causing damage.

CC-3425 Low

Published Friday 17 April 2020 (12:00) (updated 29 June 2021)

Dark Nexus IoT Botnet

Dark Nexus (stylised as dark_nexus) is a newly observed botnet for use in distributed denial-of-service (DDoS) attacks. It can target a wide variety of Internet-of-Things (IoT) microarchitectures including ARM, MIPS, PowerPC, and x86; and seems to contain large amounts of Mirai and Qbot code.

CC-3418 Low

Published Thursday 2 April 2020 (12:00) (updated 29 June 2021)

Vollgar Cryptocurrency Botnet

Vollgar is a botnet that has targeted Microsoft SQL database servers since 2018.

March 2020

CC-3406 Information only

Published Wednesday 25 March 2020 (12:00) (updated 29 June 2021)

Redline Stealer Trojan

Redline Stealer is a newly observed .NET-based information stealing trojan sold through a number of hacking forums.

CC-3408 Medium

Published Wednesday 25 March 2020 (12:00) (updated 29 June 2021)

BlackNET Remote Access Trojan

First observed in February 2019, BlackNET is a remote access trojan written in PHP, .NET, and Python. At the time of publication, BlackNET's source code is available through Github, with its author making no attempts to disguise its malicious nature.

CC-3399 Low

Published Thursday 19 March 2020 (12:00) (updated 10 January 2022)

CoronaVirus Ransomware

First observed February 2020, CoronaVirus is a ransomware tool. Despite it's name, it appears to have little relation to the COVID-19 pandemic

CC-3398 Low

Published Thursday 19 March 2020 (12:00) (updated 29 June 2021)

PXJ Ransomware

PXJ, also known as XVFXGW, is ransomware first observed in early 2020.

CC-3395 Medium

Published Thursday 19 March 2020 (12:00) (updated 29 June 2021)

Crimson Remote Access Trojan

Crimson is a remote access trojan (RAT) developed using the .NET platform and used by the APT36 advanced persistent threat group.

CC-3401 Medium

Published Thursday 19 March 2020 (12:00) (updated 10 January 2022)

GuLoader Downloader

First observed in December 2019, GuLoader is a VB6-based downloader trojan. Despite its age, it has swiftly become popular with threat groups and has been observed in campaigns delivering a number of well-known malware.