Lunar Spider Expands their Web via FakeCaptcha

Key Findings Lunar Spider has expanded its initial access methods by compromising vulnerable websites, particularly in Europe, using Cross-Origin Resource Sharing (CORS) vulnerabilities. These websites are then injected with a FakeCaptcha framework. The FakeCaptcha framework is introduced via a JavaScript script that generates an iframe, overlaying the original site's content with the attacker's FakeCaptcha page. … Continue reading Lunar Spider Expands their Web via FakeCaptcha →

Shedding Light on PoisonSeed’s Phishing Kit

Key Findings: NVISO identified and analyzed the MFA-resistant phishing kit employed by the threat actor PoisonSeed, which is loosely aligned with Scattered Spider and CryptoChameleon. This kit is still active as of the time of reporting. PoisonSeed uses this phishing kit to acquire credentials from individuals and organizations, leveraging them for email infrastructure purposes such … Continue reading Shedding Light on PoisonSeed’s Phishing Kit →

Hunting for Remote Management Tools

In today's digital landscape, Remote Management and Monitoring (RMM) tools have become indispensable for organizations seeking to streamline IT operations, enhance productivity, and ensure seamless remote support. However, within our threat hunting and incident response engagements we often see that these tools, while beneficial, can also pose significant security risks if not properly managed. This … Continue reading Hunting for Remote Management Tools →

IcedID & Qakbot’s VNC Backdoors: Dark Cat, Anubis & Keyhole

In this post we introduce Dark Cat, Anubis and Keyhole, three IcedID & Kakbot VNC backdoor variants NVISO observed. We'll follow by exposing common TTPs before revealing information leaked through the attackers' clipboard data.

Visualizing MISP Threat Intelligence in Power BI – An NVISO TI Tutorial

In this blog we will explain how to use the functionality of Power BI to visualize your MISP data in a interactive and useful way.

Hunting Emotet campaigns with Kusto

Introduction Emotet doesn't need an introduction anymore - it is one of the more prolific cybercriminal gangs and has been around for many years. In January 2021, a disruption effort took place via Europol and other law enforcement authorities to take Emotet down for good. [1] Indeed, there was a significant decrease in Emotet malicious … Continue reading Hunting Emotet campaigns with Kusto →