THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Cybersec Customer Success 26/April/2022 Information Security: Policies for Clean Desks and Screens Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Intelligence 22/October/2021 Cobalt Strike: Infrastructure Analysis In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals
Intelligence 10/June/2021 An overview of the main WhatsApp scams and ways to protect yourself WhatsApp cloning still is one of the biggest applied scam
Intelligence 09/December/2020 New Vadokrist Trojan campaign uses Pix as phishing bait The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub
Intelligence 01/October/2019 Phishing campaign spreads malware to Facebook users in Brazil and Mexico Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence 17/September/2019 Research identifies tool used to extract and manipulate email attachments Offered in social networks, tool also allows to validate email credentials
Intelligence 19/November/2018 Dodge game: a story about document fraud It is a job that depends essentially on digital resources
THREAT INTELLIGENCE 10/April/2024 Understanding Ransomware-as-a-Service operations from an affiliate’s perspective Affiliates are individuals or subgroups responsible for conducting intrusions into corporate networks, using as part of their arsenal resources provided by one or more ransomware operations to which they may be linked
THREAT INTELLIGENCE 15/February/2023 Use of Google Ads and SEO Poisoning for malware dissemination Tempest's Threat Intelligence team has identified in the last 3 months a significant increase in the adoption of Google Ads and SEO Poisoning techniques for the dissemination of several threats, most notably IcedID, Gootkit Loader and the Rhadamanthys, Vidar, Raccoon and RedLine stealers
THREAT INTELLIGENCE 20/December/2022 New Chaes campaign uses Windows Management Instrumentation Command-Line Utility Tempest's Threat Intelligence team recently identified a new campaign by the Chaes malware operators, in which there's a heavy use of Windows Management Instrumentation Command-Line Utility (WMIC) during the infection phase and in the theft of victim data
THREAT INTELLIGENCE 02/May/2022 Mekotio banking trojan identified in a new campaign against Brazilian account holders The Trojan, which supposedly originated in Brazil, has divided its infection process into multiple stages in order to make the work of malware analysts more difficult
Cybersec Customer Success 26/April/2022 Information Security: Policies for Clean Desks and Screens Information security (IS) is directly related to protecting a set of information, in the sense of preserving the value it holds for an individual or an organization
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Intelligence 22/October/2021 Cobalt Strike: Infrastructure Analysis In a recent review, we described and offered pointers on the most common configurations of this tool, which is one of the most used by criminals
Intelligence 10/June/2021 An overview of the main WhatsApp scams and ways to protect yourself WhatsApp cloning still is one of the biggest applied scam
Intelligence 09/December/2020 New Vadokrist Trojan campaign uses Pix as phishing bait The threat affects customers of major Brazilian banks, using the DLL Injection technique in its infection process and misusing GitHub
Intelligence 01/October/2019 Phishing campaign spreads malware to Facebook users in Brazil and Mexico Sponsored ads offered discount coupons to distribute a malicious Chrome extension, among other threats
Intelligence 17/September/2019 Research identifies tool used to extract and manipulate email attachments Offered in social networks, tool also allows to validate email credentials
Intelligence 19/November/2018 Dodge game: a story about document fraud It is a job that depends essentially on digital resources
