PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer. Since our previous investigation, we keep tracking the malware to map its ecosystem and delivered payloads. Starting from this tria.ge submission, we recognized a now familiar first payload, namely PrivateLoader. However, the dropped stealer was not part of our stealer growing collection, notably including RedLine or Raccoon. Eventually SEKOIA.IO realised it was a new undocumented stealer, known as RisePro. This article aims at presenting SEKOIA.IO RisePro information stealer analysis.
Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.
Traffers are responsible for redirecting user traffic to malicious content (malware, fraud, phishing, scam) exploited by other threat actors.
SEKOIA.IO presents its Ransomware threat landscape for the first semester of 2022, with the following key points:
Vice Society is a little-known double extortion group that exfiltrates its victims' data and threatens its victims to leak their information.
You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware.
At first glance, Lapsus$ check marks all elements that would make researchers put them in the low priority threats, especially considering their readiness to make dramas and OpSec failures. Except that the group has successfully managed to significantly enrich its victim list with high profile corporations, thus drawing all our attention.
In the following, we will describe the threat actor profile that was drawn by our investigations based either on OSINT, dark web or infrastructure analysis.
