Threat Research

    CRESCENTHARVEST: Iranian Protestors and Dissidents Targeted in Cyberespionage Campaign

    CRESCENTHARVEST is a targeted cyberespionage campaign using protest-themed lures to infect Farsi-speaking individuals with malicious .LNK files disguised as media content. The malware, deployed via DLL sideloading with a signed Google executable, acts as a remote access trojan and information stealer capable of keylogging, command execution, and data exfiltration....
    3/4/2026  0
    Read More »

    Evasive Panda APT Poisons DNS Requests to Deliver MgBot

    The Evasive Panda APT group conducted highly targeted campaigns between November 2022 and November 2024, abusing poisoned DNS responses to deliver its MgBot malware. The attackers leveraged adversary-in-the-middle (AitM) techniques to fetch encrypted malware components from attacker-controlled servers based on victim-specific DNS requests....
    12/30/2025  0
    Read More »

    Potential Python DLL SideLoading

    Identifies possible DLL sideloading involving Python DLL files....
    10/7/2024  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.