Threat Research

    Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs

    The intrusion began in September 2024 via a malicious EarthTime installer that deployed SectopRAT and connected to its C2 server. Persistence was established by moving the file and adding a Startup shortcut, followed by creating a local admin account. The actor deployed SystemBC, accessed the host via RDP, ran discovery commands, and performed a DCSync attack....
    9/9/2025  0
    Read More »

    Fake Zoom Ends in BlackSuit Ransomware

    The threat actor gained initial access via a fake Zoom installer, deploying d3f@ckloader and IDAT loader to drop SectopRAT. After nine days, SectopRAT delivered Cobalt Strike and Brute Ratel, enabling lateral movement through remote services and RDP. To facilitate RDP movement, the attacker used QDoor, a malware with proxy capabilities....
    4/1/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.