Threat Research

    10 Things I Hate About Attribution: RomCom vs. TransferLoader

    RomCom vs. TransferLoader highlights two related cybercriminal operations. TA829 conducts espionage and cybercrime using tools based on the legacy RomCom backdoor. A highly similar campaign, using a new loader and backdoor called TransferLoader, is linked to a separate cluster named UNK_GreenSec....
    7/1/2025  0
    Read More »

    Technical Analysis of TransferLoader

    TransferLoader is a newly identified malware loader active since February 2025, comprising a downloader, loader, and backdoor module. It was observed deploying Morpheus ransomware at a U.S. law firm. The malware uses heavy obfuscation to hinder analysis and enables remote command execution. Its backdoor leverages IPFS as a fallback for C2 updates....
    5/16/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.