Threat Research

    KongTuke FileFix Leads to New Interlock RAT Variant

    We’ve discovered a new, resilient variant of the Interlock ransomware group’s remote access trojan (RAT), now rewritten in PHP rather than JavaScript (previously known as NodeSnake). This version has been actively used in a widespread campaign linked to the LandUpdate808 (aka KongTuke) threat clusters since May 2025....
    7/14/2025  0
    Read More »

    FileFix - Suspicious Child Process from Browser File Upload Abuse

    Identifies potentially suspicious subprocesses, such as LOLBINs, that are launched by web browsers. This behavior may indicate the use of the "FileFix" social engineering technique, in which victims are deceived into opening File Explorer through a browser-based phishing page and unknowingly pasting malicious commands into the address bar....
    6/30/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.