Introduction Cuba ransomware is a ransomware family that has been
regularly observed since its first discovery in 2020. The ransomware
family has been associated with numerous groups including UNC2596
(tracked by Mandiant) and Tropical Scorpius (trac...
Introduction Raspberry Robin is a worm transferred via USB drive that
connects to primarily external QNAP devices (C2) to download and execute
malicious payloads. This worm uses msiexec.exe to connect to its C2
server using an HTTP requests and downl...
Introduction MedusaLocker ransomware was first identified in 2019, and
several variants have continued to emerge in recent years. The
MedusaLocker ransomware appears to operate as a Ransomware-as-a-Service
(RaaS), where other bad actors can use to de...
Description A new group of ransomware operators calling themselves
'Mindware' emerged in the last quarter of 2021 and are reportedly
responsible for a number of ransomware/extortion attacks across the
globe. This group targets a broad range of indust...
Introduction In early March CERT-UA identified a spear-phishing campaign
targeting government organizations within Ukraine that results in the
deployment of the open-source backdoor ‘MicroBackdoor’. CERT-UA
attributed this campaign to UAC-0051/UNC115...