Product
GreyVibe Targets Ukraine with AI-Generated Lures and Custom Malware
2 rules 8 TTPsThe likely Russian-aligned GreyVibe group is targeting Ukrainian organizations with AI-generated lures delivered via spear-phishing and malicious websites, deploying custom malware such as PhantomRelay, LegionRelay, and FallSpy to exfiltrate sensitive data.
WantToCry Ransomware Exploits SMB for Remote Encryption
2 rules 2 TTPsThe WantToCry ransomware exploits exposed SMB services via brute-force for initial access, then exfiltrates files for remote encryption, rewriting the encrypted files to the original locations, demanding ransom payments from $400 to $1,800.
SHub macOS Infostealer Variant 'Reaper' Spoofing Apple Security Updates
3 rules 5 TTPs 3 IOCsA new variant of the 'SHub' macOS infostealer, dubbed Reaper, uses AppleScript to display a fake security update message and install a backdoor, ultimately stealing browser data, financial documents, and cryptocurrency wallet information while bypassing Terminal-based mitigations in macOS.