The PRODAFT Threat Intelligence (PTI) team has assembled this report to provide in-depth knowledge about Wizard Spider. This report provides unprecedented visibility into the structure, background, and motivations of Wizard Spider. We’ve obtained command statistics, target country statistics, command execution patterns, and other information on...
May 16, 2022 15:22
The group behind PYSA ransomware has earned notoriety for targeting government agencies, educational institutions, and the healthcare sector. The group is known to carefully research high-value targets before launching its attacks, compromising enterprise systems and forcing organizations to pay large ransoms to restore their data. They are listed...
April 13, 2022 17:55
PRODAFT Threat Intelligence (PTI) Team has obtained valuable insights on the inner workings of the Conti ransomware group. The PTI team accessed Conti’s infrastructure and identified the real IP addresses of the servers in question. This report provides unprecedented detail into the way the Conti ransomware gang works, how they select their targets...
November 18, 2021 09:57
The PRODAFT Threat Intelligence (PTI) team has assembled this report to provide in-depth knowledge about Solarmarker malware and the threat actors behind it. Solarmarker is a multipurpose backdoor first discovered sometime around September 2020. This report brings new, exclusive information about Solarmarker C&C infrastructure to the...
October 28, 2021 10:43
Starting from the second half of 2020, PRODAFT Threat Intelligence ("PTI") team witnessed a rising trend of mobile banking malware attacks against the European countries; primarily targeting customers of banking institutions based in Spain, Germany, Switzerland, and Netherlands. Toddler is considered to be an important example of this trend in term...
July 16, 2021 09:01
PRODAFT Threat Intelligence (also known as "PTI") Team has analyzed critical LockBit ransomware infrastructure and gained in-depth knowledge about the threat actors who operate LockBit ransomware. The PTI team was able to decrypt most of the LockBit victims and uncovered the inner workings of a semi-automated R.a.a.S. platform. Our report includes...
June 18, 2021 10:42
The PRODAFT Threat Intelligence (PTI) Team has uncovered a global cyber-espionage campaign, which has strong ties with the SolarWinds attack and the EvilCorp. Victims include dozens of Fortune500 companies, a three letter US organization, and various ministries/departments (from the U.S. and the E.U.) which have previously admitted being breache...
June 17, 2021 22:31
PRODAFT Threat Intelligence (also known as "PTI") Team has just uncovered a massive banking malware operation which primarily targets banking users in Spain. According to our findings, this new operation (referred as "FluBot") sets a new precedent of spreading methods and DGA implementations. Currently, the malware has collected more than -11 Mil...
March 2, 2021 19:35
This report is based on an analysis of the Brunhilda dropper service which is detected by The PRODAFT Threat Intelligence (PTI) Team. Brunhilda is a dropper service that utilizes the Google Play Store to distribute various malware. While cybercrimegroups tend to start operating as MaaS businesses, currently there is an upward trend of DaaS (Drop...
November 14, 2020 23:56