Resources

State-sponsored Cybercrime
[UNC1151] Operational Insight Report

UNC1151 is an organizational group that tends to distribute malware through phishing emails with malicious attachments to compromise governments' communication systems, and gather data to misuse in ongoing Information Operation (IO) campaigns. Our PTI team investigated the UNC1151 campaigns and publishing new data and insights on the inner works of...

Financial Crime
[TA505] TA505 Group's TeslaGun In-Depth Analysis

TA505 is a financially motivated threat group that has been active since 2014. The group frequently changes its malware attack strategies in response to global cybercrime trends. It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on. This report provides insight int...

Organized Cyber-Crime
[WS] Wizard Spider Group In-Depth Analysis

The PRODAFT Threat Intelligence (PTI) team has assembled this report to provide in-depth knowledge about Wizard Spider. This report provides unprecedented visibility into the structure, background, and motivations of Wizard Spider. We’ve obtained command statistics, target country statistics, command execution patterns, and other information on...

Ransomware
[PYSA] Ransomware Group In-Depth Analysis

The group behind PYSA ransomware has earned notoriety for targeting government agencies, educational institutions, and the healthcare sector. The group is known to carefully research high-value targets before launching its attacks, compromising enterprise systems and forcing organizations to pay large ransoms to restore their data. They are listed...

Ransomware
[CONTI] Ransomware Group In-Depth Analysis

PRODAFT Threat Intelligence (PTI) Team has obtained valuable insights on the inner workings of the Conti ransomware group. The PTI team accessed Conti’s infrastructure and identified the real IP addresses of the servers in question. This report provides unprecedented detail into the way the Conti ransomware gang works, how they select their targets...

Financial Crime
[SOLARMARKER] In-Depth Analysis Report

The PRODAFT Threat Intelligence (PTI) team has assembled this report to provide in-depth knowledge about Solarmarker malware and the threat actors behind it. Solarmarker is a multipurpose backdoor first discovered sometime around September 2020. This report brings new, exclusive information about Solarmarker C2 infrastructure to the publi...

Mobile Botnet
[TODDLER] Mobile Banking Botnet Analysis Report

Starting from the second half of 2020, PRODAFT Threat Intelligence ("PTI") team witnessed a rising trend of mobile banking malware attacks against the European countries; primarily targeting customers of banking institutions based in Spain, Germany, Switzerland, and Netherlands. Toddler is considered to be an important example of this trend in term...

Ransomware
[LOCKBIT] Behind The Lines of LockBit R.a.a.S.

PRODAFT Threat Intelligence (also known as "PTI") Team has analyzed critical LockBit ransomware infrastructure and gained in-depth knowledge about the threat actors who operate LockBit ransomware. The PTI team was able to decrypt most of the LockBit victims and uncovered the inner workings of a semi-automated R.a.a.S. platform. Our report includes...

Cyber Espionage
[SILVERFISH] Global Cyber Espionage Campaign Case Report

The PRODAFT Threat Intelligence (PTI) Team has uncovered a global cyber-espionage campaign, which has strong ties with the SolarWinds attack and the EvilCorp. Victims include dozens of Fortune500 companies, a three letter US organization, and various ministries/departments (from the U.S. and the E.U.) which have previously admitted being breache...

Mobile Botnet
[FLUBOT] New Massive Mobile Malware Ring Targeting Europe

PRODAFT Threat Intelligence (also known as "PTI") Team has just uncovered a massive banking malware operation which primarily targets banking users in Spain. According to our findings, this new operation (referred as "FluBot") sets a new precedent of spreading methods and DGA implementations. Currently, the malware has collected more than -11 Mil...