Remcos was originally produced in 2016 as a legitimate software by BreakingSecurity for managing Windows systems remotely. Remcos has been classified as a remote access trojan (RAT) because threat actors widely use it to perform malicious campaigns. Remcos is usually delivered by phishing emails, and it allows attackers to secretly take full control of infected […]
Daolpu is a malware that steals sensitive information from infected Windows endpoints. This malware was first seen in July 2024, after CrowdStrike distributed a legitimate update to its Falcon product that caused widespread disruptions to Windows systems running this product. Due to this update, roughly 8.5 million Windows systems crashed and were unable to reboot […]
Mint Stealer is a Python-based malware that steals data from web browsers, cryptocurrency wallets, VPN clients, mail clients, game applications, and more. Mint Stealer is sold as a malware-as-a-service (MaaS), designed to covertly exfiltrate sensitive information from infected Windows endpoints to a command and control (C2) server. Mint Stealer uses encryption and obfuscation techniques to […]
STRRAT is a Java-based remote access trojan (RAT) that provides threat actors with full remote control of infected Windows endpoints. STRRAT focuses on stealing credentials from browsers and email clients like Microsoft Edge, Google Chrome, Mozilla Firefox, Microsoft Outlook, Mozilla Thunderbird, and Foxmail. It also steals credentials by recording keystrokes of infected endpoints.
Our new blog post shows how we successfully use Wazuh to detect Vidar infostealer on an infected Windows endpoint.
Our new blog post shows how to use Suricata integration with Wazuh to detect a DHCP starvation attack.
Amadey is a malware that steals sensitive information from infected Windows endpoints. This malware was first discovered in 2018 and has maintained a persistent botnet infrastructure since then. It has the capability to download additional malware from a command and control (C2) server on the infected endpoints. The malware sends stolen information to a remote […]
Amazon Elastic Container Registry (ECR) is an Amazon Web Services (AWS) managed container image registry service that stores, shares, and deploys container images. Amazon ECR provides an image scanning feature that uses the Common Vulnerabilities and Exposure (CVEs) database from the open source Clair project to detect vulnerabilities in container images. AWS provides a template […]
AWS Managed Microsoft Active Directory (AD) is an AWS Directory Service that provides users, businesses, and organizations different options to use Microsoft Active Directory (AD) with other AWS services. AWS Managed Microsoft AD stores information about users, groups, and devices, and system administrators use this Directory Service to manage access to this information. AWS Managed […]
PostgreSQL is an open source, highly stable database management system that uses several features to securely store and scale data workloads. PostgreSQL is supported by major operating systems such as Linux, macOS, Microsoft Windows, FreeBSD, OpenBSD, and Solaris. It is primarily used by users, organizations, and businesses to store data for mobile applications, websites, analytics […]
We are thrilled to announce the release of Wazuh 4.8.0. This update introduces a rework of the Wazuh Vulnerability Detector module and improvements to the Wazuh dashboard user interface (UI) and user experience (UX). It includes updates to the VirusTotal integration and the MITRE ATT&CK database among others. Key highlights Redesigned Vulnerability Detector module The […]
Please make sure that all words are spelled correctly.