Musaab Faisal

Threat OverviewInitial Attack VectorThe attackers distribute malicious RAR archive files across multiple platforms, often embedded with:• Decoy documents (to create legitimacy)• Malicious LNK files (shortcut files)• Batch scripts that decode and execute the payloadThese LNK files, when clicked, initiate a multi-stage infection chain, culminating in the in-memory execution of a Cobalt Strike beacon.________________________________________Tactics, Techniques, and […]

Executive SummarySecurity researchers have uncovered a sophisticated espionage campaign conducted by the Arid Viper APT (Advanced Persistent Threat) group, deploying a multistage Android spyware named AridSpy. The campaign primarily targets users in Egypt and Palestine, though it has impacted over 113,000 unique victims globally. The malware is distributed through trojanized applications masquerading as legitimate services,

Executive SummaryIn January 2025, new reports emerged detailing Pegasus spyware deployments leveraging zero-click vulnerabilities in WhatsApp. Despite previous patches, sophisticated threat actors continue to exploit unknown or adapted vulnerabilities to compromise high-profile targets, such as government officials and business executives. This report analyzes the attack methodology, the vulnerabilities exploited, and recommendations for mitigating such threats.

Overview: Funksec, also known as Funklocker, is a ransomware group that emerged in late 2024. The group has targeted multiple organizations, employing sophisticated techniques to encrypt data, disrupt operations, and extort victims. Once systems are infiltrated, the ransomware encrypts files and appends them with a “.funksec” extension. Victims are presented with a ransom note demanding payment

OverviewFirst uncovered in August 2016 by MalwareMustDie, the Mirai botnet is a significant threat targeting Linux-based devices and IoT systems, including IP cameras, routers, and other embedded devices. The botnet’s name, “Mirai,” meaning “future” in Japanese, highlights its enduring relevance in the cybersecurity landscape. Mirai spreads by exploiting devices with weak or default credentials, integrating

Overview NetWalker is a notorious ransomware group that emerged in late 2019, gaining infamy for its sophisticated double extortion tactics. This group encrypts victim data and exfiltrates sensitive information, leveraging the threat of public exposure to coerce ransom payments. NetWalker’s operations reveal a high level of technical expertise and adaptability, making it a persistent threat