Search
1000 results for “alien”
-
RemotePE: The Lazarus RAT that lives in memory
A sophisticated memory-only toolset used by a North Korean Lazarus subgroup targeting financial and cryptocurrency organizations consists of three malware families forming a chain. DPAPILoader decrypts and loads RemotePELoader from disk using Windows Data Protection API. RemotePELoader beacons to command-and-control servers and retrieves RemotePE, a fully-fledged remote access trojan executed entirely in memory without filesystem artifacts. The toolset employs environmental keying via DPAPI, EDR evasion through HellsGate technique and ETW patching, actor-in-the-loop payload delivery, and shared hosting infrastructure on Namecheap. RemotePE features comprehensive RAT capabilities including file operations, process management, command execution, and a plugin system for dynamically loading additional payloads, while maintaining persistence through masquerading as legitimate Windows services.
Pulse ID: 6a1447f25db6bc082d5093cb
Pulse Link: https://otx.alienvault.com/pulse/6a1447f25db6bc082d5093cb
Pulse Author: AlienVault
Created: 2026-05-25 13:00:34Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #Edge #InfoSec #Korea #Lazarus #Malware #Namecheap #NorthKorea #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Trojan #Windows #bot #cryptocurrency #AlienVault
-
Laravel Lang Compromised with RCE Backdoor Across 700+ Versions
Community-maintained Laravel Lang packages were compromised with remote code execution backdoors affecting over 700 versions across multiple repositories including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. The attack involved coordinated rapid tag publishing on May 22-23, 2026, suggesting organization-level credential compromise. A malicious helpers.php file was automatically executed via Composer's autoloader, deploying a sophisticated cross-platform information stealer. The second-stage payload systematically harvested credentials from cloud infrastructure, Kubernetes, CI/CD systems, browsers, password managers, cryptocurrency wallets, VPN clients, and local configurations. Stolen data was encrypted and exfiltrated to a command-and-control server. The backdoor employed advanced evasion techniques including TLS verification bypass, per-host execution markers, and embedded Windows executables to bypass Chrome encryption protections.
Pulse ID: 6a1187d92cdbfd79095008cd
Pulse Link: https://otx.alienvault.com/pulse/6a1187d92cdbfd79095008cd
Pulse Author: AlienVault
Created: 2026-05-23 10:56:25Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Browser #Chrome #Cloud #CyberSecurity #Encryption #HTTP #InfoSec #OTX #OpenThreatExchange #PHP #Password #RAT #RCE #RemoteCodeExecution #TLS #VPN #Windows #Word #bot #cryptocurrency #AlienVault
-
Android Trojan Abuses Commercial Rooting Tool and Steals Private Information
Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.
Pulse ID: 6a123f4adef80b0c4d8ccd35
Pulse Link: https://otx.alienvault.com/pulse/6a123f4adef80b0c4d8ccd35
Pulse Author: AlienVault
Created: 2026-05-23 23:59:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault
-
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
The Iranian IRGC-affiliated threat actor Nimbus Manticore launched sophisticated cyber operations during Operation Epic Fury, the US military campaign against Iran beginning February 28, 2026. The campaigns targeted organizations in aviation and software sectors across the United States, Europe, and Middle East using career-themed phishing lures. For the first time, the actor employed SEO poisoning techniques and introduced MiniFast, a previously undocumented backdoor showing signs of AI-assisted development. The operations leveraged AppDomain hijacking and abused legitimate Zoom installer execution flows for malware deployment. The actor demonstrated rapid adaptation capabilities during wartime conditions, maintaining high operational availability while expanding targeting to US-based aviation companies. Multiple campaign waves were observed from February through April 2026, with persistent infrastructure and evolving techniques.
Pulse ID: 6a141fcbde28865faa897cb4
Pulse Link: https://otx.alienvault.com/pulse/6a141fcbde28865faa897cb4
Pulse Author: AlienVault
Created: 2026-05-25 10:09:15Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Europe #IRGC #InfoSec #Iran #Malware #MiddleEast #Military #Nim #OTX #OpenThreatExchange #Phishing #RAT #SEOPoisoning #UnitedStates #Zoom #bot #AlienVault
-
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
A sophisticated multi-stage intrusion began with the compromise of an internet-facing F5 BIG-IP load balancer running an end-of-life version. The threat actor established SSH access to a Linux server using privileged credentials, then conducted extensive reconnaissance including network scanning with Nmap and service enumeration with gowitness. Following horizontal and vertical scanning operations, the actor identified and compromised an unpatched internal Atlassian Confluence server via remote code execution. Credentials extracted from Confluence configuration files were subsequently used to attempt Kerberos relay attacks against Active Directory infrastructure and exploit CVE-2025-33073. The incident demonstrates how edge device compromises enable lateral movement across hybrid environments, bypassing traditional security controls through trusted relationships and exploiting insufficient monitoring of non-Windows systems and internal applications.
Pulse ID: 6a10949191ce7d3c3f2f8105
Pulse Link: https://otx.alienvault.com/pulse/6a10949191ce7d3c3f2f8105
Pulse Author: AlienVault
Created: 2026-05-22 17:38:25Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Atlassian #Confluence #CyberSecurity #Edge #InfoSec #Linux #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Rust #SSH #Windows #bot #AlienVault
-
Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
Cloud Atlas APT group targeted government organizations and commercial companies in Russia and Belarus during late 2025 and early 2026, employing phishing campaigns with malicious ZIP archives containing LNK shortcuts. The attackers deployed multiple backdoors including VBCloud for file theft and PowerShower for network reconnaissance. New tools identified include PowerCloud, which exfiltrates data to Google Sheets, and browser checker utilities. The group established persistence through reverse SSH tunnels, patched OpenSSH binaries, ReverseSocks, and Tor networking. Initial infection vectors included malicious shortcuts executing PowerShell scripts and exploiting CVE-2018-0802 in Microsoft Office. The attackers performed credential theft, RDP manipulation via termsrv.dll patching, and lateral movement across networks while maintaining multiple backup control channels.
Pulse ID: 6a105530af26afbd3752ab81
Pulse Link: https://otx.alienvault.com/pulse/6a105530af26afbd3752ab81
Pulse Author: AlienVault
Created: 2026-05-22 13:08:00Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Belarus #Browser #Cloud #CloudAtlas #CyberSecurity #Google #Government #InfoSec #LNK #Microsoft #MicrosoftOffice #OTX #Office #OpenThreatExchange #Phishing #PowerShell #RAT #RDP #Russia #SSH #ZIP #bot #AlienVault
-
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Unit 42 researchers identified six new remote access Trojan variants deployed by Iran-nexus APT group Screening Serpens between February and April 2026, coinciding with a regional conflict starting February 28, 2026. The group targeted entities in the U.S., Israel, UAE, and other Middle Eastern locations, primarily focusing on technology sector professionals through highly tailored social engineering using personalized recruitment lures. Two new malware families, MiniUpdate and MiniJunk V2, were discovered featuring advanced techniques including AppDomainManager hijacking that manipulates .NET application initialization to disable security mechanisms. The campaigns demonstrated increased technical capabilities and operational resilience, with each variant using dedicated C2 infrastructure hosted on Azure. The attacks leveraged DLL sideloading, scheduled tasks for persistence, and sophisticated evasion techniques to maintain long-term access for espionage purposes.
Pulse ID: 6a109360ffcb2c8229a150c7
Pulse Link: https://otx.alienvault.com/pulse/6a109360ffcb2c8229a150c7
Pulse Author: AlienVault
Created: 2026-05-22 17:33:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Azure #CyberSecurity #Espionage #InfoSec #Iran #Israel #Malware #MiddleEast #NET #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SMS #SideLoading #SocialEngineering #Trojan #UAE #Unit42 #bot #AlienVault
-
Alien life may be missed by current space missions, but AI might help
https://atlas.whatip.xyz/post.php?slug=alien-life-may-be-missed-by-current-space-missions-but-ai-might-help
<p>It’s 2035 and NASA’s Dragonfly quadcopter has been “hopping” around the surface of Saturn’s
#surface #current #missed #alien -
Alien life may be missed by current space missions, but AI might help
https://atlas.whatip.xyz/post.php?slug=alien-life-may-be-missed-by-current-space-missions-but-ai-might-help
<p>It’s 2035 and NASA’s Dragonfly quadcopter has been “hopping” around the surface of Saturn’s
#surface #current #missed #alien -
"Alien Crab" #installation #performance by #patrickjambon aka #turbojambon at Stonenwater and AFI Residency #anyang #seoul #southkorea #2007
https://loops.video/v/fI24OhtSyO -
"Alien Crab" #installation #performance by #patrickjambon aka #turbojambon at Stonenwater and AFI Residency #anyang #seoul #southkorea #2007
https://loops.video/v/fI24OhtSyO -
Warum Ridley Scotts ALIEN einer der radikalsten Filme ist – Von Filmanalyse
https://www.youtube.com/watch?v=Nk8_kBUIvvg
Ridley Scott hat mit „Alien“ einen Klassiker geschaffen, der bis heute schockiert, weil das Werk uns mit dem radikal Anderen in uns und außerhalb von uns konfrontiert. Sigourney Weaver als Offizier Ellen Ripley ist eine moderne Heldin, die erleben muss, dass es die nicht-menschlichen Akteure sind, die eine existenzielle Bedrohung darstellen. Ridley Scott nimmt uns mit in ein Raumschiff, das nicht durch Hochglanz-Ästhetik und futuristisches Design besticht, sondern recht hässlich und noch dazu staubig und ein wenig verdreckt ist.
#Alien #Film #Filmanalyse #Hören #Horror #Kritik #OrteRäume #RidleyScott
