An increase in the Bagle activity

We’ve just released detection for Trojan-Downloader.Win32.Small.cgx and Email-Worm.Win32.Bagle.fg. Samples of these have just appeared on a number of websites which most likely indicates upcoming Bagle activity during the next hours.

MD5s for these two are:

ce61b0e6d81fc51d9b4d5d81311f1bde – Trojan-Downloader.Win32.Small.cgx
35bdca59203212a44de95369238e4e50 – Email-Worm.Win32.Bagle.fg

An increase in the Bagle activity

Your email address will not be published.



Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox