Research

Gumblar infection count

We’ve now analyzed more than 600 MB of collected data related to the recent resurrection of the Gumblar threat. Overall, we’ve identified 2000+ Infectors (computers hosting the malicious *.php files and payload) and 76100+ ‘Redirectors’ (computers with links leading back to the malicious sites). Most Infectors are also part of the group of Redirectors, they serve one *.php file and additionally contain the link to another Infector in their own entry page.

(If you’re interested in the structure of the Gumblar threat, my colleague Vitaly gives more details here)

Comparing the stats below with those from a month ago, you can see how the threat has spread and evolved. These latest numbers are a snapshot of November 30th and are continuing to increase steadily.

Gumblar infection count

Your email address will not be published.

 

Reports

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

APT trends report Q2 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox