OTX Bot<p>Threat actors leverage tax season to deploy tax-themed phishing campaigns</p><p>Microsoft has observed several phishing campaigns using tax-related themes to steal credentials and deploy malware as Tax Day approaches in the United States. These campaigns use redirection methods like URL shorteners and QR codes in malicious attachments, and abuse legitimate services to avoid detection. They lead to phishing pages delivered via RaccoonO365 platform, remote access trojans like Remcos, and other malware such as Latrodectus, BruteRatel C4, AHKBot, and GuLoader. The campaigns target various sectors including engineering, IT, consulting, and accounting firms. Threat actors use social engineering techniques to mislead taxpayers into revealing sensitive information, making payments to fake services, or installing malicious payloads. Microsoft provides detailed mitigation and protection guidance to help users and organizations defend against these tax-centric threats.</p><p>Pulse ID: 67eec31b26a9b5d94190be7d<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67eec31b26a9b5d94190be7d" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67eec</span><span class="invisible">31b26a9b5d94190be7d</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-03 17:19:23</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/GULOADER" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GULOADER</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/Remcos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Remcos</span></a> <a href="https://social.raytec.co/tags/RemoteAccessTrojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteAccessTrojan</span></a> <a href="https://social.raytec.co/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocialEngineering</span></a> <a href="https://social.raytec.co/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trojan</span></a> <a href="https://social.raytec.co/tags/UnitedStates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnitedStates</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
dmv.community is one of the many independent Mastodon servers you can use to participate in the fediverse.
A small regional Mastodon instance for those in the DC, Maryland, and Virginia areas. Local news, commentary, and conversation.
Administered by:
Server stats:
160active users
dmv.community: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#GuLoader
0 posts · 0 participants · 0 posts today
Brad<p>Social media post I authored for my employer at <a href="https://www.linkedin.com/posts/unit42_malspam-guloader-remcos-ugcPost-7234210583800135680-3F6J/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linkedin.com/posts/unit42_mals</span><span class="invisible">pam-guloader-remcos-ugcPost-7234210583800135680-3F6J/</span></a> and <a href="https://x.com/Unit42_Intel/status/1828444963001995599" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">x.com/Unit42_Intel/status/1828</span><span class="invisible">444963001995599</span></a></p><p>2024-08-26 (Monday): <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malspam</span></a> pushing <a href="https://infosec.exchange/tags/GuLoader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GuLoader</span></a> for <a href="https://infosec.exchange/tags/Remcos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Remcos</span></a> <a href="https://infosec.exchange/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> (<a href="https://infosec.exchange/tags/RemcosRAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemcosRAT</span></a>). Steals login credentials and runs <a href="https://infosec.exchange/tags/keylogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keylogger</span></a>. Indicators available at <a href="https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-08-26-GuLoader-for-Remcos-RAT-IOCs.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/PaloAltoNetworks/Un</span><span class="invisible">it42-timely-threat-intel/blob/main/2024-08-26-GuLoader-for-Remcos-RAT-IOCs.txt</span></a></p><p>A <a href="https://infosec.exchange/tags/pcap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pcap</span></a> of the GuLoader/Remcos RAT infection traffic and the associated <a href="https://infosec.exchange/tags/malspam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malspam</span></a>, <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> and artifacts are available at <a href="https://malware-traffic-analysis.net/2024/08/26/index.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">malware-traffic-analysis.net/2</span><span class="invisible">024/08/26/index.html</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload