Intelligence Insights: January 2025

Red Canary's December 2024 intelligence highlights continued prevalence of the 'paste and run' initial access technique delivering multiple payloads (Vidar, LummaC2, NetSupport Manager) and notes ChromeLoader remaining the most-observed threat while Amber Albatross rose in prevalence; DarkGate reappeared as a follow-on payload leveraging RMM tools after social engineering, and a new VBS worm named Tangerine Turkey delivering a cryptominer debuted.