Halcyon Threat Insights 002: February 2024

Halcyon detected and blocked a range of stealthy malware in February 2024 that act as precursors to ransomware — notably Trojans and stealers (ClipBanker, Doina, RedLine, VMProtect-packed samples, Malgent/RedCap) — with Finance, IT, and Education the most targeted verticals; the report highlights common TTPs such as evasion (AV whitelisting, anti-VM), DGA-based PowerShell, credential theft, lateral movement, C2, and data exfiltration used to enable double extortion ransomware operations.