#ParsedReport
17-10-2022
Online File Converter Phishing Page Spreads RedLine Stealer
https://blog.cyble.com/2022/10/14/online-file-converter-phishing-page-spreads-redline-stealer
Threats:
Redline_stealer
Beacon
Process_injection_technique
Geo:
Dubai, Singapore, India, Australia, Georgia
TTPs:
Tactics: 8
Technics: 16
IOCs:
Url: 4
File: 5
Hash: 4
Softs:
curl, windows defender, discord, telegram
Algorithms:
zip
17-10-2022
Online File Converter Phishing Page Spreads RedLine Stealer
https://blog.cyble.com/2022/10/14/online-file-converter-phishing-page-spreads-redline-stealer
Threats:
Redline_stealer
Beacon
Process_injection_technique
Geo:
Dubai, Singapore, India, Australia, Georgia
TTPs:
Tactics: 8
Technics: 16
IOCs:
Url: 4
File: 5
Hash: 4
Softs:
curl, windows defender, discord, telegram
Algorithms:
zip
Cyble
Online File Converter Phishing Page Spreads RedLine Stealer
Cyble Research and Intelligence analyzes how Threat Actors are leveraging a fake file conversion tool to spread RedLine Stealer.
#ParsedReport
17-10-2022
Ransomware Roundup: Royal Ransomware
https://www.fortinet.com/blog/threat-research/ransomware-roundup-royal-ransomware
Threats:
Royal_ransomware
Industry:
Financial
IOCs:
Hash: 2
Algorithms:
aes
17-10-2022
Ransomware Roundup: Royal Ransomware
https://www.fortinet.com/blog/threat-research/ransomware-roundup-royal-ransomware
Threats:
Royal_ransomware
Industry:
Financial
IOCs:
Hash: 2
Algorithms:
aes
Fortinet Blog
Ransomware Roundup - Royal | FortiGuard Labs
The latest FortiGuard Labs Threat Signal Ransomware Roundup covers Royal ransomware, along with protection recommendations. Read more.…
Тут апдейт сделали еще на прошлой неделе.
https://twitter.com/Cyberknow20/status/1580153315203350528
https://twitter.com/Cyberknow20/status/1580153315203350528
Twitter
🚨Russia-Ukraine War Cyber Tracker Update #19. 12 OCT.🚨
84 Groups:
36 Pro-Ukraine - 42 Pro-Russia - 6 Unknown
Usual caveats apply
#cybersecurity #infosec #RussiaUkraineWar #UkraineRussianWar #Ukraine️ #killnet #cyberattacks #cybertracker
https://t.co/Uvp8PAOgBc
84 Groups:
36 Pro-Ukraine - 42 Pro-Russia - 6 Unknown
Usual caveats apply
#cybersecurity #infosec #RussiaUkraineWar #UkraineRussianWar #Ukraine️ #killnet #cyberattacks #cybertracker
https://t.co/Uvp8PAOgBc
#technique
A new DDoS attack vector: TCP Middlebox Reflection
https://blog.apnic.net/2022/10/18/a-new-ddos-attack-vector-tcp-middlebox-reflection/
A new DDoS attack vector: TCP Middlebox Reflection
https://blog.apnic.net/2022/10/18/a-new-ddos-attack-vector-tcp-middlebox-reflection/
APNIC Blog
A new DDoS attack vector: TCP Middlebox Reflection | APNIC Blog
Guest Post: Learn how TCP Middlebox Reflection attacks work and what are the best current practices for defending against it.
#ParsedReport
17-10-2022
DiceyF deploys GamePlayerFramework in online casino development studio
https://securelist.com/diceyf-deploys-gameplayerframework-in-online-casino-development-studio/107723
Actors/Campaigns:
Diceyf (motivation: cyber_espionage, financially_motivated, information_theft)
Earth_berberoka
Drbcontrol (motivation: financially_motivated)
Threats:
Gameplayerframework
Plugx_rat
Puppetloader
Industry:
Entertainment
Geo:
Hungary, Budapest, Chinese, Asia
IOCs:
Domain: 3
Path: 14
File: 24
Hash: 19
Softs:
chrome
Functions:
GetDomainSetting, SetDomainSetting, GetRemotePluginInfo, DeleteGuid, GetCookiePath
Win API:
GetSystemInfo
YARA: Found
17-10-2022
DiceyF deploys GamePlayerFramework in online casino development studio
https://securelist.com/diceyf-deploys-gameplayerframework-in-online-casino-development-studio/107723
Actors/Campaigns:
Diceyf (motivation: cyber_espionage, financially_motivated, information_theft)
Earth_berberoka
Drbcontrol (motivation: financially_motivated)
Threats:
Gameplayerframework
Plugx_rat
Puppetloader
Industry:
Entertainment
Geo:
Hungary, Budapest, Chinese, Asia
IOCs:
Domain: 3
Path: 14
File: 24
Hash: 19
Softs:
chrome
Functions:
GetDomainSetting, SetDomainSetting, GetRemotePluginInfo, DeleteGuid, GetCookiePath
Win API:
GetSystemInfo
YARA: Found
Securelist
DiceyF deploys GamePlayerFramework in online casino development studio
In this report we provide technical analysis of the GamePlayerFramework deployed by an APT we call DiceyF, which is targeting online casinos in Southeast Asia.
#ParsedReport
18-10-2022
Winnti APT group docks in Sri Lanka for new campaign
https://www.malwarebytes.com/blog/threat-intelligence/2022/10/winnti-apt-group-docks-in-sri-lanka-for-new-campaign
Actors/Campaigns:
Axiom (motivation: financially_motivated, cyber_espionage)
Threats:
Keyplug
Industry:
Government
Geo:
Chinese, Asia, Indian, China, India
IOCs:
Url: 1
Hash: 7
Domain: 1
18-10-2022
Winnti APT group docks in Sri Lanka for new campaign
https://www.malwarebytes.com/blog/threat-intelligence/2022/10/winnti-apt-group-docks-in-sri-lanka-for-new-campaign
Actors/Campaigns:
Axiom (motivation: financially_motivated, cyber_espionage)
Threats:
Keyplug
Industry:
Government
Geo:
Chinese, Asia, Indian, China, India
IOCs:
Url: 1
Hash: 7
Domain: 1
Malwarebytes
Winnti APT group docks in Sri Lanka for new campaign
In early August, the Malwarebytes Threat Intelligence team identified a new attack targeting government entities in Sri Lanka. The threat actors...
#ParsedReport
18-10-2022
ERMAC Android Malware Increasingly Active
https://blog.cyble.com/2022/10/18/ermac-android-malware-increasingly-active
Threats:
Ermac
Industry:
Financial
Geo:
Poland, Dubai, India, Singapore, Georgia, Australia
IOCs:
IP: 1
Url: 12
Hash: 1
Softs:
android, instagram
18-10-2022
ERMAC Android Malware Increasingly Active
https://blog.cyble.com/2022/10/18/ermac-android-malware-increasingly-active
Threats:
Ermac
Industry:
Financial
Geo:
Poland, Dubai, India, Singapore, Georgia, Australia
IOCs:
IP: 1
Url: 12
Hash: 1
Softs:
android, instagram
Cyble
ERMAC Android Malware Increasingly Active
CRIL Investigates the resurgence of ERMAC Android Malware as an increasing number of users are falling prey to their phishing attacks.
👍1
#ParsedReport
18-10-2022
Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/spyder-loader-cuckoobees-hong-kong
Actors/Campaigns:
Cuckoobees
Threats:
Spyder
Cryptopp_tool
Mimikatz_tool
Industry:
Government
IOCs:
File: 7
Path: 1
Hash: 88
Algorithms:
chacha20, aes
Win API:
GetComputerNameW
18-10-2022
Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/spyder-loader-cuckoobees-hong-kong
Actors/Campaigns:
Cuckoobees
Threats:
Spyder
Cryptopp_tool
Mimikatz_tool
Industry:
Government
IOCs:
File: 7
Path: 1
Hash: 88
Algorithms:
chacha20, aes
Win API:
GetComputerNameW
Security
Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong
Activity appears to be a continuation of previously documented Operation CuckooBees campaign.
#ParsedReport
19-10-2022
ASEC Weekly Malware Statistics (October 3rd, 2022 October 9th, 2022)
https://asec.ahnlab.com/en/40056
Threats:
Smokeloader
Agent_tesla
Beamwinhttp_loader
Garbage_cleaner
Snake_keylogger
Remcos_rat
Formbook
Nanocore_rat
Industry:
Financial
Geo:
Korea
IOCs:
File: 11
Domain: 11
Email: 7
Url: 2
Softs:
discord
Languages:
php
19-10-2022
ASEC Weekly Malware Statistics (October 3rd, 2022 October 9th, 2022)
https://asec.ahnlab.com/en/40056
Threats:
Smokeloader
Agent_tesla
Beamwinhttp_loader
Garbage_cleaner
Snake_keylogger
Remcos_rat
Formbook
Nanocore_rat
Industry:
Financial
Geo:
Korea
IOCs:
File: 11
Domain: 11
Email: 7
Url: 2
Softs:
discord
Languages:
php
ASEC BLOG
ASEC Weekly Malware Statistics (October 3rd, 2022 – October 9th, 2022) - ASEC BLOG
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 3rd, 2022 (Monday) to October 9th, 2022 (Sunday). For the main category, downloader…
#ParsedReport
19-10-2022
. Coin minor malware installed for vulnerable Apache Tomcat web servers
https://asec.ahnlab.com/ko/40315
Threats:
Meterpreter_tool
Xmrig_miner
Dropper/win.miner.c5283988
Trojan/vbs.runner.sc184041
Industry:
Healthcare
IOCs:
File: 6
Url: 5
Domain: 1
Coin: 1
Hash: 7
Algorithms:
base64
19-10-2022
. Coin minor malware installed for vulnerable Apache Tomcat web servers
https://asec.ahnlab.com/ko/40315
Threats:
Meterpreter_tool
Xmrig_miner
Dropper/win.miner.c5283988
Trojan/vbs.runner.sc184041
Industry:
Healthcare
IOCs:
File: 6
Url: 5
Domain: 1
Coin: 1
Hash: 7
Algorithms:
base64
ASEC BLOG
취약한 아파치 톰캣 웹 서버를 대상으로 설치되는 코인 마이너 악성코드 - ASEC BLOG
ASEC 분석팀에서는 최근 취약한 아파치 톰캣 웹 서버를 대상으로 하는 공격을 확인하였다. 최신 업데이트가 되지 않은 톰캣 서버는 대표적인 취약점 공격 벡터 중 하나이다. 과거에도 ASEC 블로그에서 취약한 JBoss 버전이 설치된 아파치 톰캣 서버를 대상으로 한 공격을 소개한 바 있다. 공격자는 취약점 공격 도구인 JexBoss를 이용해 웹쉘을 설치한 후 미터프리터 악성코드로 감염 시스템에 대한 제어를 획득하였다. 일반적으로 공격자들은 스캐닝 결과 취약한…
#ParsedReport
19-10-2022
DeadBolt ransomware: nothing but NASty
https://blog.group-ib.com/nas-under-threat
Threats:
Deadbolt
Upx_tool
Industry:
Petroleum, Financial
CVEs:
CVE-2022-27593 [Vulners]
Vulners: Score: Unknown, CVSS: 3.1,
Vulners: Exploitation: True
X-Force: Risk: 10
X-Force: Patch: Official fix
Soft:
- qnap photo station (<5.2.14, <5.4.15, <5.7.18, <6.0.22, <6.1.2)
Algorithms:
aes, aes-128, gzip, cbc, des
Languages:
javascript, lua, php
Platforms:
arm
Links:
19-10-2022
DeadBolt ransomware: nothing but NASty
https://blog.group-ib.com/nas-under-threat
Threats:
Deadbolt
Upx_tool
Industry:
Petroleum, Financial
CVEs:
CVE-2022-27593 [Vulners]
Vulners: Score: Unknown, CVSS: 3.1,
Vulners: Exploitation: True
X-Force: Risk: 10
X-Force: Patch: Official fix
Soft:
- qnap photo station (<5.2.14, <5.4.15, <5.7.18, <6.0.22, <6.1.2)
Algorithms:
aes, aes-128, gzip, cbc, des
Languages:
javascript, lua, php
Platforms:
arm
Links:
https://github.com/rivitna/Malware/tree/main/DeadBolt/deadbolt\_demoGroup-IB
DeadBolt ransomware: nothing but NASty
The Group-IB Incident Response Team investigated an incident related to a DeadBolt attack and analyzed a DeadBolt ransomware sample.
#ParsedReport
19-10-2022
Sophos X-Ops finds Attackers Using Covert Channels in Backdoor Against Devices
https://news.sophos.com/en-us/2022/10/19/sophos-x-ops-finds-attackers-using-covert-channels-in-backdoor-against-devices
Threats:
Gh0st_rat
Metasploit_tool
Termite
CVEs:
CVE-2022-1040 [Vulners]
Vulners: Score: 7.5, CVSS: 6.5,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- sophos sfos (le18.5.3)
CVE-2022-3236 [Vulners]
Vulners: Score: Unknown, CVSS: 6.3,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- sophos firewall (le19.0.1)
TTPs:
IOCs:
File: 3
Domain: 2
IP: 25
Hash: 34
Algorithms:
aes, rc4, base64
Languages:
perl, java
Links:
19-10-2022
Sophos X-Ops finds Attackers Using Covert Channels in Backdoor Against Devices
https://news.sophos.com/en-us/2022/10/19/sophos-x-ops-finds-attackers-using-covert-channels-in-backdoor-against-devices
Threats:
Gh0st_rat
Metasploit_tool
Termite
CVEs:
CVE-2022-1040 [Vulners]
Vulners: Score: 7.5, CVSS: 6.5,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- sophos sfos (le18.5.3)
CVE-2022-3236 [Vulners]
Vulners: Score: Unknown, CVSS: 6.3,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- sophos firewall (le19.0.1)
TTPs:
IOCs:
File: 3
Domain: 2
IP: 25
Hash: 34
Algorithms:
aes, rc4, base64
Languages:
perl, java
Links:
https://github.com/rapid7/metasploit-javapayload/blob/dee9809f78a7e86981a8f39e0622f05458c85940/javapayload/src/main/java/metasploit/Payload.javahttps://github.com/sophoslabs/IoCs/blob/master/CVE-2022-3236\_IOCs.csvSophos News
Sophos X-Ops finds Attackers Using Covert Channels in Backdoor Against Devices
Newly discovered attack combines custom and commodity malware
#ParsedReport
19-10-2022
TeamTNT Returns or Does It?
https://www.trendmicro.com/en_us/research/22/j/teamtnt-returns-or-does-it.html
Actors/Campaigns:
Teamtnt (motivation: cyber_criminal)
Threats:
Xmrig_miner
Zgrab_scanner_tool
Netstat_tool
Pnscan_tool
Masscan_tool
Cronb
Geo:
China, Germany
TTPs:
Tactics: 6
Technics: 25
IOCs:
IP: 14
File: 4
Coin: 1
Url: 15
Domain: 3
Softs:
docker, curl, crontab, apparmor, alisecguard, redis, systemd
Algorithms:
base64
Languages:
python
Links:
19-10-2022
TeamTNT Returns or Does It?
https://www.trendmicro.com/en_us/research/22/j/teamtnt-returns-or-does-it.html
Actors/Campaigns:
Teamtnt (motivation: cyber_criminal)
Threats:
Xmrig_miner
Zgrab_scanner_tool
Netstat_tool
Pnscan_tool
Masscan_tool
Cronb
Geo:
China, Germany
TTPs:
Tactics: 6
Technics: 25
IOCs:
IP: 14
File: 4
Coin: 1
Url: 15
Domain: 3
Softs:
docker, curl, crontab, apparmor, alisecguard, redis, systemd
Algorithms:
base64
Languages:
python
Links:
https://github.com/gianlucaborello/libprocesshider
https://github.com/zmap/zgrabTrend Micro
TeamTNT Returns — Or Does It?
Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows…
#ParsedReport
19-10-2022
.NET FormBook. A.NET appearance formbook malware distribution
https://asec.ahnlab.com/ko/40167
Threats:
Formbook
Malware/mdp.injection.m3509
IOCs:
File: 3
Hash: 1
Url: 2
19-10-2022
.NET FormBook. A.NET appearance formbook malware distribution
https://asec.ahnlab.com/ko/40167
Threats:
Formbook
Malware/mdp.injection.m3509
IOCs:
File: 3
Hash: 1
Url: 2
ASEC BLOG
.NET 외형의 FormBook 악성코드 유포 중 - ASEC BLOG
안랩 V3 제품에는 악성코드 위협으로부터 사용자를 보호하기 위한 다양한 탐지 기능이 있다. 이 중 ‘앱 격리 검사 (App Isolate Scan)’ 기능은 의심 프로세스에 대한 탐지 및 격리를 제공하는 기능으로서, 랜섬웨어 외 인포스틸러나 다운로더 등의 악성코드를 가상 환경에 격리하여 탐지할 수 있다. 안랩 ASD 인프라에 아직 수집되지 않았거나 악성코드의 정적, 동적 행위 패턴이 확인되지 않은 악성코드를 선제적으로 격리하여 사용자를 보호할 수 있는…
Запилил первую версию парсера команд cmd и powershell, содержащихся в отчетах. Чуть не психанул и не перешел на тяжелые наркотики в виде синтаксического анализатора Lex-Yacc.
👍1
#ParsedReport
19-10-2022
New Malicious Clicker found in apps installed by 20M+ users. How it works
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-malicious-clicker-found-in-apps-installed-by-20m-users
Threats:
Adware-admob
IOCs:
Domain: 6
Hash: 16
Softs:
android, (torch), instagram
19-10-2022
New Malicious Clicker found in apps installed by 20M+ users. How it works
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-malicious-clicker-found-in-apps-installed-by-20m-users
Threats:
Adware-admob
IOCs:
Domain: 6
Hash: 16
Softs:
android, (torch), instagram
McAfee Blog
New Malicious Clicker found in apps installed by 20M+ users | McAfee Blog
Authored by SangRyol Ryu Cybercriminals are always after illegal advertising revenue. As we have previously reported, we have seen many mobile malwares
#ParsedReport
20-10-2022
Black Basta and the Unnoticed Delivery. Introduction
https://research.checkpoint.com/2022/black-basta-and-the-unnoticed-delivery
Threats:
Blackbasta
Conti
Cobalt_strike
Qakbot
Trap flag_technique
Antidebugging_technique
Windbg_tool
Industry:
Financial
Geo:
India, Denmark, Switzerland, Italy, Canada, Germany, France, Austria
IOCs:
Hash: 7
File: 3
Algorithms:
aes, chacha20
Functions:
FindWindow, CreateFile
Win API:
NtGlobalFlag, DebugBreak, QueryPerformanceCounter, GetTickCount, VirtualAlloc, GetWriteWatch, CloseHandle, NtQueryInformationProcess, ReadFile, WriteFile, have more...
20-10-2022
Black Basta and the Unnoticed Delivery. Introduction
https://research.checkpoint.com/2022/black-basta-and-the-unnoticed-delivery
Threats:
Blackbasta
Conti
Cobalt_strike
Qakbot
Trap flag_technique
Antidebugging_technique
Windbg_tool
Industry:
Financial
Geo:
India, Denmark, Switzerland, Italy, Canada, Germany, France, Austria
IOCs:
Hash: 7
File: 3
Algorithms:
aes, chacha20
Functions:
FindWindow, CreateFile
Win API:
NtGlobalFlag, DebugBreak, QueryPerformanceCounter, GetTickCount, VirtualAlloc, GetWriteWatch, CloseHandle, NtQueryInformationProcess, ReadFile, WriteFile, have more...
Check Point Research
Black Basta and the Unnoticed Delivery - Check Point Research
Introduction As reported by Check Point at the end of H1 2022, 1 out of 40 organizations worldwide were impacted by ransomware attacks, which constitutes a worrying 59% increase over the past year. The ransomware business continues to grow in gargantuan proportions…
#ParsedReport
20-10-2022
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware
Actors/Campaigns:
Domestic_kitten
Threats:
Furball
Kidlogger
Geo:
Ukraine, Iranian, Iran
TTPs:
Tactics: 6
Technics: 9
IOCs:
File: 1
Hash: 1
Softs:
android
Languages:
php
YARA: Found
20-10-2022
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware
Actors/Campaigns:
Domestic_kitten
Threats:
Furball
Kidlogger
Geo:
Ukraine, Iranian, Iran
TTPs:
Tactics: 6
Technics: 9
IOCs:
File: 1
Hash: 1
Softs:
android
Languages:
php
YARA: Found
WeLiveSecurity
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware posing as an Android translation app.
#ParsedReport
20-10-2022
Infostealer Distributed Using Bundled Installer
https://blog.cyble.com/2022/10/20/infostealer-distributed-using-bundled-installer
Threats:
Beacon
Industry:
Financial
Geo:
Singapore, Georgia, Dubai, Australia, India
TTPs:
Tactics: 5
Technics: 10
IOCs:
File: 5
IP: 2
Coin: 2
Registry: 1
Url: 1
Hash: 15
Softs:
telegram, photoshop, topaz clean, bitappwallet, binancechain, bravewallet, equalwallet, iwallet, mathwallet, niftywallet, have more...
Algorithms:
zip
20-10-2022
Infostealer Distributed Using Bundled Installer
https://blog.cyble.com/2022/10/20/infostealer-distributed-using-bundled-installer
Threats:
Beacon
Industry:
Financial
Geo:
Singapore, Georgia, Dubai, Australia, India
TTPs:
Tactics: 5
Technics: 10
IOCs:
File: 5
IP: 2
Coin: 2
Registry: 1
Url: 1
Hash: 15
Softs:
telegram, photoshop, topaz clean, bitappwallet, binancechain, bravewallet, equalwallet, iwallet, mathwallet, niftywallet, have more...
Algorithms:
zip
Cyble
Infostealer Distributed Using Bundled Installer
Cyble Research and Intelligence Labs identifies a new Temp stealer and analyses how it spreads via free & cracking Software.
#ParsedReport
20-10-2022
Qakbot. QAKBOT malicious code domestic distribution
https://asec.ahnlab.com/ko/40364
Threats:
Qakbot
Bumblebee
Icedid
Malware/win.possible_smhpqakbottha.r525663
Industry:
Financial
IOCs:
File: 4
IP: 4
Hash: 3
20-10-2022
Qakbot. QAKBOT malicious code domestic distribution
https://asec.ahnlab.com/ko/40364
Threats:
Qakbot
Bumblebee
Icedid
Malware/win.possible_smhpqakbottha.r525663
Industry:
Financial
IOCs:
File: 4
IP: 4
Hash: 3
ASEC BLOG
Qakbot 악성코드 국내 유포 중 - ASEC BLOG
ASEC 분석팀은 지난 9월에 소개했던 Qakbot 악성코드가 국내 사용자를 대상으로 유포 중인 것을 확인하였다. ISO 파일을 이용한 점을 포함한 전체적인 동작 과정은 기존과 유사하지만, 행위 탐지를 우회하기 위한 과정이 추가되었다. 먼저, 국내 사용자를 대상으로 유포된 이메일은 아래와 같다. 해당 메일은 기존 정상 메일을 가로채 악성 파일을 첨부하여 회신한 형태로, 이전에 블로그를 통해 소개했던 Bumblebee 와 IceID 의 유포 과정과 동일하다.…
#ParsedReport
20-10-2022
Phishing Campaign Targeting the Saudi Government Service Portal, Absher
https://cloudsek.com/threatintelligence/phishing-campaign-targeting-the-saudi-government-service-portal-absher/?utm_source=rss&utm_medium=rss&utm_campaign=phishing-campaign-targeting-the-saudi-government-service-portal-absher
Industry:
Government
20-10-2022
Phishing Campaign Targeting the Saudi Government Service Portal, Absher
https://cloudsek.com/threatintelligence/phishing-campaign-targeting-the-saudi-government-service-portal-absher/?utm_source=rss&utm_medium=rss&utm_campaign=phishing-campaign-targeting-the-saudi-government-service-portal-absher
Industry:
Government
Cloudsek
Phishing Campaign Targeting the Saudi Government Service Portal, Absher | Threat Intelligence | CloudSEK
Multiple phishing domains impersonating Absher, the Saudi government service portal. Domains provide fake services to the citizens and steal their credentials.