#ParsedReport
18-01-2023
IcedID and Infostealers Spread Through Adverts Mimicking Popular Tools
https://threatresearch.ext.hp.com/adverts-mimicking-popular-software-leads-to-malware
Threats:
Icedid
Vidar_stealer
Batloader
Rhadamanthys
Typosquatting_technique
Icedid_loader
IOCs:
File: 4
Hash: 4
Url: 9
Domain: 95
Softs:
audacity, telegram, microsoft teams
Algorithms:
zip
18-01-2023
IcedID and Infostealers Spread Through Adverts Mimicking Popular Tools
https://threatresearch.ext.hp.com/adverts-mimicking-popular-software-leads-to-malware
Threats:
Icedid
Vidar_stealer
Batloader
Rhadamanthys
Typosquatting_technique
Icedid_loader
IOCs:
File: 4
Hash: 4
Url: 9
Domain: 95
Softs:
audacity, telegram, microsoft teams
Algorithms:
zip
HP Wolf Security
Fake Software Malvertising Spreads IcedID and Infostealers | HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, Fake Software Malvertising Spreads IcedID and Infostealers, to learn more about cyber threats and cyber security.
#ParsedReport
18-01-2023
TZW. TZW ransomware domestic distribution
https://asec.ahnlab.com/ko/45706
Threats:
Tzw_ransomware
Majorcrypter
Darktortilla
Variantcrypter
Ransomware/win.generic.c5355494
Trojan/win.msilkrypt.c5020026
Trojan/win32.ransomcrypt.r343432
Malware/mdp.inject.m218
IOCs:
File: 13
Command: 1
Hash: 3
18-01-2023
TZW. TZW ransomware domestic distribution
https://asec.ahnlab.com/ko/45706
Threats:
Tzw_ransomware
Majorcrypter
Darktortilla
Variantcrypter
Ransomware/win.generic.c5355494
Trojan/win.msilkrypt.c5020026
Trojan/win32.ransomcrypt.r343432
Malware/mdp.inject.m218
IOCs:
File: 13
Command: 1
Hash: 3
ASEC BLOG
TZW 랜섬웨어 국내 유포 중 - ASEC BLOG
ASEC 분석팀은 최근 내부 모니터링을 통해, 파일 암호화 후 원본 확장자 이름에 “TZW” 확장자를 추가하는 TZW 랜섬웨어가 유포되는 것을 확인하였다. 해당 랜섬웨어는 버전 정보 상 “System Boot Info” 라고 명시하여 부트 정보 관련 프로그램인 것처럼 정상 파일로 위장하여 유포되고 있다. 닷넷 형태로 제작되었으며 내부에 로더와 실제 랜섬웨어 데이터를 포함한다. 로더를 통해 랜섬웨어 파일을 최종적으로 로드하여 실행하는 구조이다. 리소스 영역의…
#ParsedReport
18-01-2023
ASEC (20230109 \~ 20230115). ASEC Weekly Malware Statistics (20230109 \~ 20230115)
https://asec.ahnlab.com/ko/45876
Threats:
Smokeloader
Beamwinhttp_loader
Garbage_cleaner
Formbook
Clipboard_grabbing_technique
Agent_tesla
Azorult
Lokibot_stealer
Industry:
Financial, Transport
Geo:
Korea
IOCs:
File: 21
Url: 23
Domain: 3
Email: 5
Softs:
telegram
18-01-2023
ASEC (20230109 \~ 20230115). ASEC Weekly Malware Statistics (20230109 \~ 20230115)
https://asec.ahnlab.com/ko/45876
Threats:
Smokeloader
Beamwinhttp_loader
Garbage_cleaner
Formbook
Clipboard_grabbing_technique
Agent_tesla
Azorult
Lokibot_stealer
Industry:
Financial, Transport
Geo:
Korea
IOCs:
File: 21
Url: 23
Domain: 3
Email: 5
Softs:
telegram
ASEC BLOG
ASEC 주간 악성코드 통계 (20230109 ~ 20230115) - ASEC BLOG
ContentsTop 1 – SmokeLoaderTop 2 – BeamWinHTTPTop 3 – FormbookTop 4 – AgentTeslaTop 5 – Lokibot ASEC 분석팀에서는 ASEC 자동 분석 시스템 RAPIT 을 활용하여 알려진 악성코드들에 대한 분류 및 대응을 진행하고 있다. 본 포스팅에서는 2023년 1월 9일 월요일부터 01월 15일 일요일까지 한 주간 수집된 악성코드의 통계를 정리한다. 대분류 상으로는 다운로더가 38.4%로…
#technique
Home Grown Red Team: Using LNK Files To Bypass Applocker
https://assume-breach.medium.com/home-grown-red-team-using-lnk-files-to-bypass-applocker-3fb1ecae291f
Home Grown Red Team: Using LNK Files To Bypass Applocker
https://assume-breach.medium.com/home-grown-red-team-using-lnk-files-to-bypass-applocker-3fb1ecae291f
Medium
Home Grown Red Team: Using LNK Files To Bypass Applocker
The Windows LNK file is just one of the many ways to get easy execution while bypassing Applocker and some AV. While this isn’t a new…
#technique
Avoid antivirus by hiding the import table
https://xz-aliyun-com.translate.goog/t/12035?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
Avoid antivirus by hiding the import table
https://xz-aliyun-com.translate.goog/t/12035?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
xz-aliyun-com.translate.goog
通过隐藏导入表的方式规避杀软 - 先知社区
先知社区,先知安全技术社区
#Research
Open SESAME: Fighting Botnets with Seed Reconstructions of
Domain Generation Algorithms
https://arxiv.org/pdf/2301.05048.pdf
Open SESAME: Fighting Botnets with Seed Reconstructions of
Domain Generation Algorithms
https://arxiv.org/pdf/2301.05048.pdf
#ParsedReport
19-01-2023
New version of Remcos RAT uses direct syscalls to evade detection.
https://minerva-labs.com/blog/new-version-of-remcos-rat-uses-direct-syscalls-to-evade-detection
Threats:
Remcos_rat
Process_hollowing_technique
A310loggerstealer
Uac_bypass_technique
Pony
Process_injection_technique
TTPs:
IOCs:
File: 4
Path: 1
Registry: 2
Command: 1
Hash: 4
Softs:
nsis installer, windows service
Algorithms:
xor
Functions:
Function
Win API:
ResumeThread, NtCreateSection, NtMapViewOfSection, CreateProcessW, NtGetContextThread, NtQueryInformationProcess, ReadProcessMemory, NtWriteVirtualMemory, SetThreadContext, NtResumeThread, have more...
Links:
19-01-2023
New version of Remcos RAT uses direct syscalls to evade detection.
https://minerva-labs.com/blog/new-version-of-remcos-rat-uses-direct-syscalls-to-evade-detection
Threats:
Remcos_rat
Process_hollowing_technique
A310loggerstealer
Uac_bypass_technique
Pony
Process_injection_technique
TTPs:
IOCs:
File: 4
Path: 1
Registry: 2
Command: 1
Hash: 4
Softs:
nsis installer, windows service
Algorithms:
xor
Functions:
Function
Win API:
ResumeThread, NtCreateSection, NtMapViewOfSection, CreateProcessW, NtGetContextThread, NtQueryInformationProcess, ReadProcessMemory, NtWriteVirtualMemory, SetThreadContext, NtResumeThread, have more...
Links:
https://github.com/rxOred/process-hollowingRapid7
Rapid7 Cybersecurity - Command Your Attack Surface
Level up SecOps with the only endpoint to cloud, unified cybersecurity platform. Confidently act to prevent breaches with a leading MDR partner. Request demo!
#ParsedReport
19-01-2023
(LNK). Malicious link file disguised as a normal Korean document (LNK)
https://asec.ahnlab.com/ko/45988
Threats:
Dropper/lnk.agent
Trojan/bat.agent
Trojan/vbs.agent
Trojan/vbs.obfuscated
Trojan/vbs.runner
Trojan/vbs.uploader
Geo:
Korean
IOCs:
File: 23
Registry: 1
Url: 8
Path: 3
Hash: 16
Algorithms:
zip
19-01-2023
(LNK). Malicious link file disguised as a normal Korean document (LNK)
https://asec.ahnlab.com/ko/45988
Threats:
Dropper/lnk.agent
Trojan/bat.agent
Trojan/vbs.agent
Trojan/vbs.obfuscated
Trojan/vbs.runner
Trojan/vbs.uploader
Geo:
Korean
IOCs:
File: 23
Registry: 1
Url: 8
Path: 3
Hash: 16
Algorithms:
zip
ASEC
정상 한글 문서를 위장한 악성 링크 파일(LNK) - ASEC
ASEC 분석팀은 정상 한글 문서를 위장한 악성 LNK 파일이 유포되고 있음을 확인하였다. 국세청을 사칭한 텍스트 파일과 함께 유포되고 있으며 관련 내용이 담긴 정상 한글 문서가 실행되어 사용자가 악성 파일임을 인지하기 어렵다. 최종적으로 실행되는 악성 스크립트 파일은 ‘제품소개서로 위장한 악성 워드 문서‘ 에서 소개한 악성스크립트와 동일한 유형으로 확인되며 같은 공격자에 의해 제작된 것으로 보인다. 최근 확인된 […]
#ParsedReport
19-01-2023
Gigabud RAT: New Android RAT Masquerading as Government Agencies. Technical Analysis
https://blog.cyble.com/2023/01/19/gigabud-rat-new-android-rat-masquerading-as-government-agencies
Threats:
Gigabud_rat
Industry:
Telco, Financial, Aerospace, Government
Geo:
Thailand, Philippine, Peru, Peruvian, Philippines
TTPs:
Tactics: 7
Technics: 9
IOCs:
Url: 5
File: 2
Hash: 2
Softs:
android
Functions:
OpenService
19-01-2023
Gigabud RAT: New Android RAT Masquerading as Government Agencies. Technical Analysis
https://blog.cyble.com/2023/01/19/gigabud-rat-new-android-rat-masquerading-as-government-agencies
Threats:
Gigabud_rat
Industry:
Telco, Financial, Aerospace, Government
Geo:
Thailand, Philippine, Peru, Peruvian, Philippines
TTPs:
Tactics: 7
Technics: 9
IOCs:
Url: 5
File: 2
Hash: 2
Softs:
android
Functions:
OpenService
Cyble
Cyble - Gigabud RAT: New Android RAT Masquerading As Government Agencies
CRIL analyzes Gigabud RAT, the latest Android malware posing as a government agency to steal sensitive information.
#ParsedReport
19-01-2023
Sliver C2 Leveraged by Many Threat Actors
https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
Actors/Campaigns:
Duke
Shathak
Exotic_lily
Threats:
Sliver_tool
Cobalt_strike
Bumblebee
Uac_bypass_technique
Process_injection_technique
Rubeus_tool
Seatbelt_tool
Metasploit_tool
Silver_c2
Wellmess_rat
Wellmail
Gozi
Icedid
Qakbot
Beacon
Procdump_tool
Pypykatz_tool
Mimikatz_tool
Nltest_tool
Golden_ticket_technique
Dcsync_technique
Geo:
Russian
TTPs:
Tactics: 9
Technics: 0
IOCs:
File: 17
Path: 5
IP: 3
Softs:
psexec, wireguard, microsoft office, curl, sudo, systemd, active directory, confluence, openssl, windows service, have more...
Algorithms:
zip
Functions:
GetSystem
Win API:
CreateRemoteThread
Languages:
golang
Platforms:
amd64, intel, arm
Links:
19-01-2023
Sliver C2 Leveraged by Many Threat Actors
https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
Actors/Campaigns:
Duke
Shathak
Exotic_lily
Threats:
Sliver_tool
Cobalt_strike
Bumblebee
Uac_bypass_technique
Process_injection_technique
Rubeus_tool
Seatbelt_tool
Metasploit_tool
Silver_c2
Wellmess_rat
Wellmail
Gozi
Icedid
Qakbot
Beacon
Procdump_tool
Pypykatz_tool
Mimikatz_tool
Nltest_tool
Golden_ticket_technique
Dcsync_technique
Geo:
Russian
TTPs:
Tactics: 9
Technics: 0
IOCs:
File: 17
Path: 5
IP: 3
Softs:
psexec, wireguard, microsoft office, curl, sudo, systemd, active directory, confluence, openssl, windows service, have more...
Algorithms:
zip
Functions:
GetSystem
Win API:
CreateRemoteThread
Languages:
golang
Platforms:
amd64, intel, arm
Links:
https://github.com/gentilkiwi/mimikatzhttps://github.com/BishopFox/sliverhttps://github.com/salesforce/jarmhttps://github.com/sliverarmory/armoryhttps://github.com/BishopFox/https://github.com/BishopFox/sliver/releases/tag/v1.1.0https://github.com/skelsec/pypykatzhttps://github.com/GhostPack/RubeusCybereason
Sliver C2 Leveraged by Many Threat Actors
Threat Research: Sliver C2 gets more and more traction from Threat Actors, often seen as an alternative from Cobalt Striker.
#ParsedReport
19-01-2023
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer. Threat Background
https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
Threats:
Rhadamanthys
Anydesk_tool
Bumblebee
Industry:
Financial
TTPs:
Tactics: 1
Technics: 0
IOCs:
Hash: 1
File: 14
Url: 1
Softs:
windows error reporting, keepass, pale moon, sleipnir5, opera, chrome, coreftp, discord, telegram, foxmail, have more...
Algorithms:
rc4
Functions:
Unhooking, CreateCompletionPort, OpenVPN, GetModuleHandle
Win API:
VirtualAlloc, VirtualProtect, WinMain, ImmEnumInputContext, CreateThread, CreateRemoteThread, LocalFree, LocalAlloc, VirtualFree, ZwQueryInformationProcess, have more...
Links:
19-01-2023
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer. Threat Background
https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88
Threats:
Rhadamanthys
Anydesk_tool
Bumblebee
Industry:
Financial
TTPs:
Tactics: 1
Technics: 0
IOCs:
Hash: 1
File: 14
Url: 1
Softs:
windows error reporting, keepass, pale moon, sleipnir5, opera, chrome, coreftp, discord, telegram, foxmail, have more...
Algorithms:
rc4
Functions:
Unhooking, CreateCompletionPort, OpenVPN, GetModuleHandle
Win API:
VirtualAlloc, VirtualProtect, WinMain, ImmEnumInputContext, CreateThread, CreateRemoteThread, LocalFree, LocalAlloc, VirtualFree, ZwQueryInformationProcess, have more...
Links:
https://github.com/OALabs/BlobRunnerhttps://github.com/HoLLy-HaCKeR/KeePassHaxhttps://github.com/LordNoteworthy/al-khaserMedium
Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Threat Background
#ParsedReport
19-01-2023
apt-c-26 lazarus. 1. Affected situation
https://mp.weixin.qq.com/s/W4hkBRJnwN1G32QCpaNNoA
Actors/Campaigns:
Lazarus
Axiom
Ta505
Threats:
Nukesped_rat
Process_injection_technique
IOCs:
Hash: 4
File: 3
Softs:
somora
Algorithms:
des, rc4, base64
Languages:
php
19-01-2023
apt-c-26 lazarus. 1. Affected situation
https://mp.weixin.qq.com/s/W4hkBRJnwN1G32QCpaNNoA
Actors/Campaigns:
Lazarus
Axiom
Ta505
Threats:
Nukesped_rat
Process_injection_technique
IOCs:
Hash: 4
File: 3
Softs:
somora
Algorithms:
des, rc4, base64
Languages:
php
Weixin Official Accounts Platform
疑似APT-C-26(Lazarus)组织通过加密货币钱包推广信息进行攻击活动分析
由于ISO文件的特性,在诱饵文件的使用上深受Lazarus、Winnti、TA505等APT组织的青睐。近日360高级威胁研究院监测到一起疑似APT-C-26(Lazarus)组织以加密货币钱包推广信息为主题投递恶意ISO文件的攻击事件
#ParsedReport
19-01-2023
Darth Vidar: The Dark Side of Evolving Threat Infrastructure
https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure
Threats:
Vidar_stealer
Arkei_stealer
Anydesk_tool
Lumma_stealer
Oski_stealer
Stop_ransomware
Icedid
Redline_stealer
Industry:
Financial
Geo:
Russian
IOCs:
Domain: 10
IP: 10
File: 1
Hash: 6
Url: 6
Softs:
telegram, opera, mastodon
Platforms:
intel
19-01-2023
Darth Vidar: The Dark Side of Evolving Threat Infrastructure
https://www.team-cymru.com/post/darth-vidar-the-dark-side-of-evolving-threat-infrastructure
Threats:
Vidar_stealer
Arkei_stealer
Anydesk_tool
Lumma_stealer
Oski_stealer
Stop_ransomware
Icedid
Redline_stealer
Industry:
Financial
Geo:
Russian
IOCs:
Domain: 10
IP: 10
File: 1
Hash: 6
Url: 6
Softs:
telegram, opera, mastodon
Platforms:
intel
Team-Cymru
Darth Vidar: Evolution of Threat Infrastructure at Team Cymru
Uncover the menacing force of "Darth Vidar" and its impact on evolving threat infrastructure. Explore how a Technology Company can combat this dark side.
#ParsedReport
19-01-2023
Aurora A Stealer Using Shapeshifting Tactics
https://blog.cyble.com/2023/01/18/aurora-a-stealer-using-shapeshifting-tactics
Threats:
Aurora
Teamviewer_tool
Redline_stealer
Vidar_stealer
Record_breaker_stealer
Beacon
TTPs:
Tactics: 6
Technics: 15
IOCs:
Url: 3
IP: 1
Hash: 4
Softs:
telegram, discord, (chrome
Algorithms:
gzip, base64
Functions:
wine_get_version
Win API:
GetProcAddress
Languages:
golang
19-01-2023
Aurora A Stealer Using Shapeshifting Tactics
https://blog.cyble.com/2023/01/18/aurora-a-stealer-using-shapeshifting-tactics
Threats:
Aurora
Teamviewer_tool
Redline_stealer
Vidar_stealer
Record_breaker_stealer
Beacon
TTPs:
Tactics: 6
Technics: 15
IOCs:
Url: 3
IP: 1
Hash: 4
Softs:
telegram, discord, (chrome
Algorithms:
gzip, base64
Functions:
wine_get_version
Win API:
GetProcAddress
Languages:
golang
Cyble
Aurora – A Stealer Using Shapeshifting Tactics
CRIL analyzes Aurora, an information stealer leveraging Phishing pages imitating popular applications to infect users.
#ParsedReport
18-01-2023
Payzero Scams and The Evolution of Asset Theft in Web3. Pay zero, get it all
https://www.trendmicro.com/en_us/research/23/a/payzero-scams-and-the-evolution-of-asset-theft-in-web3.html
Threats:
Payzero
Medusalocker
Industry:
E-commerce, Financial
Softs:
discord
Functions:
OpenSea, SetApprovalForAll
18-01-2023
Payzero Scams and The Evolution of Asset Theft in Web3. Pay zero, get it all
https://www.trendmicro.com/en_us/research/23/a/payzero-scams-and-the-evolution-of-asset-theft-in-web3.html
Threats:
Payzero
Medusalocker
Industry:
E-commerce, Financial
Softs:
discord
Functions:
OpenSea, SetApprovalForAll
Trend Micro
“Payzero” Scams and The Evolution of Asset Theft in Web3
In this entry we would like to discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”.
#ParsedReport
19-01-2023
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464
Actors/Campaigns:
Roaming_mantis (motivation: financially_motivated)
Threats:
Dns_changer
Mantis_botnet
Moqhao
Dns_hijacking_technique
Formbook
Industry:
Aerospace
Geo:
Asian, Malaysia, Korea, India, Germany, Austria, France, Taiwan, Turkey, Japan
IOCs:
Hash: 6
File: 1
IP: 48
Url: 34
Domain: 21
Softs:
android
19-01-2023
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464
Actors/Campaigns:
Roaming_mantis (motivation: financially_motivated)
Threats:
Dns_changer
Mantis_botnet
Moqhao
Dns_hijacking_technique
Formbook
Industry:
Aerospace
Geo:
Asian, Malaysia, Korea, India, Germany, Austria, France, Taiwan, Turkey, Japan
IOCs:
Hash: 6
File: 1
IP: 48
Url: 34
Domain: 21
Softs:
android
Securelist
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.
#ParsedReport
19-01-2023
Breaking Down the SEO Poisoning Attack \| How Attackers Are Hijacking Search Results
https://www.sentinelone.com/blog/breaking-down-the-seo-poisoning-attack-how-attackers-are-hijacking-search-results
Threats:
Atera_tool
Batloader
Raccoon_stealer
Industry:
Financial
Geo:
Usa
IOCs:
Hash: 7
File: 4
IP: 1
Softs:
photoshop, discord
Algorithms:
zip
19-01-2023
Breaking Down the SEO Poisoning Attack \| How Attackers Are Hijacking Search Results
https://www.sentinelone.com/blog/breaking-down-the-seo-poisoning-attack-how-attackers-are-hijacking-search-results
Threats:
Atera_tool
Batloader
Raccoon_stealer
Industry:
Financial
Geo:
Usa
IOCs:
Hash: 7
File: 4
IP: 1
Softs:
photoshop, discord
Algorithms:
zip
SentinelOne
SEO Poisoning: Risks, Solutions & Indicators of Compromise
Learn about SEO Poisoning, its risks, and how to mitigate them. Explore indicators of compromise and find a conclusion to safeguard your projects.
#ParsedReport
18-01-2023
Chinese Playful Taurus Activity in Iran
https://unit42.paloaltonetworks.com/playful-taurus
Actors/Campaigns:
Playful_taurus (motivation: cyber_espionage)
Threats:
Terra_stealer
Turian
Vmprotect_tool
Api_obfuscation_technique
Neshta
Industry:
Telco, Government
Geo:
Iranian, Syrian, Irans, Iran, America, Apac, Africa, Senegal, Japan, Emea, Chinese, China
IOCs:
Domain: 14
IP: 9
Hash: 7
File: 2
Algorithms:
xor
Functions:
connect
Win API:
InitSecurityInterfaceA, AcquireCredentialsHandleA, InitializeSecurityContextA, EncryptMessage, DecryptMessage
Languages:
python
Platforms:
x64
18-01-2023
Chinese Playful Taurus Activity in Iran
https://unit42.paloaltonetworks.com/playful-taurus
Actors/Campaigns:
Playful_taurus (motivation: cyber_espionage)
Threats:
Terra_stealer
Turian
Vmprotect_tool
Api_obfuscation_technique
Neshta
Industry:
Telco, Government
Geo:
Iranian, Syrian, Irans, Iran, America, Apac, Africa, Senegal, Japan, Emea, Chinese, China
IOCs:
Domain: 14
IP: 9
Hash: 7
File: 2
Algorithms:
xor
Functions:
connect
Win API:
InitSecurityInterfaceA, AcquireCredentialsHandleA, InitializeSecurityContextA, EncryptMessage, DecryptMessage
Languages:
python
Platforms:
x64
Unit 42
Chinese Playful Taurus Activity in Iran
Chinese APT Playful Taurus is using a new backdoor named Turian. Analysis suggests several Iranian government networks have likely been compromised.
#ParsedReport
20-01-2023
ASEC Weekly Malware Statistics (January 9th, 2023 January 15th, 2023)
https://asec.ahnlab.com/en/46169
Threats:
Smokeloader
Beamwinhttp_loader
Garbage_cleaner
Formbook
Clipboard_grabbing_technique
Agent_tesla
Lokibot_stealer
Industry:
Transport, Financial
Geo:
Korea
IOCs:
File: 15
Url: 23
Domain: 3
Email: 5
Softs:
telegram
20-01-2023
ASEC Weekly Malware Statistics (January 9th, 2023 January 15th, 2023)
https://asec.ahnlab.com/en/46169
Threats:
Smokeloader
Beamwinhttp_loader
Garbage_cleaner
Formbook
Clipboard_grabbing_technique
Agent_tesla
Lokibot_stealer
Industry:
Transport, Financial
Geo:
Korea
IOCs:
File: 15
Url: 23
Domain: 3
Email: 5
Softs:
telegram
ASEC BLOG
ASEC Weekly Malware Statistics (January 9th, 2023 – January 15th, 2023) - ASEC BLOG
The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from January 9th, 2023 (Monday) to January 15th, 2023 (Sunday). For the main category, downloader…
#ParsedReport
20-01-2023
Ransomware Roundup Playing Whack-a-Mole with New CrySIS/Dharma Variants
https://www.fortinet.com/blog/threat-research/ransomware-roundup-playing-whack-a-mole-with-new-crysis-dharma-variants
Threats:
Dharma
Vssadmin_tool
Industry:
Financial
Geo:
Bulgarian, Russian, Ukrainian
IOCs:
File: 2
Path: 6
Hash: 6
20-01-2023
Ransomware Roundup Playing Whack-a-Mole with New CrySIS/Dharma Variants
https://www.fortinet.com/blog/threat-research/ransomware-roundup-playing-whack-a-mole-with-new-crysis-dharma-variants
Threats:
Dharma
Vssadmin_tool
Industry:
Financial
Geo:
Bulgarian, Russian, Ukrainian
IOCs:
File: 2
Path: 6
Hash: 6
Fortinet Blog
Ransomware Roundup – Playing Whack-a-Mole with New CrySIS/Dharma Variants | FortiGuard Labs
In this week's Ransomware Roundup, FortiGuard Labs covers variants of the CrySIS/Dharma ransomware family along with protection recommendations. Read our blog to find out more.…