Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp
https://www.sentinelone.com/labs/sanctions-be-damned-from-dridex-to-macaw-the-evolution-of-evil-corp/
https://www.sentinelone.com/labs/sanctions-be-damned-from-dridex-to-macaw-the-evolution-of-evil-corp/
SentinelOne
Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp
What really happened to Evil Corp after the OFAC sanctions? Did they cut and run, or are they still operating with impunity?
Malware Civil War – Malicious npm Packages Targeting Malware Authors
https://jfrog.com/blog/malware-civil-war-malicious-npm-packages-targeting-malware-authors/
https://jfrog.com/blog/malware-civil-war-malicious-npm-packages-targeting-malware-authors/
JFrog
Malware Civil War - Malicious npm Packages Targeting Malware Authors
JFrog discovers 25 open-source npm malicious packages, including one that targets malware authors to hijack stolen Discord tokens. Find out more >
Thu, 24 Feb 2022 01:14:51 +0000
LockBit Ransomware Being Distributed Using Resume and Copyright-related Emails
https://asec.ahnlab.com/en/32054/
ASEC
LockBit Ransomware Being Distributed Using Resume and Copyright-related Emails - ASEC
The ASEC analysis team has recently discovered ransomware that is being distributed emails after disguising itself as resumes or copyright-related claims. The malicious emails with such content have been steadily distributed from the past. Unlike previous…
Thu, 24 Feb 2022 01:14:51 +0000
Cobalt Strike Being Distributed to Vulnerable MS-SQL Servers (2)
https://asec.ahnlab.com/en/32062/
ASEC
Cobalt Strike Being Distributed to Unsecured MS-SQL Servers (2) - ASEC
The ASEC analysis team has uploaded a post on February 21st about distribution of Cobalt Strike via unsecured MS-SQL servers. Cobalt Strike Being Distributed to Unsecured MS-SQL Servers As for the current case, the distributed Cobalt Strike had a different…
Thu, 24 Feb 2022 02:46:46 +0000
用DTA照亮DNS威胁分析之路 (3)
https://blog.netlab.360.com/use_dta_to_illuminate_the_path_of_dns_threat_analysis_3/
360 Netlab Blog - Network Security Research Lab at 360
用DTA照亮DNS威胁分析之路 (3)
--- 内置未知威胁分析模型介绍
概述
在系列文章2
[https://blog.netlab.360.com/use_dta_to_illuminate_the_path_of_dns_threat_analysis_2/]
,介绍了如何利用DTA进行一轮完整的未知威胁分析,共有3个步骤:
> 1、提出分析思路,从DNS日志里找到可疑线索
2、确认可疑线索有威胁行为
3、借助DNS日志确认资产被感染
其中,这几个步骤里最为安全分析人员所熟悉的应该是步骤2,毕竟日常工作大家都少不了利用各家威胁情…
概述
在系列文章2
[https://blog.netlab.360.com/use_dta_to_illuminate_the_path_of_dns_threat_analysis_2/]
,介绍了如何利用DTA进行一轮完整的未知威胁分析,共有3个步骤:
> 1、提出分析思路,从DNS日志里找到可疑线索
2、确认可疑线索有威胁行为
3、借助DNS日志确认资产被感染
其中,这几个步骤里最为安全分析人员所熟悉的应该是步骤2,毕竟日常工作大家都少不了利用各家威胁情…
Thu, 24 Feb 2022 05:05:52 +0000
StrRAT in Disguise
https://labs.k7computing.com/index.php/strrat-in-disguise/
K7 Labs
StrRAT in Disguise - K7 Labs
This blog is a follow-up to the StrRAT discussed before here in K7Labs blog. A new variant of StrRAT where […]
Thu, 24 Feb 2022 10:58:35 +0000
New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Offici
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
Check Point Research
New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications…
Popular games such as “Temple Run” or “Subway Surfer” were found to be malicious Attackers can use the installed malware as a backdoor in order to gain full control on the victim’s machine Most of the victims are from Sweden, Bulgaria, Russia, Bermuda and…
Thu, 24 Feb 2022 15:16:43 +0000
Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity
https://www.mandiant.com/resources/telegram-malware-iranian-espionage
Google Cloud Blog
Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity | Mandiant | Google Cloud Blog
Thu, 24 Feb 2022 18:36:42 +0000
Hermetic Wiper & resurgence of targeted attacks on Ukraine
https://www.zscaler.com/blogs/security-research/hermetic-wiper-resurgence-targeted-attacks-ukraine
Zscaler
Hermetic Wiper & resurgence of targeted attacks on Ukraine | Zscaler
Ukraine Targeted Attacks Wiper
Fri, 25 Feb 2022 01:09:38 +0000
New Infostealer ‘ColdStealer’ Being Distributed
https://asec.ahnlab.com/en/32090/
ASEC BLOG
New Infostealer 'ColdStealer' Being Distributed - ASEC BLOG
The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer. The malware disguises itself as a software download for cracks and tools, a distribution method that was mentioned multiple times in previous…
Fri, 25 Feb 2022 13:29:00 +0000
Threat updates – A new IcedID GZipLoader variant
https://threatray.com/blog/a-new-icedid-gziploader-variant/
Threatray
Threat updates: A new IcedID GZipLoader variant | Threatray
IcedId is a modular banking Trojan discovered in 2017.
Fri, 25 Feb 2022 17:13:39 +0000
Some details of the DDoS attacks targeting Ukraine and Russia in recent days
https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/
360 Netlab Blog - Network Security Research Lab at 360
Some details of the DDoS attacks targeting Ukraine and Russia in recent days
At 360Netlab, we continuously track botnets on a global scale through our BotMon system. In particular, for DDoS-related botnets, we further tap into their C2 communications to enable us really see the details of the attacks. Equipped with this visibility…
Fri, 25 Feb 2022 19:41:50 +0000
Technical Analysis of PartyTicket Ransomware
https://www.zscaler.com/blogs/security-research/technical-analysis-partyticket-ransomware
Zscaler
Technical Analysis of PartyTicket Ransomware | Zscaler
PartyTicket Ransomware Used as a Diversion From Hermetic Wiper Attack
https://datastudio.google.com/reporting/844f1ec8-f136-40d0-8408-14625e34d28a/page/nklmC
Накидал данных по геопривязке IP индикаторов за 11.02 - 25.02
Выбрал топ по кол-ву индикаторов.
Накидал данных по геопривязке IP индикаторов за 11.02 - 25.02
Выбрал топ по кол-ву индикаторов.
Google Data Studio
IP IOCs by Geolocation (2022-02-11 - 2022.02.25)
Google Data Studio turns your data into informative dashboards and reports that are easy to read, easy to share, and fully customizable.
Sat, 26 Feb 2022 00:15:53 +0000
BlackCat ransomware
https://cybersecurity.att.com/blogs/labs-research/blackcat-ransomware
LevelBlue
BlackCat ransomware
This blog was jointly written with Santiago Cortes. Executive summary LevelBlue Labs™ is writing this report about recently created ransomware malware dubbed BlackCat which was used in a January 2022 campaign against two international oil companies headquartered…
Sat, 26 Feb 2022 19:07:46 +0000
HermeticWiper & resurgence of targeted attacks on Ukraine
https://www.zscaler.com/blogs/security-research/hermeticwiper-resurgence-targeted-attacks-ukraine
Zscaler
HermeticWiper & resurgence of targeted attacks on Ukraine | Zscaler
Sun, 27 Feb 2022 01:23:17 +0000
Something strange is going on with Trickbot
https://intel471.com/blog/trickbot-2022-emotet-bazar-loader
Intel471
Something strange is going on with Trickbot
There hasn't been any new activity from the Trickbot malware in 2022. Why?
Sun, 27 Feb 2022 01:23:45 +0000
MAR–10369127–1.v1 – MuddyWater
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-055a
Mon, 28 Feb 2022 01:07:02 +0000
CoinMiner Being Distributed to Vulnerable MS-SQL Servers
https://asec.ahnlab.com/en/32143/
ASEC BLOG
CoinMiner Being Distributed to Unsecured MS-SQL Servers - ASEC BLOG
The ASEC analysis team is constantly monitoring malware distributed to unsecured MS-SQL servers. The previous blogs explained the distribution cases of Cobalt Strike and Remcos RAT, but the majority of the discovered attacks are CoinMiners. – [ASEC Blog] Remcos…