Thu, 24 Feb 2022 18:36:42 +0000
Hermetic Wiper & resurgence of targeted attacks on Ukraine
https://www.zscaler.com/blogs/security-research/hermetic-wiper-resurgence-targeted-attacks-ukraine
Zscaler
Hermetic Wiper & resurgence of targeted attacks on Ukraine | Zscaler
Ukraine Targeted Attacks Wiper
Fri, 25 Feb 2022 01:09:38 +0000
New Infostealer ‘ColdStealer’ Being Distributed
https://asec.ahnlab.com/en/32090/
ASEC BLOG
New Infostealer 'ColdStealer' Being Distributed - ASEC BLOG
The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer. The malware disguises itself as a software download for cracks and tools, a distribution method that was mentioned multiple times in previous…
Fri, 25 Feb 2022 13:29:00 +0000
Threat updates – A new IcedID GZipLoader variant
https://threatray.com/blog/a-new-icedid-gziploader-variant/
Threatray
Threat updates: A new IcedID GZipLoader variant | Threatray
IcedId is a modular banking Trojan discovered in 2017.
Fri, 25 Feb 2022 17:13:39 +0000
Some details of the DDoS attacks targeting Ukraine and Russia in recent days
https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/
360 Netlab Blog - Network Security Research Lab at 360
Some details of the DDoS attacks targeting Ukraine and Russia in recent days
At 360Netlab, we continuously track botnets on a global scale through our BotMon system. In particular, for DDoS-related botnets, we further tap into their C2 communications to enable us really see the details of the attacks. Equipped with this visibility…
Fri, 25 Feb 2022 19:41:50 +0000
Technical Analysis of PartyTicket Ransomware
https://www.zscaler.com/blogs/security-research/technical-analysis-partyticket-ransomware
Zscaler
Technical Analysis of PartyTicket Ransomware | Zscaler
PartyTicket Ransomware Used as a Diversion From Hermetic Wiper Attack
https://datastudio.google.com/reporting/844f1ec8-f136-40d0-8408-14625e34d28a/page/nklmC
Накидал данных по геопривязке IP индикаторов за 11.02 - 25.02
Выбрал топ по кол-ву индикаторов.
Накидал данных по геопривязке IP индикаторов за 11.02 - 25.02
Выбрал топ по кол-ву индикаторов.
Google Data Studio
IP IOCs by Geolocation (2022-02-11 - 2022.02.25)
Google Data Studio turns your data into informative dashboards and reports that are easy to read, easy to share, and fully customizable.
Sat, 26 Feb 2022 00:15:53 +0000
BlackCat ransomware
https://cybersecurity.att.com/blogs/labs-research/blackcat-ransomware
LevelBlue
BlackCat ransomware
This blog was jointly written with Santiago Cortes. Executive summary LevelBlue Labs™ is writing this report about recently created ransomware malware dubbed BlackCat which was used in a January 2022 campaign against two international oil companies headquartered…
Sat, 26 Feb 2022 19:07:46 +0000
HermeticWiper & resurgence of targeted attacks on Ukraine
https://www.zscaler.com/blogs/security-research/hermeticwiper-resurgence-targeted-attacks-ukraine
Zscaler
HermeticWiper & resurgence of targeted attacks on Ukraine | Zscaler
Sun, 27 Feb 2022 01:23:17 +0000
Something strange is going on with Trickbot
https://intel471.com/blog/trickbot-2022-emotet-bazar-loader
Intel471
Something strange is going on with Trickbot
There hasn't been any new activity from the Trickbot malware in 2022. Why?
Sun, 27 Feb 2022 01:23:45 +0000
MAR–10369127–1.v1 – MuddyWater
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-055a
Mon, 28 Feb 2022 01:07:02 +0000
CoinMiner Being Distributed to Vulnerable MS-SQL Servers
https://asec.ahnlab.com/en/32143/
ASEC BLOG
CoinMiner Being Distributed to Unsecured MS-SQL Servers - ASEC BLOG
The ASEC analysis team is constantly monitoring malware distributed to unsecured MS-SQL servers. The previous blogs explained the distribution cases of Cobalt Strike and Remcos RAT, but the majority of the discovered attacks are CoinMiners. – [ASEC Blog] Remcos…
Mon, 28 Feb 2022 11:24:52 +0000
Exclusive in-depth analysis: directly attack the key technical details of Ukraine’s cyber warfare
https://blog.360totalsecurity.com/en/exclusive-in-depth-analysis-directly-attack-the-key-technical-details-of-ukraines-cyber-warfare/
360 Total Security Blog
Exclusive-in-depth-analysis: directly-attack-the-key-technical-details-of-Ukraine's-cyber-warfare
Recently, 360 Security Center observed a state-level cyber warfare attack against Ukraine for the purpose of sabotage, including distributed denial of service (DDoS) attacks, phishing scams, exploits, supply chain attacks, malicious data wipes disguised as…
Mon, 28 Feb 2022 15:23:06 +0000
Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign
https://us-cert.cisa.gov/ncas/current-activity/2022/02/28/broadcom-software-discloses-apt-actors-deploying-daxin-malware
Коллеги, прошу прощения, что не все TI-отчеты попадают на канал.
Пока работает старая версия робота для определения TI-отчета в потоке новостей. Раньше, то что не смог определить робот я докидывал в канал руками.
Сейчас все силы бросил на дописывание новой версии робота.
Надеюсь, что через неделю запущу его в продакшен.
Пока работает старая версия робота для определения TI-отчета в потоке новостей. Раньше, то что не смог определить робот я докидывал в канал руками.
Сейчас все силы бросил на дописывание новой версии робота.
Надеюсь, что через неделю запущу его в продакшен.
👍1
Tue, 01 Mar 2022 14:18:27 +0000
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
Security
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
Espionage tool is the most advanced piece of malware Symantec researchers have seen from China-linked actors.
Tue, 01 Mar 2022 14:19:05 +0000
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
https://news.sophos.com/en-us/2022/02/28/conti-and-karma-actors-attack-healthcare-provider-at-same-time-through-proxyshell-exploits/
Sophos News
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
An unpatched Microsoft Exchange Server let both ransomware actors in; Karma just stole data, while Conti encrypted.
Tue, 01 Mar 2022 14:20:28 +0000
Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot
https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/
Unit 42
Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot
An attack in early February targeted an energy organization in Ukraine with OutSteel and SaintBot. The attack is part of a larger campaign.
Tue, 01 Mar 2022 14:20:39 +0000
SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors
https://unit42.paloaltonetworks.com/sockdetour/
Unit 42
SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors
SockDetour is a custom backdoor being used to maintain persistence, designed to serve as a backup backdoor in case the primary one is removed.