Ukraine-Themed Malspam Drops Agent Tesla
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/ukraine-themed-malspam-drops-agent-tesla/
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/ukraine-themed-malspam-drops-agent-tesla/
Infoblox Blog
Agent Tesla Malware Delivered Through Russia & Ukraine Related Emails | Infoblox
The Agent Tesla malspam campaign has been observed using messages related to the conflict in Ukraine. Learn the indicators and mitigation techniques now.
Deep Analysis of Redline Stealer: Leaked Credential with WCF
https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904
https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904
Medium
Deep Analysis of Redline Stealer: Leaked Credential with WCF
Author: Jiho Kim | S2W TALON
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Fox-IT International blog
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay An…
RuRAT Used In Spear-Phishing Attacks Against Media Organisations In United States
https://cluster25.io/2022/03/03/rurat-used-in-spear-phishing-attacks-against-media-organisations-in-united-states/
https://cluster25.io/2022/03/03/rurat-used-in-spear-phishing-attacks-against-media-organisations-in-united-states/
Sat, 05 Mar 2022 16:12:20 +0000
Government
Legitimate Sites used as Cobalt Strike C2s against Indian
Government
https://www.telsy.com/legitimate-sites-used-as-cobalt-strike-c2s-against-indian-government/
Telsy
Legitimate Sites used as Cobalt Strike C2s against Indian Government - Telsy
Telsy Threat Intelligence team observed a Cobalt Strike attack against members of the Indian government or local institutions.
Targeted APT Activity: BABYSHARK Is Out for Blood
https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood
https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood
Huntress
Targeted APT Activity: BABYSHARK Is Out for Blood | Huntress
We discovered malicious, targeted advanced persistent threat (APT) activity on a partner's system. Here, we dive into the BABYSHARK malware strain.
Sat, 05 Mar 2022 17:39:25 +0000
Beware of malware offering “Warm greetings from Saudi Aramco”
https://blog.malwarebytes.com/threat-intelligence/2022/03/beware-of-malware-offering-warm-greetings-from-saudi-aramco/
Malwarebytes Labs
Beware of malware offering "Warm greetings from Saudi Aramco"
A new Formbook campaign is targeting oil and gas companies.
Malware now using NVIDIA's stolen code signing certificates
https://www.bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates/
https://www.bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates/
BleepingComputer
Malware now using NVIDIA's stolen code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.
Не TI-отчет, но про противостояние в киберпространстве.
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge
https://www.nytimes.com/2022/03/04/technology/ukraine-russia-hackers.html?smid=tw-share
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge
https://www.nytimes.com/2022/03/04/technology/ukraine-russia-hackers.html?smid=tw-share
NY Times
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge
The hackers have claimed a number of disruptions over the past week, blurring the lines between amateurs and groups linked to governments.
Sun, 06 Mar 2022 18:24:58 +0000
TeaBot: revamped banking trojan resurrected to steal SMS & other credentials of android users
https://www.secureblink.com/threat-research/teabot:-revamped-banking-trojan-resurrected-to-steal-sms-and-other-credentials-of-android-users
Secureblink
TeaBot: revamped banking trojan resurrected to steal SMS & other credentials of android users | Secure Blink
TeaBot resurrected with evolved malware distribution tactics active across Google Play Store, primarily circulating through OR Code Apps…
Mon, 07 Mar 2022 01:11:56 +0000
Distribution of Remcos RAT Disguised as Tax Invoice
https://asec.ahnlab.com/en/32376/
ASEC BLOG
Distribution of Remcos RAT Disguised as Tax Invoice - ASEC BLOG
The ASEC analysis team has discovered Remcos RAT being distributed under the disguise of a tax invoice. The content and the type of phishing email are similar to the type that has been consistently discussed in previous blogs. Within the email, it has a short…
Mon, 07 Mar 2022 21:58:15 +0000
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I
https://www.fortinet.com/blog/threat-research/ms-office-files-involved-in-emotet-trojan-campaign-pt-one
Fortinet Blog
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I
FortiGuard Labs discovered more than 500 Microsoft Excel files involved in a campaign to deliver a fresh Emotet Trojan variant. Read to learn more how to avoid this lure.…
Mon, 07 Mar 2022 22:05:21 +0000
An update on the threat landscape
https://blog.google/threat-analysis-group/update-threat-landscape-ukraine/
Google
An update on the threat landscape
Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service provide…
Tue, 08 Mar 2022 00:50:28 +0000
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european
Proofpoint
TA416: Activity, Techniques, & Targeting Explained | Proofpoint US
Proofpoint provides insights into TA416's activity targeting European governments as conflict in Ukraine escalates. Learn more about this Chinese state threat group.
Tue, 08 Mar 2022 01:02:53 +0000
njRAT Being Distributed via Webhards
https://asec.ahnlab.com/en/32450/
ASEC BLOG
njRAT Being Distributed via Webhards - ASEC BLOG
Webhards is a platform used to distribute malware, and it is mainly used by attackers that mainly target Korean users. The ASEC analysis team has been monitoring malware types distributed through webhards and has uploaded multiple blog posts about them in…
Tue, 08 Mar 2022 01:02:53 +0000
Malicious HWP File Disguised as Press Release of 20th Presidential Election Early Voting for Sailors Being Distributed
https://asec.ahnlab.com/en/32456/
ASEC BLOG
Malicious HWP File Disguised as Press Release of 20th Presidential Election Early Voting for Sailors Being Distributed - ASEC BLOG
The ASEC analysis team has discovered distribution of malicious HWP file disguised as “Press Release of 20th Presidential Election Early Voting for Sailors” as the presidential election draws near. The attacker distributed the malicious HWP file on February…
Tue, 08 Mar 2022 13:12:19 +0000
New RURansom Wiper Targets Russia
https://www.trendmicro.com/en_us/research/22/c/new-ruransom-wiper-targets-russia.html
Trend Micro
New RURansom Wiper Targets Russia
We analyze RURansom, a malware variant discovered to be targeting Russia. Originally suspected to be a ransomware because of its name, analysis reveals RURansom to be a wiper.
Tue, 08 Mar 2022 15:36:05 +0000
Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
https://www.mandiant.com/resources/apt41-us-state-governments
Google Cloud Blog
APT41 Targeting U.S. State Government Networks | Mandiant | Google Cloud Blog
We detail APT41's persistent effort that allowed them to successfully compromise at least 6 U.S. state government networks by exploiting vulnerable web apps.
Tue, 08 Mar 2022 16:47:38 +0000
Fake Purchase Order Used to Deliver Agent Tesla
https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla
Fortinet Blog
Fake Purchase Order Used to Deliver Agent Tesla
FortiGuard Labs discovered a phishing email addressed to a Ukrainian recipient that masqueraded as purchase order containing a PPT attachment aiming to deploy the Agent Tesla RAT. Learn more.…
Tue, 08 Mar 2022 16:49:37 +0000
FBI Releases Indicators of Compromise for RagnarLocker Ransomware
https://us-cert.cisa.gov/ncas/current-activity/2022/03/08/fbi-releases-indicators-compromise-ragnarlocker-ransomware
Tue, 08 Mar 2022 16:49:40 +0000
Daxin Backdoor: In-Depth Analysis, Part One
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-malware-espionage-analysis
Security
Daxin Backdoor: In-Depth Analysis, Part One
In the first of a two-part series of blogs, we will delve deeper into Daxin, examining the driver initialization, networking, key exchange, and backdoor functionality of the malware.