CTT Report Hub – Telegram

CTT Report Hub

3.13K subscribers

7.51K photos

5 videos

67 files

11.2K links

Threat Intelligence Report Hub
https://cyberthreat.tech
ООО Технологии киберугроз
Contact: @nikolaiav

Download Telegram

About

Blog

Apps

Platform

3.13K subscribers

Wed, 23 Mar 2022 00:28:02 +0000

Distribution of ClipBanker Disguised as Malware Creation Tool

https://asec.ahnlab.com/en/32825/

Distribution of ClipBanker Disguised as Malware Creation Tool - ASEC

The ASEC analysis team has recently discovered a distribution of ClipBanker disguised as a malware creation tool. ClipBanker is a malware that monitors the clipboard of the infected system. If a string for a coin wallet address is copied, the malware changes…

85 views00:38

Wed, 23 Mar 2022 00:57:04 +0000

Word Document Attack Targeting Companies Specialized in Carbon Emissions

https://asec.ahnlab.com/en/32822/

Word Document Attack Targeting Companies Specialized in Carbon Emissions - ASEC BLOG

On March 18th, the ASEC analysis team discovered a document-borne APT attack targeting companies specialized in carbon emissions. According to logs collected from AhnLab’s ASD (AhnLab Smart Defense), the user of the infected PC appears to have downloaded…

89 views01:08

Wed, 23 Mar 2022 12:27:08 +0000

Operation Dragon Castling: APT group targeting betting companies

https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/?utm_source=rss&utm_medium=rss&utm_campaign=operation-dragon-castling-apt-group-targeting-betting-companies

Operation Dragon Castling: APT group targeting betting companies

APT Targets Betting Firms Clandestinely

83 views12:38

Wed, 23 Mar 2022 16:32:32 +0000

Midas Ransomware : Tracing the Evolution of Thanos Ransomware Variants

https://www.zscaler.com/blogs/security-research/midas-ransomware-tracing-evolution-thanos-ransomware-variants

A Study of Thanos Ransomware Variants | Zscaler Blog

Thanos-based ransomware was on rise in 2021. Learn about Prometheus, Haron, Spook and Midas double-extortion ransomware variants.

82 views16:38

Wed, 23 Mar 2022 16:54:35 +0000

GodFather Malware Under the Lens

https://blog.cyble.com/2022/03/23/godfather-malware-under-the-lens/

GodFather Malware Under the Lens

Cyble takes a look at the GodFather Android malware variant that has recently been targeting European banking users.

82 views17:08

Wed, 23 Mar 2022 23:49:03 +0000

Mustang Panda’s Hodur: Old tricks, new Korplug variant

https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant/

Mustang Panda’s Hodur: Old tricks, new Korplug variant

ESET research uncovers Hodur, a new variant of Korplug malware that is being spread by Mustang Panda and uses phishing lures referencing the war in Ukraine.

79 views23:53

Wed, 23 Mar 2022 23:49:54 +0000

Bad Actors Trying to Capitalize on Current Events via Shameless Email Scams

https://www.fortinet.com/blog/threat-research/bad-actors-capitalize-current-events-email-scams

Beware of Email Scams Related to Current Events | FortiGuard Labs

FortiGuard Labs uncovered tax themed phishing scams. Read our blog to learn more about how to avoid these socially engineered email scams this season.…

81 views23:53

Wed, 23 Mar 2022 23:50:40 +0000

MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II

https://www.fortinet.com/blog/threat-research/ms-office-files-involved-again-in-recent-emotet-trojan-campaign-part-ii

MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part II

FortiGuard Labs discovered more than 500 Microsoft Excel files involved in a campaign to deliver a fresh Emotet Trojan variant. Read part II of our analysis to learn more about malicious modules in…

81 views23:53

Thu, 24 Mar 2022 09:12:40 +0000

Coper Banking Trojan

https://blog.cyble.com/2022/03/24/coper-banking-trojan/

Coper Banking Trojan

Cyble Research Labs analyses the latest variant of the Coper Banking Trojan that is posing as a Google Play Store installer.

78 views09:23

Thu, 24 Mar 2022 13:52:14 +0000

Windows Subsystem for Linux (WSL): Threats Still Lurk Below the (Sub)Surface

https://blog.lumen.com/windows-subsystem-for-linux-wsl-threats/?utm_source=rss&utm_medium=rss&utm_campaign=windows-subsystem-for-linux-wsl-threats

Windows Subsystem for Linux (WSL): Threats Still Lurk Below the (Sub)Surface

Last fall, Black Lotus Labs discovered in the wild what had until then only been theorized: Linux binaries were being used as loaders in WSL.

91 views13:53

Thu, 24 Mar 2022 16:04:44 +0000

Countering threats from North Korea

https://blog.google/threat-analysis-group/countering-threats-north-korea/

Countering threats from North Korea

On February 10, Threat Analysis Group discovered two distinct North Korean government-backed attacker groups exploiting a remote code execution vulnerability in Chrome, CVE-2022-0609.

79 views16:08

Пока получаются автоматически генерить вот такие саммари.
Движок генерит еще кучу артефактов:
- Исходный отчет в формате HTML
- PDF и HTML отчета, очищенный от рекламы и лишнего мусора
- Скрин сайта
- Текстовую модель отчета (текст, разбитый на главы, абзацы и предложения)
- Модель со связями значимых токенов в тексте (кто кого дропает, откуда качается зараза, кто для кого C2 и т.д.)
- Собственно JSON с индикаторами (движ умеет понять что в отчете идут связки MD5+SHA1+SHA256 (или иные комбинации) и объединить их в хэши одного бинаря)
Движок еще требует иногда заглядывать и проверять что он там нашел, но очень многое он уже делать без моего участия.
Еще потестю и переведу постинг на этот движок.

З.ы. Алиасы имен малварей и группировок генерализируются.
З.З.ы. Все индикаторы попадают в наш фид https://rstcloud.net

RST Cloud - Threat Intelligence Solutions

The ultimate source of comprehensive and actual knowledge about cybersecurity threats from all over the world in a ready-to-use format available via API

79 viewsedited 00:28

Forwarded from RST Cloud Monitoring

23-03-2022
Mustang Pandas Hodur: Old tricks, new Korplug variant

https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant

Actors/Campaigns:
Red_delta (malware, rat, dns, phishing, backdoor)

Threats:
Hodur_rat (malware, rat, dns, phishing, backdoor)
Plugx_rat (malware, rat, dns, phishing, backdoor)
Thor (backdoor)
Cobalt_strike
Poison_ivy
Watering_hole_technique
Sunburst
Delf

Industry:
Media, Telco, Government

Geo:
Cyprus, Greece, Sudan, Asia, Mongolia, Africa, Myanmar, Ukraines, Vietnam, Russia, African, Ukraine

TTPs:
Tactics: 9
Technics: 44

IOCs:
File: 5
IP: 10
Hash: 28
Domain: 4

Links:
https://github.com/kcreyts/plugxdecoder

Mustang Panda’s Hodur: Old tricks, new Korplug variant

ESET research uncovers Hodur, a new variant of Korplug malware that is being spread by Mustang Panda and uses phishing lures referencing the war in Ukraine.

77 views00:28

Forwarded from RST Cloud Monitoring

80 views00:28

Fri, 25 Mar 2022 00:31:06 +0000

APT Attack Using Word Files About Cryptocurrency (Kimsuky)

https://asec.ahnlab.com/en/32958/

APT Attack Using Word Files About Cryptocurrency (Kimsuky) - ASEC

APT Attack Using Word Files About Cryptocurrency (Kimsuky) ASEC

87 views00:38

Fri, 25 Mar 2022 12:35:15 +0000

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

https://www.trendmicro.com/en_us/research/22/c/purple-fox-uses-new-arrival-vector-and-improves-malware-arsenal.html

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

79 views12:38

Fri, 25 Mar 2022 16:55:09 +0000

Conti Continues Attacks With an Updated Ransomware Version Despite Leaks

https://www.zscaler.com/blogs/security-research/conti-continues-attacks-updated-ransomware-version-despite-leaks

Conti Continues Attacks With an Updated Ransomware Version Despite Leaks | Zscaler

Conti continues to attack organizations despite recent leaks with updated ransomware that can encrypt files in Windows Safe Mode

78 views17:08

Fri, 25 Mar 2022 17:55:05 +0000

Conti Ransomware Attacks Persist With an Updated Version Despite Leaks

https://www.zscaler.com/blogs/security-research/conti-ransomware-attacks-persist-updated-version-despite-leaks

Despite Leaks, Conti Ransomware Attacks Persist | Zscaler

Conti ransomware attacks continue despite recent leaks with an updated version that adds new features including file encryption in Windows Safe Mode.

76 views18:08

Fri, 25 Mar 2022 18:55:32 +0000

Escobar Malware: An emerging threat to stealing credentials from your Phone

https://www.secureblink.com/threat-research/escobar-malware:-an-emerging-threat-to-stealing-credentials-from-your-phone

Escobar Malware: An emerging threat to stealing credentials from your Phone | Secure Blink

Aberebot, Android banking trojan resurrected with a new name as Escobar Trojan with updated features while offering a homage to Colombian Drug Lord...

70 views19:08

Fri, 25 Mar 2022 22:47:11 +0000

Threat Advisory: DoubleZero

http://blog.talosintelligence.com/2022/03/threat-advisory-doublezero.html

Cisco Talos Blog

Threat Advisory: DoubleZero

This post is also available in:

Українська (Ukrainian)

Overview

The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion…

70 views22:53

Fri, 25 Mar 2022 22:50:27 +0000

New JSSLoader Trojan Delivered Through XLL Files

https://blog.morphisec.com/new-jssloader-trojan-delivered-through-xll-files

New JSSLoader Trojan Delivered Through XLL Files

Read how a new variant of JSSLoader, delivered via .XLL files, utilizes the Excel add-ins feature to load the malware and inspect the changes inside.

74 views22:53