Fri, 25 Mar 2022 00:31:06 +0000
APT Attack Using Word Files About Cryptocurrency (Kimsuky)
https://asec.ahnlab.com/en/32958/
ASEC
APT Attack Using Word Files About Cryptocurrency (Kimsuky) - ASEC
APT Attack Using Word Files About Cryptocurrency (Kimsuky) ASEC
Fri, 25 Mar 2022 12:35:15 +0000
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
https://www.trendmicro.com/en_us/research/22/c/purple-fox-uses-new-arrival-vector-and-improves-malware-arsenal.html
Trend Micro
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal
Fri, 25 Mar 2022 16:55:09 +0000
Conti Continues Attacks With an Updated Ransomware Version Despite Leaks
https://www.zscaler.com/blogs/security-research/conti-continues-attacks-updated-ransomware-version-despite-leaks
Zscaler
Conti Continues Attacks With an Updated Ransomware Version Despite Leaks | Zscaler
Conti continues to attack organizations despite recent leaks with updated ransomware that can encrypt files in Windows Safe Mode
Fri, 25 Mar 2022 17:55:05 +0000
Conti Ransomware Attacks Persist With an Updated Version Despite Leaks
https://www.zscaler.com/blogs/security-research/conti-ransomware-attacks-persist-updated-version-despite-leaks
Zscaler
Despite Leaks, Conti Ransomware Attacks Persist | Zscaler
Conti ransomware attacks continue despite recent leaks with an updated version that adds new features including file encryption in Windows Safe Mode.
Fri, 25 Mar 2022 18:55:32 +0000
Escobar Malware: An emerging threat to stealing credentials from your Phone
https://www.secureblink.com/threat-research/escobar-malware:-an-emerging-threat-to-stealing-credentials-from-your-phone
Secureblink
Escobar Malware: An emerging threat to stealing credentials from your Phone | Secure Blink
Aberebot, Android banking trojan resurrected with a new name as Escobar Trojan with updated features while offering a homage to Colombian Drug Lord...
Fri, 25 Mar 2022 22:47:11 +0000
Threat Advisory: DoubleZero
http://blog.talosintelligence.com/2022/03/threat-advisory-doublezero.html
Cisco Talos Blog
Threat Advisory: DoubleZero
This post is also available in:
Українська (Ukrainian)
Overview
The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion…
Українська (Ukrainian)
Overview
The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion…
Fri, 25 Mar 2022 22:50:27 +0000
New JSSLoader Trojan Delivered Through XLL Files
https://blog.morphisec.com/new-jssloader-trojan-delivered-through-xll-files
Morphisec
New JSSLoader Trojan Delivered Through XLL Files
Read how a new variant of JSSLoader, delivered via .XLL files, utilizes the Excel add-ins feature to load the malware and inspect the changes inside.
Fri, 25 Mar 2022 22:52:26 +0000
Serpent Backdoor Slithers into Orgs Using Chocolatey Installer
https://www.proofpoint.com/us/newsroom/news/serpent-backdoor-slithers-orgs-using-chocolatey-installer
Threat Post
Serpent Backdoor Slithers into Orgs Using Chocolatey Installer
An unusual attack using an open-source package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies.
Corporate user target of the malicious Word document circulated among
https://translate.yandex.ru/translate?url=https%3A%2F%2Fasec.ahnlab.com%2Fko%2F33034%2F&lang=ko-en
https://translate.yandex.ru/translate?url=https%3A%2F%2Fasec.ahnlab.com%2Fko%2F33034%2F&lang=ko-en
translate.yandex.ru
Переводчик сайтов онлайн на русский и другие языки – Яндекс.Переводчик
Перевод сайтов с английского, немецкого, французского, испанского, польского, турецкого и других языков на русский и обратно. Работает в режиме онлайн.
Fri, 25 Mar 2022 22:55:25 +0000
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cyber-attackers-leverage-russia-ukraine-conflict-in-multiple-spam-campaigns/
Trustwave
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns
The Trustwave SpiderLabs email security team has been monitoring the ongoing Russia-Ukraine crisis to ensure that our clients are protected and aware of any imminent threats. This research blog captures some of the phishing email threats we have discovered.
Fri, 25 Mar 2022 23:01:30 +0000
Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks
https://lab52.io/blog/another-cyber-espionage-campaign-in-the-russia-ukrainian-ongoing-cyber-attacks/
Mon, 28 Mar 2022 00:31:01 +0000
BitRAT Disguised as Officer Installer Being Distributed
https://asec.ahnlab.com/en/33024/
ASEC BLOG
BitRAT Disguised as Officer Installer Being Distributed - ASEC BLOG
The ASEC analysis team previously uploaded a post about BitRAT that was distributed under the disguise of Windows OS license verification tool. The BitRAT is now being distributed as Office Installer with different files, preying upon potential victims. The…
Mon, 28 Mar 2022 00:31:01 +0000
VBS Script Disguised as PDF File Being Distributed (Kimsuky)
https://asec.ahnlab.com/en/33032/
ASEC BLOG
VBS Script Disguised as PDF File Being Distributed (Kimsuky) - ASEC BLOG
On March 23rd, the ASEC analysis team has discovered APT attacks launched by an attack group presumed to be Kimsuky, and they targeted certain Korean companies. Upon running the script file with the VBS extension, the malware runs the innocuous PDF file that…
Mon, 28 Mar 2022 08:05:49 +0000
Dissecting the Kazy Crypter
https://labs.k7computing.com/index.php/dissecting-the-kazy-crypter/
K7 Labs
Dissecting the Kazy Crypter
Kazy Crypter has been sold in many underground forums and markets since 2014. The cost of this crypter averages between […]
Mon, 28 Mar 2022 12:23:12 +0000
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/?utm_source=rss&utm_medium=rss&utm_campaign=avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool
Avast Threat Labs
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool - Avast Threat Labs
Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.
28-03-2022
BitRAT Disguised as Officer Installer Being Distributed
https://asec.ahnlab.com/en/33024
Threats:
Sbit_rat (tags: malware)
Malware/mdp.download.m1197
Geo:
Korean
IOCs:
File: 1
Hash: 5
BitRAT Disguised as Officer Installer Being Distributed
https://asec.ahnlab.com/en/33024
Threats:
Sbit_rat (tags: malware)
Malware/mdp.download.m1197
Geo:
Korean
IOCs:
File: 1
Hash: 5
ASEC BLOG
BitRAT Disguised as Officer Installer Being Distributed - ASEC BLOG
The ASEC analysis team previously uploaded a post about BitRAT that was distributed under the disguise of Windows OS license verification tool. The BitRAT is now being distributed as Office Installer with different files, preying upon potential victims. The…
#ParsedReport
28-03-2022
Dissecting the Kazy Crypter
https://labs.k7computing.com/index.php/dissecting-the-kazy-crypter
Threats:
Kazy (tags: malware, trojan, ransomware, rat)
Luminosity_rat
Nanocore_rat
IOCs:
File: 1
Hash: 2
28-03-2022
Dissecting the Kazy Crypter
https://labs.k7computing.com/index.php/dissecting-the-kazy-crypter
Threats:
Kazy (tags: malware, trojan, ransomware, rat)
Luminosity_rat
Nanocore_rat
IOCs:
File: 1
Hash: 2
K7 Labs
Dissecting the Kazy Crypter
Kazy Crypter has been sold in many underground forums and markets since 2014. The cost of this crypter averages between […]
#ParsedReport
28-03-2022
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/?utm_source=rss&utm_medium=rss&utm_campaign=avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool
Threats:
Quasar_rat
Geo:
Philippines, Philippine
IOCs:
Domain: 1
Path: 1
Hash: 1
File: 1
Links:
28-03-2022
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/?utm_source=rss&utm_medium=rss&utm_campaign=avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool
Threats:
Quasar_rat
Geo:
Philippines, Philippine
IOCs:
Domain: 1
Path: 1
Hash: 1
File: 1
Links:
https://github.com/avast/ioc/tree/master/Philippine-Navy-CertificateAvast Threat Labs
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool - Avast Threat Labs
Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.
#ParsedReport
28-03-2022
Minerva Labs Blog
https://blog.minerva-labs.com/suncrypt-ransomware-gains-new-abilities-in-2022
Threats:
Suncrypt (tags: ransomware)
Industry:
Retail
Geo:
Switzerland
IOCs:
File: 38
28-03-2022
Minerva Labs Blog
https://blog.minerva-labs.com/suncrypt-ransomware-gains-new-abilities-in-2022
Threats:
Suncrypt (tags: ransomware)
Industry:
Retail
Geo:
Switzerland
IOCs:
File: 38
Rapid7
Managed Threat Complete Solution - Rapid7
Rapid7’s Managed Threat Complete with unlimited incident response and vulnerability management. Contain costs and eliminate threats. Get Started Now.