Fri, 25 Mar 2022 22:47:11 +0000
Threat Advisory: DoubleZero
http://blog.talosintelligence.com/2022/03/threat-advisory-doublezero.html
Cisco Talos Blog
Threat Advisory: DoubleZero
This post is also available in:
Українська (Ukrainian)
Overview
The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion…
Українська (Ukrainian)
Overview
The Computer Emergency Response Team of Ukraine released an advisory on March 22, 2022 disclosing another wiper dubbed "DoubleZero" targeting Ukrainian enterprises during Russia's invasion…
Fri, 25 Mar 2022 22:50:27 +0000
New JSSLoader Trojan Delivered Through XLL Files
https://blog.morphisec.com/new-jssloader-trojan-delivered-through-xll-files
Morphisec
New JSSLoader Trojan Delivered Through XLL Files
Read how a new variant of JSSLoader, delivered via .XLL files, utilizes the Excel add-ins feature to load the malware and inspect the changes inside.
Fri, 25 Mar 2022 22:52:26 +0000
Serpent Backdoor Slithers into Orgs Using Chocolatey Installer
https://www.proofpoint.com/us/newsroom/news/serpent-backdoor-slithers-orgs-using-chocolatey-installer
Threat Post
Serpent Backdoor Slithers into Orgs Using Chocolatey Installer
An unusual attack using an open-source package installer called Chocolatey, steganography and Scheduled Tasks is stealthily delivering spyware to companies.
Corporate user target of the malicious Word document circulated among
https://translate.yandex.ru/translate?url=https%3A%2F%2Fasec.ahnlab.com%2Fko%2F33034%2F&lang=ko-en
https://translate.yandex.ru/translate?url=https%3A%2F%2Fasec.ahnlab.com%2Fko%2F33034%2F&lang=ko-en
translate.yandex.ru
Переводчик сайтов онлайн на русский и другие языки – Яндекс.Переводчик
Перевод сайтов с английского, немецкого, французского, испанского, польского, турецкого и других языков на русский и обратно. Работает в режиме онлайн.
Fri, 25 Mar 2022 22:55:25 +0000
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cyber-attackers-leverage-russia-ukraine-conflict-in-multiple-spam-campaigns/
Trustwave
Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns
The Trustwave SpiderLabs email security team has been monitoring the ongoing Russia-Ukraine crisis to ensure that our clients are protected and aware of any imminent threats. This research blog captures some of the phishing email threats we have discovered.
Fri, 25 Mar 2022 23:01:30 +0000
Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks
https://lab52.io/blog/another-cyber-espionage-campaign-in-the-russia-ukrainian-ongoing-cyber-attacks/
Mon, 28 Mar 2022 00:31:01 +0000
BitRAT Disguised as Officer Installer Being Distributed
https://asec.ahnlab.com/en/33024/
ASEC BLOG
BitRAT Disguised as Officer Installer Being Distributed - ASEC BLOG
The ASEC analysis team previously uploaded a post about BitRAT that was distributed under the disguise of Windows OS license verification tool. The BitRAT is now being distributed as Office Installer with different files, preying upon potential victims. The…
Mon, 28 Mar 2022 00:31:01 +0000
VBS Script Disguised as PDF File Being Distributed (Kimsuky)
https://asec.ahnlab.com/en/33032/
ASEC BLOG
VBS Script Disguised as PDF File Being Distributed (Kimsuky) - ASEC BLOG
On March 23rd, the ASEC analysis team has discovered APT attacks launched by an attack group presumed to be Kimsuky, and they targeted certain Korean companies. Upon running the script file with the VBS extension, the malware runs the innocuous PDF file that…
Mon, 28 Mar 2022 08:05:49 +0000
Dissecting the Kazy Crypter
https://labs.k7computing.com/index.php/dissecting-the-kazy-crypter/
K7 Labs
Dissecting the Kazy Crypter
Kazy Crypter has been sold in many underground forums and markets since 2014. The cost of this crypter averages between […]
Mon, 28 Mar 2022 12:23:12 +0000
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/?utm_source=rss&utm_medium=rss&utm_campaign=avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool
Avast Threat Labs
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool - Avast Threat Labs
Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.
28-03-2022
BitRAT Disguised as Officer Installer Being Distributed
https://asec.ahnlab.com/en/33024
Threats:
Sbit_rat (tags: malware)
Malware/mdp.download.m1197
Geo:
Korean
IOCs:
File: 1
Hash: 5
BitRAT Disguised as Officer Installer Being Distributed
https://asec.ahnlab.com/en/33024
Threats:
Sbit_rat (tags: malware)
Malware/mdp.download.m1197
Geo:
Korean
IOCs:
File: 1
Hash: 5
ASEC BLOG
BitRAT Disguised as Officer Installer Being Distributed - ASEC BLOG
The ASEC analysis team previously uploaded a post about BitRAT that was distributed under the disguise of Windows OS license verification tool. The BitRAT is now being distributed as Office Installer with different files, preying upon potential victims. The…
#ParsedReport
28-03-2022
Dissecting the Kazy Crypter
https://labs.k7computing.com/index.php/dissecting-the-kazy-crypter
Threats:
Kazy (tags: malware, trojan, ransomware, rat)
Luminosity_rat
Nanocore_rat
IOCs:
File: 1
Hash: 2
28-03-2022
Dissecting the Kazy Crypter
https://labs.k7computing.com/index.php/dissecting-the-kazy-crypter
Threats:
Kazy (tags: malware, trojan, ransomware, rat)
Luminosity_rat
Nanocore_rat
IOCs:
File: 1
Hash: 2
K7 Labs
Dissecting the Kazy Crypter
Kazy Crypter has been sold in many underground forums and markets since 2014. The cost of this crypter averages between […]
#ParsedReport
28-03-2022
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/?utm_source=rss&utm_medium=rss&utm_campaign=avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool
Threats:
Quasar_rat
Geo:
Philippines, Philippine
IOCs:
Domain: 1
Path: 1
Hash: 1
File: 1
Links:
28-03-2022
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/?utm_source=rss&utm_medium=rss&utm_campaign=avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool
Threats:
Quasar_rat
Geo:
Philippines, Philippine
IOCs:
Domain: 1
Path: 1
Hash: 1
File: 1
Links:
https://github.com/avast/ioc/tree/master/Philippine-Navy-CertificateAvast Threat Labs
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool - Avast Threat Labs
Avast Threat Intelligence Team has found a remote access tool (RAT) actively being used in the wild in the Philippines that uses what appears to be a compromised digital certificate belonging to the Philippine Navy.
#ParsedReport
28-03-2022
Minerva Labs Blog
https://blog.minerva-labs.com/suncrypt-ransomware-gains-new-abilities-in-2022
Threats:
Suncrypt (tags: ransomware)
Industry:
Retail
Geo:
Switzerland
IOCs:
File: 38
28-03-2022
Minerva Labs Blog
https://blog.minerva-labs.com/suncrypt-ransomware-gains-new-abilities-in-2022
Threats:
Suncrypt (tags: ransomware)
Industry:
Retail
Geo:
Switzerland
IOCs:
File: 38
Rapid7
Managed Threat Complete Solution - Rapid7
Rapid7’s Managed Threat Complete with unlimited incident response and vulnerability management. Contain costs and eliminate threats. Get Started Now.
#ParsedReport
28-03-2022
New Conversation Hijacking Campaign Delivering IcedID
https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid
Actors/Campaigns:
Shathak
Threats:
Icedid (tags: malware, ransomware, phishing, rat, proxy)
Pony
Gziploader
Qakbot (tags: phishing)
Proxyshell_vuln
Industry:
Financial
IOCs:
File: 1
Domain: 1
IP: 1
28-03-2022
New Conversation Hijacking Campaign Delivering IcedID
https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid
Actors/Campaigns:
Shathak
Threats:
Icedid (tags: malware, ransomware, phishing, rat, proxy)
Pony
Gziploader
Qakbot (tags: phishing)
Proxyshell_vuln
Industry:
Financial
IOCs:
File: 1
Domain: 1
IP: 1
Intezer
New Conversation Hijacking Campaign Delivering IcedID
This post describes the technical analysis of a new campaign detected by Intezer’s research team, which initiates attacks with a phishing email that uses conversation hijacking to deliver IcedID. The underground economy is constantly evolving with threat…
Ближайшие 3-4 месяца выхлоп парсера отчетов будет доступен вот тут: https://github.com/rstcloud/rstthreats/tree/master/tireports
Что там лежит:
- PDF и HTML из тела отчета
- Текстовая модель отчета в JSON
- Модель извлеченных из отчета "смыслов"
Если у вас есть какие-то идеи, что еще полезного можно включить в саммари, пишите в личку (контакт в описании канала).
Что там лежит:
- PDF и HTML из тела отчета
- Текстовая модель отчета в JSON
- Модель извлеченных из отчета "смыслов"
Если у вас есть какие-то идеи, что еще полезного можно включить в саммари, пишите в личку (контакт в описании канала).
GitHub
rstthreats/tireports at master · rstcloud/rstthreats
Aggregated Indicators of Compromise collected and cross-verified from multiple open and community-supported sources, enriched and ranked using our intelligence platform for you. Threat Intelligence...
#ParsedReport
28-03-2022
Spoofed Invoice Used to Drop IcedID
https://www.fortinet.com/blog/threat-research/spoofed-invoice-drops-iced-id
Threats:
Icedid (tags: dropper, phishing, malware)
Kryptik_trojan
Industry:
Retail, Financial, Petroleum
Geo:
Belize, Ukraine
IOCs:
IP: 3
Domain: 3
Hash: 5
28-03-2022
Spoofed Invoice Used to Drop IcedID
https://www.fortinet.com/blog/threat-research/spoofed-invoice-drops-iced-id
Threats:
Icedid (tags: dropper, phishing, malware)
Kryptik_trojan
Industry:
Retail, Financial, Petroleum
Geo:
Belize, Ukraine
IOCs:
IP: 3
Domain: 3
Hash: 5
Fortinet Blog
Spoofed Invoice Used to Drop IcedID | FortiGuard Labs
FortiGuard Labs discovered a spearphishing email for a Ukrainian fuel company with an attached invoice—seemingly from another fuel provider—that contains the IcedID Trojan. Read to learn more about…
APT attack disguised as North Korean defector resume format (VBS script)
https://asec-ahnlab-com.translate.goog/ko/33141/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
https://asec-ahnlab-com.translate.goog/ko/33141/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
ASEC BLOG
탈북자 이력서 양식을 가장한 APT 공격 (VBS 스크립트) - ASEC BLOG
ASEC 분석팀은 최근 대북 관련 내용의 피싱 메일을 통해 정보 유출 목적의 악성 VBS가 유포되고 있음을 확인하였다. 대북 관련 방송의 섭외 내용을 담고 있으며 압축 파일이 첨부되어 있다. 이력서 작성을 언급하여 첨부된 파일의 실행을 유도한다. 압축 파일 내부에는 악성 VBS 스크립트 파일이 존재한다. ‘2022 이력서 양식.vbs’ 파일의 간략한 행위는 다음과 같다. 정보 수집 및 전송 정상 한글 파일 생성 추가 악성 스크립트 파일 생성 및 작업 스케줄러…
#ParsedReport
29-03-2022
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
http://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
Actors/Campaigns:
Transparenttribe (tags: vpn, rat, trojan, malware)
Sidecopy
Armor_piercer
Threats:
Crimson_rat (tags: rat, keylogger, malware)
Oblique_rat
Capra_rat
Margulasrat_rat
Industry:
Media, Government
Geo:
India, Indian, Pakistan, Afghanistan
IOCs:
Domain: 7
Hash: 36
IP: 6
Url: 19
29-03-2022
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
http://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
Actors/Campaigns:
Transparenttribe (tags: vpn, rat, trojan, malware)
Sidecopy
Armor_piercer
Threats:
Crimson_rat (tags: rat, keylogger, malware)
Oblique_rat
Capra_rat
Margulasrat_rat
Industry:
Media, Government
Geo:
India, Indian, Pakistan, Afghanistan
IOCs:
Domain: 7
Hash: 36
IP: 6
Url: 19
Cisco Talos Blog
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay.
* Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well…
* Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are infecting victims with CrimsonRAT, their well…