#ParsedReport
29-03-2022
RED-LILIs Profile.
https://checkmarx.com/blog/a-beautiful-factory-for-malicious-packages
Actors/Campaigns:
Red_lili
Threats:
Nmap_tool
IOCs:
IP: 1
Domain: 2
File: 3
Links:
29-03-2022
RED-LILIs Profile.
https://checkmarx.com/blog/a-beautiful-factory-for-malicious-packages
Actors/Campaigns:
Red_lili
Threats:
Nmap_tool
IOCs:
IP: 1
Domain: 2
File: 3
Links:
https://gist.github.com/Aviadg/3e640afe6dcbc651958c270ff9e57c8dhttps://github.com/projectdiscovery/interactshCheckmarx
A Beautiful Factory for Malicious Packages
In the past month, Checkmarx SCS research team has been tracking the malicious activity of RED-LILI, which marks a significant milestone in the development of software supply-chain attacks. After gathering enough clues, the team has reconstructed this threat…
#ParsedReport
29-03-2022
From the Front Lines \| Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection
https://www.sentinelone.com/blog/hive-ransomware-deploys-novel-ipfuscation-technique
Threats:
Hive (tags: backdoor, malware, ransomware, rat)
Cobalt_strike (tags: malware, rat)
Lolbin (tags: ransomware)
Bloodhound_tool
Hellsgate_technique (tags: rat)
TTPs:
Tactics: 1
Technics: 10
IOCs:
Hash: 38
Path: 2
IP: 6
Domain: 2
YARA: Found
Links:
29-03-2022
From the Front Lines \| Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection
https://www.sentinelone.com/blog/hive-ransomware-deploys-novel-ipfuscation-technique
Threats:
Hive (tags: backdoor, malware, ransomware, rat)
Cobalt_strike (tags: malware, rat)
Lolbin (tags: ransomware)
Bloodhound_tool
Hellsgate_technique (tags: rat)
TTPs:
Tactics: 1
Technics: 10
IOCs:
Hash: 38
Path: 2
IP: 6
Domain: 2
YARA: Found
Links:
https://github.com/am0nsec/HellsGateSentinelOne
From the Front Lines | Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection
Learn how the Hive ransomware gang are using a simple yet effective obfuscation method to beat unwary enterprise defenses.
#ParsedReport
29-03-2022
Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
https://www.mandiant.com/resources/mobileiron-log4shell-exploitation
Actors/Campaigns:
Axiom
Unc3500
Unc961
Unc3535
Threats:
Log4shell_vuln
Xmrig_miner
Nexus_logger
Powershell_shell_tool
Holepunch_tool
Holedoor (tags: backdoor)
Darkdoor (tags: backdoor)
Chinachopper
Industry:
Government, Media, Education, Healthcare, Financial, Telco, Energy, Retail
Geo:
America, Asia, China
CVEs:
CVE-2021-44228 [Vulners]
Vulners score: 4.0
Exploitation: True
Patch: Official fix
Soft:
- apache log4j (2.0, 2.0, 2.0, 2.0, <2.3.1, <2.12.2, <2.15.0)
- siemens sppa-t3000 ses3000 firmware ()
- siemens captial (<2019.1, 2019.1, 2019.1)
- siemens comos ()
- siemens desigo cc advanced reports (4.0, 4.1, 4.2, 5.0, 5.1)
have more...
TTPs:
Tactics: 1
Technics: 0
IOCs:
Domain: 9
Url: 7
File: 5
IP: 22
Hash: 4
Links:
29-03-2022
Forged in Fire: A Survey of MobileIron Log4Shell Exploitation
https://www.mandiant.com/resources/mobileiron-log4shell-exploitation
Actors/Campaigns:
Axiom
Unc3500
Unc961
Unc3535
Threats:
Log4shell_vuln
Xmrig_miner
Nexus_logger
Powershell_shell_tool
Holepunch_tool
Holedoor (tags: backdoor)
Darkdoor (tags: backdoor)
Chinachopper
Industry:
Government, Media, Education, Healthcare, Financial, Telco, Energy, Retail
Geo:
America, Asia, China
CVEs:
CVE-2021-44228 [Vulners]
Vulners score: 4.0
Exploitation: True
Patch: Official fix
Soft:
- apache log4j (2.0, 2.0, 2.0, 2.0, <2.3.1, <2.12.2, <2.15.0)
- siemens sppa-t3000 ses3000 firmware ()
- siemens captial (<2019.1, 2019.1, 2019.1)
- siemens comos ()
- siemens desigo cc advanced reports (4.0, 4.1, 4.2, 5.0, 5.1)
have more...
TTPs:
Tactics: 1
Technics: 0
IOCs:
Domain: 9
Url: 7
File: 5
IP: 22
Hash: 4
Links:
https://github.com/cisagov/log4j-affected-dbMandiant
Forged in Fire: A Survey of MobileIron Log4Shell Exploitation | Mandiant
#ParsedReport
29-03-2022
New spear phishing campaign targets Russian dissidents
https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents
Actors/Campaigns:
Red_delta (tags: phishing)
Ghostwriter (tags: phishing)
Scarab (tags: phishing)
Threats:
Formbook (tags: phishing)
Quasar_rat (tags: phishing)
Cobalt_strike (tags: phishing)
Industry:
Media, Education, Telco, Government
Geo:
Russia, Madagascar, Ukraine
CVEs:
CVE-2021-40444 [Vulners]
Vulners score: 2.1
Exploitation: True
Patch: Official fix
Soft:
- microsoft windows 10 (-, 20h2, 21h1, 1607, 1809, 1909, 2004)
- microsoft windows 7 (-)
- microsoft windows 8.1 (-)
- microsoft windows rt 8.1 (-)
- microsoft windows server 2008 (-, r2)
have more...
CVE-2017-0199 [Vulners]
Vulners score: 9.6
Exploitation: True
Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, *)
- microsoft windows server 2012 (-)
- microsoft windows vista (*)
- microsoft office (2010, 2013, 2016, 2007)
- microsoft windows 7 (*)
have more...
IOCs:
Domain: 2
Hash: 6
29-03-2022
New spear phishing campaign targets Russian dissidents
https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents
Actors/Campaigns:
Red_delta (tags: phishing)
Ghostwriter (tags: phishing)
Scarab (tags: phishing)
Threats:
Formbook (tags: phishing)
Quasar_rat (tags: phishing)
Cobalt_strike (tags: phishing)
Industry:
Media, Education, Telco, Government
Geo:
Russia, Madagascar, Ukraine
CVEs:
CVE-2021-40444 [Vulners]
Vulners score: 2.1
Exploitation: True
Patch: Official fix
Soft:
- microsoft windows 10 (-, 20h2, 21h1, 1607, 1809, 1909, 2004)
- microsoft windows 7 (-)
- microsoft windows 8.1 (-)
- microsoft windows rt 8.1 (-)
- microsoft windows server 2008 (-, r2)
have more...
CVE-2017-0199 [Vulners]
Vulners score: 9.6
Exploitation: True
Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, *)
- microsoft windows server 2012 (-)
- microsoft windows vista (*)
- microsoft office (2010, 2013, 2016, 2007)
- microsoft windows 7 (*)
have more...
IOCs:
Domain: 2
Hash: 6
ThreatDown by Malwarebytes
New spear phishing campaign targets Russian dissidents - ThreatDown by Malwarebytes
This blog post was authored by Hossein Jazi. — Updated to clarify the two different campaigns (Cobalt Strike and Rat) Several threat actors have taken advantage of the war in Ukraine to launch a…
CTT Report Hub pinned «Ближайшие 3-4 месяца выхлоп парсера отчетов будет доступен вот тут: https://github.com/rstcloud/rstthreats/tree/master/tireports Что там лежит: - PDF и HTML из тела отчета - Текстовая модель отчета в JSON - Модель извлеченных из отчета "смыслов" Если у вас…»
#ParsedReport
30-03-2022
Malicious Word File Targeting Corporate Users Being Distributed
https://asec.ahnlab.com/en/33186
Threats:
Trojan/win.generic.c5025270 (tags: malware)
Industry:
Media
Geo:
Korean
IOCs:
Url: 8
File: 6
Path: 1
Registry: 1
Hash: 4
30-03-2022
Malicious Word File Targeting Corporate Users Being Distributed
https://asec.ahnlab.com/en/33186
Threats:
Trojan/win.generic.c5025270 (tags: malware)
Industry:
Media
Geo:
Korean
IOCs:
Url: 8
File: 6
Path: 1
Registry: 1
Hash: 4
ASEC BLOG
Malicious Word File Targeting Corporate Users Being Distributed - ASEC BLOG
The ASEC analysis team discovered a Word file that seems to target corporate users. The file contains an image that prompts users to enable macros like other malicious files. To trick users into thinking that this is an innocuous file, it shows information…
#ParsedReport
30-03-2022
ASEC Weekly Malware Statistics (March 14th, 2022 March 20th, 2022)
https://asec.ahnlab.com/en/33114
Threats:
Formbook (tags: malware)
Agent_tesla (tags: malware)
Lokibot_stealer (tags: malware)
Redline_stealer (tags: malware)
Industry:
Transport, Financial
Geo:
Malaysia
IOCs:
File: 34
Url: 35
Domain: 5
Email: 4
IP: 6
30-03-2022
ASEC Weekly Malware Statistics (March 14th, 2022 March 20th, 2022)
https://asec.ahnlab.com/en/33114
Threats:
Formbook (tags: malware)
Agent_tesla (tags: malware)
Lokibot_stealer (tags: malware)
Redline_stealer (tags: malware)
Industry:
Transport, Financial
Geo:
Malaysia
IOCs:
File: 34
Url: 35
Domain: 5
Email: 4
IP: 6
ASEC
ASEC Weekly Malware Statistics (March 14th, 2022 – March 20th, 2022) - ASEC
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 14th, 2022 (Monday) to March 20th, 2022 (Sunday). For the main category, info-stealer…
#ParsedReport
30-03-2022
ASEC Weekly Malware Statistics (March 21st, 2022 March 27th, 2022)
https://asec.ahnlab.com/en/33217
Threats:
Agent_tesla (tags: malware)
Formbook (tags: malware)
Lokibot_stealer (tags: malware)
Redline_stealer (tags: malware)
Snake_keylogger (tags: malware)
Industry:
Financial
IOCs:
Domain: 7
Email: 10
File: 23
Url: 16
IP: 4
30-03-2022
ASEC Weekly Malware Statistics (March 21st, 2022 March 27th, 2022)
https://asec.ahnlab.com/en/33217
Threats:
Agent_tesla (tags: malware)
Formbook (tags: malware)
Lokibot_stealer (tags: malware)
Redline_stealer (tags: malware)
Snake_keylogger (tags: malware)
Industry:
Financial
IOCs:
Domain: 7
Email: 10
File: 23
Url: 16
IP: 4
ASEC BLOG
ASEC Weekly Malware Statistics (March 21st, 2022 - March 27th, 2022) - ASEC BLOG
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from March 21st, 2022 (Monday) to March 27th, 2022 (Sunday). For the main category, info-stealer…
#ParsedReport
30-03-2022
The Infection Chain. New Wave of Remcos RAT Phishing Campaign
https://blog.morphisec.com/remcos-trojan-analyzing-attack-chain
Threats:
Remcos_rat (tags: ransomware, phishing, rat, trojan, malware)
Cloudeye (tags: trojan)
Babadeda (tags: trojan)
Industry:
Financial
IOCs:
Hash: 28
File: 6
Domain: 8
Url: 12
30-03-2022
The Infection Chain. New Wave of Remcos RAT Phishing Campaign
https://blog.morphisec.com/remcos-trojan-analyzing-attack-chain
Threats:
Remcos_rat (tags: ransomware, phishing, rat, trojan, malware)
Cloudeye (tags: trojan)
Babadeda (tags: trojan)
Industry:
Financial
IOCs:
Hash: 28
File: 6
Domain: 8
Url: 12
Morphisec
Remcos Trojan: Analyzing the Attack Chain
Morphisec Labs has detected a new wave of Remcos trojan infection. In this blog post, get an analysis of the full attack chain used by the threat actor.
#ParsedReport
31-03-2022
Tracking cyber activity in Eastern Europe
https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe
Actors/Campaigns:
Curious_gorge
Comment_crew
Ghostwriter
Industry:
Government, Financial
Geo:
Russia, Korea, Belarusian, Iran, China, Ukraine, Mongolia
IOCs:
IP: 5
Domain: 9
31-03-2022
Tracking cyber activity in Eastern Europe
https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe
Actors/Campaigns:
Curious_gorge
Comment_crew
Ghostwriter
Industry:
Government, Financial
Geo:
Russia, Korea, Belarusian, Iran, China, Ukraine, Mongolia
IOCs:
IP: 5
Domain: 9
Google
Tracking cyber activity in Eastern Europe
An update on cyber activity in Eastern Europe.
#ParsedReport
31-03-2022
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits
Actors/Campaigns:
Shell_crew (tags: dropper, rat, backdoor, malware, rootkit)
Axiom
Threats:
Fire_chili_rootkit (tags: dropper, rat, backdoor, malware, rootkit)
Log4shell_vuln (tags: dropper, rat, backdoor, malware, rootkit)
Gh0st_rat
Netbot
Themida_packer_tool
Industry:
Financial
Geo:
Chinese, Korean
TTPs:
IOCs:
File: 10
Path: 1
Domain: 4
Hash: 50
IP: 3
Url: 4
Links:
31-03-2022
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits
Actors/Campaigns:
Shell_crew (tags: dropper, rat, backdoor, malware, rootkit)
Axiom
Threats:
Fire_chili_rootkit (tags: dropper, rat, backdoor, malware, rootkit)
Log4shell_vuln (tags: dropper, rat, backdoor, malware, rootkit)
Gh0st_rat
Netbot
Themida_packer_tool
Industry:
Financial
Geo:
Chinese, Korean
TTPs:
IOCs:
File: 10
Path: 1
Domain: 4
Hash: 50
IP: 3
Url: 4
Links:
https://github.com/bowlofstew/rootkit.com/blob/master/cardmagic/PortHidDemo\_Vista.chttps://github.com/geemion/Record/blob/master/HideReg.chttps://github.com/sin5678/gh0stFortinet Blog
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
FortiGuard Labs discovered a campaign by Deep Panda exploiting Log4Shell, along with a novel kernel rootkit signed with a stolen digital certificate also used by Winnti. Read to learn about these a…
#ParsedReport
31-03-2022
Cloud Atlas Maldoc
https://inquest.net/blog/2022/03/30/cloud-atlas-maldoc
Threats:
Cloudatlas (tags: rat, malware, phishing)
Industry:
Aerospace, Media, Financial, Government
Geo:
Russian, Ukraine
IOCs:
Hash: 3
Url: 1
Domain: 2
IP: 1
31-03-2022
Cloud Atlas Maldoc
https://inquest.net/blog/2022/03/30/cloud-atlas-maldoc
Threats:
Cloudatlas (tags: rat, malware, phishing)
Industry:
Aerospace, Media, Financial, Government
Geo:
Russian, Ukraine
IOCs:
Hash: 3
Url: 1
Domain: 2
IP: 1
#ParsedReport
31-03-2022
Analysis of BlackGuard - a new info stealer malware being sold in a Russian hacking forum
https://www.zscaler.com/blogs/security-research/analysis-blackguard-new-info-stealer-malware-being-sold-russian-hacking
Threats:
Blackguard_stealer (tags: cryptomining, vpn, ransomware, malware, phishing, stealer)
Exodus
Terra_stealer
Industry:
Financial, E-commerce
Geo:
Russian
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 2
Hash: 10
31-03-2022
Analysis of BlackGuard - a new info stealer malware being sold in a Russian hacking forum
https://www.zscaler.com/blogs/security-research/analysis-blackguard-new-info-stealer-malware-being-sold-russian-hacking
Threats:
Blackguard_stealer (tags: cryptomining, vpn, ransomware, malware, phishing, stealer)
Exodus
Terra_stealer
Industry:
Financial, E-commerce
Geo:
Russian
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 2
Hash: 10
Zscaler
Analysis of BlackGuard - Info Stealer Malware | Zscaler Blog
In this blog, ThreatLabz analyzes BlackGuard, an emerging an info stealer malware being sold as a service on a Russian hacking forum.
#ParsedReport
31-03-2022
Phishing pages used for Malware Delivery
https://blog.cyble.com/2022/03/31/phishing-pages-used-for-malware-delivery
Threats:
Sms_stealer (tags: malware, phishing)
Industry:
Media, Financial, Healthcare
Geo:
India
TTPs:
Tactics: 3
Technics: 0
IOCs:
Url: 4
Hash: 1
31-03-2022
Phishing pages used for Malware Delivery
https://blog.cyble.com/2022/03/31/phishing-pages-used-for-malware-delivery
Threats:
Sms_stealer (tags: malware, phishing)
Industry:
Media, Financial, Healthcare
Geo:
India
TTPs:
Tactics: 3
Technics: 0
IOCs:
Url: 4
Hash: 1
Cyble
Phishing pages used for Malware Delivery
Cyble Research Labs analyzes a threat actor leveraging Phishing techniques and malware to steal sensitive banking credentials from Patanjali customers.
#ParsedReport
31-03-2022
State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage. Introduction
https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage
Actors/Campaigns:
Siamesekitten (tags: malware)
Sidewinder (tags: malware, stealer)
Threats:
Machete
Industry:
Financial, Government, Energy
Geo:
Nicaragua, Iranian, America, India, Indian, Venezuela, Americans, Africa, Pakistani, Israel, Pakistan, Israeli, Asia, Arabia, Russia, Iran, Ukraine, China, Saudi, Russian
CVEs:
CVE-2017-11882 [Vulners]
Vulners score: 8.3
Exploitation: True
Patch: Official fix
Soft:
- microsoft office (2013, 2010, 2016, 2007)
IOCs:
Email: 1
Domain: 7
File: 15
Hash: 53
IP: 3
Url: 7
Path: 2
YARA: Found
Links:
31-03-2022
State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage. Introduction
https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage
Actors/Campaigns:
Siamesekitten (tags: malware)
Sidewinder (tags: malware, stealer)
Threats:
Machete
Industry:
Financial, Government, Energy
Geo:
Nicaragua, Iranian, America, India, Indian, Venezuela, Americans, Africa, Pakistani, Israel, Pakistan, Israeli, Asia, Arabia, Russia, Iran, Ukraine, China, Saudi, Russian
CVEs:
CVE-2017-11882 [Vulners]
Vulners score: 8.3
Exploitation: True
Patch: Official fix
Soft:
- microsoft office (2013, 2010, 2016, 2007)
IOCs:
Email: 1
Domain: 7
File: 15
Hash: 53
IP: 3
Url: 7
Path: 2
YARA: Found
Links:
https://github.com/TheGeekHT/Loki.Rat/https://github.com/ghuntley/Heijden.DnsCheck Point Research
State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage - Check Point Research
Introduction Geopolitical tensions often make headlines and present a golden opportunity for threat actors to exploit the situation, especially those targeting high-profile victims. In the past month while the Russian invasion of Ukraine was unfolding, Check…
#ParsedReport
31-03-2022
Lazarus Trojanized DeFi app for delivering malware
https://securelist.com/lazarus-trojanized-defi-app/106195
Actors/Campaigns:
Lazarus (tags: malware, backdoor, trojan)
Threats:
Cookietime
Volgmer
Threatneedle
Industry:
Financial
Geo:
Korea
TTPs:
Tactics: 6
Technics: 11
IOCs:
Hash: 12
File: 11
Path: 2
Url: 8
31-03-2022
Lazarus Trojanized DeFi app for delivering malware
https://securelist.com/lazarus-trojanized-defi-app/106195
Actors/Campaigns:
Lazarus (tags: malware, backdoor, trojan)
Threats:
Cookietime
Volgmer
Threatneedle
Industry:
Financial
Geo:
Korea
TTPs:
Tactics: 6
Technics: 11
IOCs:
Hash: 12
File: 11
Path: 2
Url: 8
Securelist
Lazarus Trojanized DeFi app for delivering malware
We recently discovered a Trojanized DeFi application that contains a legitimate cryptocurrency wallet called DeFi Wallet, but also implants a full-featured backdoor.
#ParsedReport
31-03-2022
Ransomware Enforcement Operations in 2020 and 2021
https://www.recordedfuture.com/ransomware-enforcement-operations-in-2020-and-2021
Threats:
Revil (tags: ransomware)
Netwalker (tags: ransomware)
Log4shell_vuln
Industry:
Media, Financial, Healthcare, Government
Geo:
Romania, Russian, Uk, Japan, Poland, Ukraine
31-03-2022
Ransomware Enforcement Operations in 2020 and 2021
https://www.recordedfuture.com/ransomware-enforcement-operations-in-2020-and-2021
Threats:
Revil (tags: ransomware)
Netwalker (tags: ransomware)
Log4shell_vuln
Industry:
Media, Financial, Healthcare, Government
Geo:
Romania, Russian, Uk, Japan, Poland, Ukraine
Recordedfuture
Ransomware Enforcement Operations in 2020 and 2021
This report looks at international law enforcement operations focused on ransomware and is based on data collected over the last 2 years.
#ParsedReport
31-03-2022
Deep Dive Analysis Borat RAT
https://blog.cyble.com/2022/03/31/deep-dive-analysis-borat-rat
Threats:
Borat_rat (tags: trojan, rat, keylogger, malware, ransomware)
TTPs:
Tactics: 6
Technics: 16
IOCs:
File: 2
Hash: 27
31-03-2022
Deep Dive Analysis Borat RAT
https://blog.cyble.com/2022/03/31/deep-dive-analysis-borat-rat
Threats:
Borat_rat (tags: trojan, rat, keylogger, malware, ransomware)
TTPs:
Tactics: 6
Technics: 16
IOCs:
File: 2
Hash: 27
Cyble
Deep Dive Analysis – Borat RAT | Cyble
Cyble Research Labs analyzes Borat , a sophisticated RAT variant that boasts a combination of Remote Access Trojan, Spyware, Ransomware and DDoS capabilities.
#ParsedReport
31-03-2022
Conti-nuation: methods and techniques observed in operations post the leaks
https://research.nccgroup.com/2022/03/31/conti-nuation-methods-and-techniques-observed-in-operations-post-the-leaks
Threats:
Conti
Bazarbackdoor
Trickbot
Cobalt_strike
Qakbot
Proxyshell_vuln
Proxylogon_exploit
Bloodhound_tool
Mimikatz
Zerologon_vuln
CVEs:
CVE-2018-13379 [Vulners]
Vulners score: 4.0
Exploitation: True
Patch: Official fix
Soft:
- fortinet fortios (le6.0.4, le5.6.7)
CVE-2018-13374 [Vulners]
Vulners score: 4.4
Exploitation: Unknown
Patch: Official fix
Soft:
- fortinet fortios (le5.6.7, le6.0.2)
CVE-2021-44228 [Vulners]
Vulners score: 4.0
Exploitation: True
Patch: Official fix
Soft:
- apache log4j (2.0, 2.0, 2.0, 2.0, <2.3.1, <2.12.2, <2.15.0)
- siemens sppa-t3000 ses3000 firmware (*)
- siemens captial (<2019.1, 2019.1, 2019.1)
- siemens comos (*)
- siemens desigo cc advanced reports (4.0, 4.1, 4.2, 5.0, 5.1)
have more...
TTPs:
Tactics: 4
Technics: 0
IOCs:
File: 14
Url: 1
Path: 8
IP: 4
Domain: 1
Hash: 1
31-03-2022
Conti-nuation: methods and techniques observed in operations post the leaks
https://research.nccgroup.com/2022/03/31/conti-nuation-methods-and-techniques-observed-in-operations-post-the-leaks
Threats:
Conti
Bazarbackdoor
Trickbot
Cobalt_strike
Qakbot
Proxyshell_vuln
Proxylogon_exploit
Bloodhound_tool
Mimikatz
Zerologon_vuln
CVEs:
CVE-2018-13379 [Vulners]
Vulners score: 4.0
Exploitation: True
Patch: Official fix
Soft:
- fortinet fortios (le6.0.4, le5.6.7)
CVE-2018-13374 [Vulners]
Vulners score: 4.4
Exploitation: Unknown
Patch: Official fix
Soft:
- fortinet fortios (le5.6.7, le6.0.2)
CVE-2021-44228 [Vulners]
Vulners score: 4.0
Exploitation: True
Patch: Official fix
Soft:
- apache log4j (2.0, 2.0, 2.0, 2.0, <2.3.1, <2.12.2, <2.15.0)
- siemens sppa-t3000 ses3000 firmware (*)
- siemens captial (<2019.1, 2019.1, 2019.1)
- siemens comos (*)
- siemens desigo cc advanced reports (4.0, 4.1, 4.2, 5.0, 5.1)
have more...
TTPs:
Tactics: 4
Technics: 0
IOCs:
File: 14
Url: 1
Path: 8
IP: 4
Domain: 1
Hash: 1
NCC Group Research Blog
Conti-nuation: methods and techniques observed in operations post the leaks
This post describes the methods and techniques we observed during recent incidents that took place after the Coni data leaks.
#ParsedReport
31-03-2022
Security Advisory: Spring Cloud Framework Vulnerabilities
https://www.zscaler.com/blogs/security-research/security-advisory-spring-cloud-framework-vulnerabilities
Threats:
Spring4shell
CVEs:
CVE-2022-22963 [Vulners]
Score: CVSS Unknown, Vulners PENDING,
Exploitation: Unknown
Patch: Official fix
CVE-2022-22965 [Vulners]
Score: CVSS Unknown, Vulners PENDING,
Exploitation: Unknown
Patch: Official fix
Links:
31-03-2022
Security Advisory: Spring Cloud Framework Vulnerabilities
https://www.zscaler.com/blogs/security-research/security-advisory-spring-cloud-framework-vulnerabilities
Threats:
Spring4shell
CVEs:
CVE-2022-22963 [Vulners]
Score: CVSS Unknown, Vulners PENDING,
Exploitation: Unknown
Patch: Official fix
CVE-2022-22965 [Vulners]
Score: CVSS Unknown, Vulners PENDING,
Exploitation: Unknown
Patch: Official fix
Links:
https://github.com/spring-projects/spring-framework/commit/7f7fb58dd0dae86d22268a4b59ac7c72a6c22529Zscaler
Spring Cloud Framework Vulnerabilities
This article provides the analysis of the latest vulnerabilities found in Spring.