#ParsedReport
04-04-2022
Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations
https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs
Actors/Campaigns:
Unc2589 (tags: phishing)
Threats:
Graphsteel (tags: stealer, malware, phishing)
Grimplant (tags: malware, backdoor, phishing)
Cobalt_strike
Elephant_loader
Babar
Industry:
Government, Petroleum, Media
Geo:
Romania, Russian, Ukrainian, Turkey, French, Ukraine, Israel
IOCs:
File: 3
IP: 1
Url: 1
Hash: 1
Path: 1
Domain: 1
Links:
04-04-2022
Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations
https://www.intezer.com/blog/research/elephant-malware-targeting-ukrainian-orgs
Actors/Campaigns:
Unc2589 (tags: phishing)
Threats:
Graphsteel (tags: stealer, malware, phishing)
Grimplant (tags: malware, backdoor, phishing)
Cobalt_strike
Elephant_loader
Babar
Industry:
Government, Petroleum, Media
Geo:
Romania, Russian, Ukrainian, Turkey, French, Ukraine, Israel
IOCs:
File: 3
IP: 1
Url: 1
Hash: 1
Path: 1
Domain: 1
Links:
https://github.com/redcode-labs/Coldfirehttps://github.com/kerbyj/goLazagneIntezer
Elephant Framework Delivered in Phishing Attacks against Ukrainian Organizations
Malware using the Elephant malware framework was delivered via phishing emails from spoofed Ukrainian email addresses.
#ParsedReport
04-04-2022
Spring4Shell (CVE-2022-22965): details and mitigations
https://securelist.com/spring4shell-cve-2022-22965/106239
Threats:
Spring4shell (tags: malware)
Log4shell_vuln
CVEs:
CVE-2022-22963 [Vulners]
Vulners: Score: Unknown, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Official fix
CVE-2010-1622 [Vulners]
Vulners: Score: 6.0, CVSS: 7.3,
Vulners: Exploitation: Unknown
X-Force: Risk: 7.5
X-Force: Patch: Official fix
Soft:
- oracle fusion middleware (11.1.1.8.0, 7.6.2, 11.1.1.6.1)
- springsource spring framework (2.5.6, 2.5.7, 2.5.2, 2.5.3, 3.0.0, 2.5.0, 2.5.1, 3.0.2, 3.0.1, 2.5.4, 2.5.5)
CVE-2022-22965 [Vulners]
Vulners: Score: Unknown, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Official fix
IOCs:
Hash: 2
File: 1
04-04-2022
Spring4Shell (CVE-2022-22965): details and mitigations
https://securelist.com/spring4shell-cve-2022-22965/106239
Threats:
Spring4shell (tags: malware)
Log4shell_vuln
CVEs:
CVE-2022-22963 [Vulners]
Vulners: Score: Unknown, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Official fix
CVE-2010-1622 [Vulners]
Vulners: Score: 6.0, CVSS: 7.3,
Vulners: Exploitation: Unknown
X-Force: Risk: 7.5
X-Force: Patch: Official fix
Soft:
- oracle fusion middleware (11.1.1.8.0, 7.6.2, 11.1.1.6.1)
- springsource spring framework (2.5.6, 2.5.7, 2.5.2, 2.5.3, 3.0.0, 2.5.0, 2.5.1, 3.0.2, 3.0.1, 2.5.4, 2.5.5)
CVE-2022-22965 [Vulners]
Vulners: Score: Unknown, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Official fix
IOCs:
Hash: 2
File: 1
Securelist
Spring4Shell (CVE-2022-22965): details and mitigations
Technical details and mitigations for CVE-2022-22965 vulnerability (Spring4Shell) that can help an attacker to execute arbitrary code on a remote web server.
#ParsedReport
04-04-2022
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
Actors/Campaigns:
Carbanak (tags: scan, dropper, ransomware, dns, malware, backdoor, phishing, rat, proxy)
Darkside (tags: ransomware)
Blackmatter
Fin12
Threats:
Revil
Blackcat (tags: ransomware)
Powerplant
Birdwatch_loader
Fowlgaze
Loadout_loader
Griffon
Badusb_technique
Dice_loader
Killack
Powertrash_tool
Supersoft
Pillowmint
Powersploit
Termite
Metasploit_tool
Bughatch
Cobalt_strike
Kerberoasting_technique
Hello
Atera_agent
Easylook_tool
Boatlaunch_tool
Jssloader
Maze (tags: ransomware)
Ryuk (tags: ransomware)
Bateleur
Driftpin
Industry:
Financial, Healthcare, Telco
TTPs:
Tactics: 10
Technics: 53
IOCs:
Path: 4
File: 28
Hash: 34
Coin: 1
Domain: 15
Links:
04-04-2022
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
Actors/Campaigns:
Carbanak (tags: scan, dropper, ransomware, dns, malware, backdoor, phishing, rat, proxy)
Darkside (tags: ransomware)
Blackmatter
Fin12
Threats:
Revil
Blackcat (tags: ransomware)
Powerplant
Birdwatch_loader
Fowlgaze
Loadout_loader
Griffon
Badusb_technique
Dice_loader
Killack
Powertrash_tool
Supersoft
Pillowmint
Powersploit
Termite
Metasploit_tool
Bughatch
Cobalt_strike
Kerberoasting_technique
Hello
Atera_agent
Easylook_tool
Boatlaunch_tool
Jssloader
Maze (tags: ransomware)
Ryuk (tags: ransomware)
Bateleur
Driftpin
Industry:
Financial, Healthcare, Telco
TTPs:
Tactics: 10
Technics: 53
IOCs:
Path: 4
File: 28
Hash: 34
Coin: 1
Domain: 15
Links:
https://github.com/monoxgas/sRDIhttps://github.com/PowerShellMafia/PowerSploit/blob/master/CodeExecution/Invoke-Shellcode.ps1Google Cloud Blog
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7 | Mandiant | Google Cloud Blog
#ParsedReport
05-04-2022
Malicious Help File Disguised as COVID-19 Infectee Notice Being Distributed in Korea
https://asec.ahnlab.com/en/33486
Threats:
Akdoor (tags: malware)
Trojan/win.generic.c5025270 (tags: malware)
Dropper/win.agent.c5028107 (tags: malware)
Geo:
Korea
IOCs:
File: 3
Url: 1
Hash: 3
05-04-2022
Malicious Help File Disguised as COVID-19 Infectee Notice Being Distributed in Korea
https://asec.ahnlab.com/en/33486
Threats:
Akdoor (tags: malware)
Trojan/win.generic.c5025270 (tags: malware)
Dropper/win.agent.c5028107 (tags: malware)
Geo:
Korea
IOCs:
File: 3
Url: 1
Hash: 3
ASEC BLOG
Malicious Help File Disguised as COVID-19 Infectee Notice Being Distributed in Korea - ASEC BLOG
The ASEC analysis team introduced readers to malware that takes the form of a Windows help file (*.chm) about two weeks ago. The malicious CHM file that was recently discovered is disguised as a notice for people infected with COVID-19 and is being distributed…
#ParsedReport
05-04-2022
Malicious Word Documents Using MS Media Player (Impersonating AhnLab)
https://asec.ahnlab.com/en/33477
Threats:
Akdoor (tags: malware)
Trojan/win.generic.c5025270 (tags: malware)
IOCs:
File: 7
Url: 10
Path: 1
Registry: 1
Hash: 4
05-04-2022
Malicious Word Documents Using MS Media Player (Impersonating AhnLab)
https://asec.ahnlab.com/en/33477
Threats:
Akdoor (tags: malware)
Trojan/win.generic.c5025270 (tags: malware)
IOCs:
File: 7
Url: 10
Path: 1
Registry: 1
Hash: 4
ASEC
Malicious Word Documents Using MS Media Player (Impersonating AhnLab) - ASEC
Last week, the ASEC analysis team uploaded a post named “Malicious Word File Targeting Corporate Users Being Distributed” that contained information about a malicious Word file. Currently, documents of the same type are being distributed with text that impersonates…
#ParsedReport
05-04-2022
Thwarting Loaders: From SocGholish to BLISTERs LockBit Payload
https://www.trendmicro.com/en_us/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html
Threats:
Socgholish_loader (tags: ransomware, dropper, rat, malware)
Blister_loader (tags: ransomware, dropper, malware, rat)
Lockbit (tags: ransomware, dropper, malware, rat)
Cobalt_strike
Emotet
Dridex
Sbit_rat
Jadtre
Lolbin
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 5
Domain: 1
IP: 20
Path: 1
Hash: 57
05-04-2022
Thwarting Loaders: From SocGholish to BLISTERs LockBit Payload
https://www.trendmicro.com/en_us/research/22/d/Thwarting-Loaders-From-SocGholish-to-BLISTERs-LockBit-Payload.html
Threats:
Socgholish_loader (tags: ransomware, dropper, rat, malware)
Blister_loader (tags: ransomware, dropper, malware, rat)
Lockbit (tags: ransomware, dropper, malware, rat)
Cobalt_strike
Emotet
Dridex
Sbit_rat
Jadtre
Lolbin
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 5
Domain: 1
IP: 20
Path: 1
Hash: 57
Trend Micro
Thwarting Loaders: From SocGholish to BLISTER’s LockBit Payload
Both BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware.
#ParsedReport
05-04-2022
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
Actors/Campaigns:
Stone_panda (tags: malware, backdoor)
Threats:
Sodamaster
Mimikatz
Winvnc_tool
Nbtscan_tool
Industry:
Education, Ngo, Healthcare, Telco, Religion, Government
Geo:
Asia, Montenegro, Japan, Israel, Italy, Chinese, Turkey, India, Canada, America
IOCs:
File: 1
Hash: 27
IP: 2
05-04-2022
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
Actors/Campaigns:
Stone_panda (tags: malware, backdoor)
Threats:
Sodamaster
Mimikatz
Winvnc_tool
Nbtscan_tool
Industry:
Education, Ngo, Healthcare, Telco, Religion, Government
Geo:
Asia, Montenegro, Japan, Israel, Italy, Chinese, Turkey, India, Canada, America
IOCs:
File: 1
Hash: 27
IP: 2
Security
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
Government orgs and NGOs among victims in a wide-ranging and sustained campaign.
#ParsedReport
05-04-2022
New Analysis: The CaddyWiper Malware Attacking Ukraine
https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine
Threats:
Killdisk (tags: malware, ransomware)
Whispergate (tags: malware)
Hermeticwiper (tags: malware)
Isaacwiper (tags: malware)
Industry:
Government
Geo:
Ukraine
TTPs:
Tactics: 1
Technics: 0
IOCs:
Hash: 7
05-04-2022
New Analysis: The CaddyWiper Malware Attacking Ukraine
https://blog.morphisec.com/caddywiper-analysis-new-malware-attacking-ukraine
Threats:
Killdisk (tags: malware, ransomware)
Whispergate (tags: malware)
Hermeticwiper (tags: malware)
Isaacwiper (tags: malware)
Industry:
Government
Geo:
Ukraine
TTPs:
Tactics: 1
Technics: 0
IOCs:
Hash: 7
Morphisec
CaddyWiper Analysis: New Malware Attacking Ukraine
In this Threat Post, Morphisec Labs analyzes Caddywiper, a new strain of wiper malware attacking Ukrainian infrastructure.
#ParsedReport
05-04-2022
Inside Lightning Stealer. A New Info Stealer Targeting over 30 Browsers
https://blog.cyble.com/2022/04/05/inside-lightning-stealer
Threats:
Lightning_stealer (tags: ransomware, stealer, phishing, malware)
TTPs:
Tactics: 6
Technics: 11
IOCs:
File: 12
Registry: 1
Url: 2
Hash: 2
05-04-2022
Inside Lightning Stealer. A New Info Stealer Targeting over 30 Browsers
https://blog.cyble.com/2022/04/05/inside-lightning-stealer
Threats:
Lightning_stealer (tags: ransomware, stealer, phishing, malware)
TTPs:
Tactics: 6
Technics: 11
IOCs:
File: 12
Registry: 1
Url: 2
Hash: 2
Cyble
Inside Lightning Stealer
In this report, Cyble analyzes a stealer that has been targeting over 30 browsers - Lightning Stealer.
#ParsedReport
05-04-2022
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
http://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html
Threats:
Asyncrat_rat (tags: malware, rat, ransomware)
3losh (tags: malware, rat, ransomware)
Limerat_rat (tags: ransomware)
TTPs:
Tactics: 1
Technics: 0
IOCs:
Path: 1
File: 5
Hash: 81
Url: 16
IP: 2
Domain: 6
05-04-2022
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
http://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html
Threats:
Asyncrat_rat (tags: malware, rat, ransomware)
3losh (tags: malware, rat, ransomware)
Limerat_rat (tags: ransomware)
TTPs:
Tactics: 1
Technics: 0
IOCs:
Path: 1
File: 5
Hash: 81
Url: 16
IP: 2
Domain: 6
Cisco Talos Blog
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
By Edmund Brumaghin, with contributions from Alex Karkins.
* Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.
* The infections leverage process injection to evade detection…
* Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.
* The infections leverage process injection to evade detection…
#ParsedReport
05-04-2022
Detailed writeup on LAPSUS$ Cybercriminal Group who have compromised Microsoft and Okta
https://cloudsek.com/profile-lapsus-cybercriminal-group
Actors/Campaigns:
Lapsus (tags: ransomware, phishing, stealer, malware)
Threats:
Redline_stealer
Geo:
USA, Russia, Spain, Nepal
CVEs:
CVE-2019-5591 [Vulners]
Vulners: Score: 3.3, CVSS: 4.8,
Vulners: Exploitation: True
X-Force: Risk: 5.3
X-Force: Patch: Official fix
Soft:
- fortinet fortios (le6.2.0)
CVE-2021-45328 [Vulners]
Vulners: Score: 5.8, CVSS: 3.3,
Vulners: Exploitation: Unknown
X-Force: Risk: 7.4
X-Force: Patch: Official fix
Soft:
- gitea (<1.4.3)
CVE-2022-0510 [Vulners]
Vulners: Score: 3.5, CVSS: 2.2,
Vulners: Exploitation: Unknown
X-Force: Risk: 6.4
X-Force: Patch: Official fix
Soft:
- pimcore (le10.3.0)
CVE-2018-13379 [Vulners]
Vulners: Score: 5.0, CVSS: 4.0,
Vulners: Exploitation: True
X-Force: Risk: 7.5
X-Force: Patch: Official fix
Soft:
- fortinet fortios (le6.0.4, le5.6.7)
CVE-2020-12812 [Vulners]
Vulners: Score: 7.5, CVSS: 3.3,
Vulners: Exploitation: True
X-Force: Risk: 5.3
X-Force: Patch: Official fix
Soft:
- fortinet fortios (<6.0.10, <6.2.4, 6.4.0)
have more...
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 3
Hash: 11
IP: 4
05-04-2022
Detailed writeup on LAPSUS$ Cybercriminal Group who have compromised Microsoft and Okta
https://cloudsek.com/profile-lapsus-cybercriminal-group
Actors/Campaigns:
Lapsus (tags: ransomware, phishing, stealer, malware)
Threats:
Redline_stealer
Geo:
USA, Russia, Spain, Nepal
CVEs:
CVE-2019-5591 [Vulners]
Vulners: Score: 3.3, CVSS: 4.8,
Vulners: Exploitation: True
X-Force: Risk: 5.3
X-Force: Patch: Official fix
Soft:
- fortinet fortios (le6.2.0)
CVE-2021-45328 [Vulners]
Vulners: Score: 5.8, CVSS: 3.3,
Vulners: Exploitation: Unknown
X-Force: Risk: 7.4
X-Force: Patch: Official fix
Soft:
- gitea (<1.4.3)
CVE-2022-0510 [Vulners]
Vulners: Score: 3.5, CVSS: 2.2,
Vulners: Exploitation: Unknown
X-Force: Risk: 6.4
X-Force: Patch: Official fix
Soft:
- pimcore (le10.3.0)
CVE-2018-13379 [Vulners]
Vulners: Score: 5.0, CVSS: 4.0,
Vulners: Exploitation: True
X-Force: Risk: 7.5
X-Force: Patch: Official fix
Soft:
- fortinet fortios (le6.0.4, le5.6.7)
CVE-2020-12812 [Vulners]
Vulners: Score: 7.5, CVSS: 3.3,
Vulners: Exploitation: True
X-Force: Risk: 5.3
X-Force: Patch: Official fix
Soft:
- fortinet fortios (<6.0.10, <6.2.4, 6.4.0)
have more...
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 3
Hash: 11
IP: 4
CloudSEK - Digital Risk Management Enterprise | Artificial Intelligence based Cybersecurity
A detailed writeup on LAPSUS$ Cybercriminal Group who claimed to have compromised Nvidia and Samsung
Detailed profile on the Cybercriminal group and Threat Actor - Lapsus$ Group. The ransomware gang leaked source code, dehashed credentials, code signing certificates and source code to Nvidia and Samsung.
#ParsedReport
05-04-2022
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique
Threats:
Colibri_loader (tags: malware)
Vidar_stealer
IOCs:
Domain: 1
File: 7
Path: 2
Hash: 3
05-04-2022
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique
Threats:
Colibri_loader (tags: malware)
Vidar_stealer
IOCs:
Domain: 1
File: 7
Path: 2
Hash: 3
Malwarebytes
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura (2022-04-07): Added MITRE ATT&CK mappings...
#technique
Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping
https://www.inversecos.com/2022/04/malicious-registry-timestamp.html
Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping
https://www.inversecos.com/2022/04/malicious-registry-timestamp.html
Inversecos
Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping
Встречайте, AWS Lambda малварь
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
Darktrace
Solve Cloud Forensics at Scale
Darktrace has acquired Cado security, a cyber investigation and response solution provider and leader in cloud data capture and forensics.
#ParsedReport
06-04-2022
eSentire Threat Intelligence Malware Analysis: HeaderTip
https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-headertip
Actors/Campaigns:
Scarab
Threats:
Headertip (tags: malware, phishing, scan, dns)
Geo:
Chinese, Chile, Russia, Syria, Ukraine
IOCs:
Path: 1
Registry: 2
Hash: 6
IP: 1
YARA: Found
06-04-2022
eSentire Threat Intelligence Malware Analysis: HeaderTip
https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-headertip
Actors/Campaigns:
Scarab
Threats:
Headertip (tags: malware, phishing, scan, dns)
Geo:
Chinese, Chile, Russia, Syria, Ukraine
IOCs:
Path: 1
Registry: 2
Hash: 6
IP: 1
YARA: Found
eSentire
eSentire Threat Intelligence Malware Analysis: HeaderTip
#ParsedReport
06-04-2022
eSentire Threat Intelligence Malware Analysis: DoubleZero
https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-doublezero
Threats:
Doublezero (tags: malware)
Whispergate (tags: malware)
Hermeticwiper (tags: malware)
Isaacwiper (tags: malware)
Killdisk (tags: malware)
Geo:
Ukraine
IOCs:
Hash: 5
Registry: 1
File: 11
Path: 1
YARA: Found
06-04-2022
eSentire Threat Intelligence Malware Analysis: DoubleZero
https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-doublezero
Threats:
Doublezero (tags: malware)
Whispergate (tags: malware)
Hermeticwiper (tags: malware)
Isaacwiper (tags: malware)
Killdisk (tags: malware)
Geo:
Ukraine
IOCs:
Hash: 5
Registry: 1
File: 11
Path: 1
YARA: Found
eSentire
eSentire | Threat Intelligence Malware Analysis: DoubleZero
Read eSentire's Threat Response Unit (TRU) analysis of DoubleZero, a newly emerging destructive malware targeting Ukrainian enterprises.
#ParsedReport
06-04-2022
Contis Hacker Manuals Read, Reviewed & Analyzed
https://www.akamai.com/blog/security/conti
Actors/Campaigns:
Lapsus
Threats:
Conti (tags: stealer, phishing, dropper, backdoor, ransomware, dns, spyware, malware, trojan, rat, scan)
Ryuk
Maze
Cobalt_strike
Mimikatz
Psexec_tool
Winrm_tool
Eternalblue_vuln
Bluekeep_vuln
Anydesk_tool
Atera_tool
Printnightmare_vuln
Zerologon_vuln
Lolbin
Trickbot
Industry:
Government, Financial
Geo:
Ukrain, Russia
TTPs:
Tactics: 4
Technics: 0
IOCs:
File: 4
Links:
06-04-2022
Contis Hacker Manuals Read, Reviewed & Analyzed
https://www.akamai.com/blog/security/conti
Actors/Campaigns:
Lapsus
Threats:
Conti (tags: stealer, phishing, dropper, backdoor, ransomware, dns, spyware, malware, trojan, rat, scan)
Ryuk
Maze
Cobalt_strike
Mimikatz
Psexec_tool
Winrm_tool
Eternalblue_vuln
Bluekeep_vuln
Anydesk_tool
Atera_tool
Printnightmare_vuln
Zerologon_vuln
Lolbin
Trickbot
Industry:
Government, Financial
Geo:
Ukrain, Russia
TTPs:
Tactics: 4
Technics: 0
IOCs:
File: 4
Links:
https://github.com/akamai/akamai-security-research/tree/main/leaks/Conti
https://github.com/RUB-NDS/PRETAkamai
Akamai Blog | Conti’s Hacker Manuals — Read, Reviewed & Analyzed
Conti is a notorious ransomware group that targets high-revenue organizations. They were first detected in 2020, and appear to be based in Russia. It is believed that the group is the successor to Ryuk ransomware group. According to Chainalysis, The ransomware…
#ParsedReport
06-04-2022
Cado Discovers Denonia: The First Malware Specifically Targeting Lambda
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda
Threats:
Denonia (tags: malware, cryptomining, dns, botnet)
Xmrig_miner (tags: malware)
Log4shell_vuln (tags: malware)
IOCs:
Hash: 2
Domain: 7
IP: 3
Links:
06-04-2022
Cado Discovers Denonia: The First Malware Specifically Targeting Lambda
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda
Threats:
Denonia (tags: malware, cryptomining, dns, botnet)
Xmrig_miner (tags: malware)
Log4shell_vuln (tags: malware)
IOCs:
Hash: 2
Domain: 7
IP: 3
Links:
https://github.com/goretk/redresshttps://github.com/aws/aws-lambda-goDarktrace
Solve Cloud Forensics at Scale
Darktrace has acquired Cado security, a cyber investigation and response solution provider and leader in cloud data capture and forensics.
#ParsedReport
06-04-2022
FFDroider Stealer Targeting Social Media Platform Users
https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users
Threats:
Ffdroider_stealer (tags: malware, stealer)
Cobalt_strike
Industry:
Financial
TTPs:
Tactics: 1
Technics: 8
IOCs:
File: 12
Path: 7
Registry: 1
Url: 5
Domain: 8
Hash: 4
06-04-2022
FFDroider Stealer Targeting Social Media Platform Users
https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users
Threats:
Ffdroider_stealer (tags: malware, stealer)
Cobalt_strike
Industry:
Financial
TTPs:
Tactics: 1
Technics: 8
IOCs:
File: 12
Path: 7
Registry: 1
Url: 5
Domain: 8
Hash: 4
Zscaler
FFDroider Stealer Is Targeting Social Media Platform | Blog
Zscaler ThreatLabz discovered several campaigns related to the FFDroider stealer in their cloud that arrived via the compromised URL. Read the blog
#ParsedReport
06-04-2022
The Latest Remcos RAT Driven By Phishing Campaign
https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing
Threats:
Remcos_rat (tags: malware, rat, phishing, proxy, trojan, keylogger)
Industry:
Financial
IOCs:
File: 12
Url: 3
Domain: 10
IP: 1
Hash: 8
06-04-2022
The Latest Remcos RAT Driven By Phishing Campaign
https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing
Threats:
Remcos_rat (tags: malware, rat, phishing, proxy, trojan, keylogger)
Industry:
Financial
IOCs:
File: 12
Url: 3
Domain: 10
IP: 1
Hash: 8
Fortinet Blog
The Latest Remcos RAT Driven By Phishing Campaign
FortiGuard Labs analyzes how a phishing campaign delivers the Remcos RAT onto a victim’s device, how it executes on the device, the sensitive information it steals from the victim, as well as the c…
👍1
#ParsedReport
06-04-2022
Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials
Actors/Campaigns:
Aridviper (tags: ransomware, keylogger, malware, phishing, backdoor)
Molerats
Threats:
Barbie (tags: ransomware, keylogger, malware, phishing, backdoor)
Industry:
Government, Healthcare
Geo:
Israel
TTPs:
Tactics: 5
Technics: 0
IOCs:
Url: 8
File: 3
Domain: 8
Hash: 22
06-04-2022
Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials
Actors/Campaigns:
Aridviper (tags: ransomware, keylogger, malware, phishing, backdoor)
Molerats
Threats:
Barbie (tags: ransomware, keylogger, malware, phishing, backdoor)
Industry:
Government, Healthcare
Geo:
Israel
TTPs:
Tactics: 5
Technics: 0
IOCs:
Url: 8
File: 3
Domain: 8
Hash: 22
Cybereason
Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
This APT-C-23 campaign involves of two previously undocumented malware strains dubbed Barb(ie) Downloader and BarbWire Backdoor, which use an enhanced stealth mechanism to remain undetected - in addition, Cybereason observed an upgraded version of an Android…