#ParsedReport
07-04-2022
Parrot TDS takes over web servers and threatens millions. Campaign overview
https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/?utm_source=rss&utm_medium=rss&utm_campaign=parrot-tds-takes-over-web-servers-and-threatens-millions
Threats:
Socgholish_loader
Prometheus
Netsupportmanager_rat
Industry:
Government
Geo:
Brazil, India, Chinese
IOCs:
File: 1
Registry: 1
Hash: 8
Domain: 38
IP: 13
Links:
07-04-2022
Parrot TDS takes over web servers and threatens millions. Campaign overview
https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/?utm_source=rss&utm_medium=rss&utm_campaign=parrot-tds-takes-over-web-servers-and-threatens-millions
Threats:
Socgholish_loader
Prometheus
Netsupportmanager_rat
Industry:
Government
Geo:
Brazil, India, Chinese
IOCs:
File: 1
Registry: 1
Hash: 8
Domain: 38
IP: 13
Links:
https://github.com/avast/ioc/tree/master/ParrotTDSGendigital
Parrot TDS takes over web servers and threatens millions
Web Server Takeover Threat
#ParsedReport
07-04-2022
UpdateAgent macOS Malware
https://www.esentire.com/blog/updateagent-macos-malware
Threats:
Vigram (tags: phishing, malware)
More_eggs (tags: malware)
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 6
Url: 2
Hash: 1
Domain: 2
07-04-2022
UpdateAgent macOS Malware
https://www.esentire.com/blog/updateagent-macos-malware
Threats:
Vigram (tags: phishing, malware)
More_eggs (tags: malware)
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 6
Url: 2
Hash: 1
Domain: 2
eSentire
UpdateAgent macOS Malware
Read this blog to learn how eSentire Threat Response Unit (TRU) detected and contained an UpdateAgent malware threat impacting a customer in the software industry.
#ParsedReport
08-04-2022
Rook Ransomware. Static Code Analysis
https://chuongdong.com/reverse%20engineering/2022/01/06/RookRansomware
Threats:
Rook (tags: ransomware, scan, malware)
Babuk
Maze
IOCs:
Hash: 2
File: 2
Links:
08-04-2022
Rook Ransomware. Static Code Analysis
https://chuongdong.com/reverse%20engineering/2022/01/06/RookRansomware
Threats:
Rook (tags: ransomware, scan, malware)
Babuk
Maze
IOCs:
Hash: 2
File: 2
Links:
https://github.com/ARMmbed/mbedtlsChuong Dong
Rook Ransomware
Malware Analysis Report - Rook Ransomware
#ParsedReport
08-04-2022
CryptoClip Hijacker
https://labs.k7computing.com/index.php/cryptoclip-hijacker
Threats:
Cryptoclip (tags: trojan, malware)
IOCs:
File: 5
Path: 1
Hash: 1
08-04-2022
CryptoClip Hijacker
https://labs.k7computing.com/index.php/cryptoclip-hijacker
Threats:
Cryptoclip (tags: trojan, malware)
IOCs:
File: 5
Path: 1
Hash: 1
K7 Labs
CryptoClip Hijacker
Stealing crypto-currency is not new to threat actors. Thinner profit margins from mining makes stealing the coins from wallets more […]
#ParsedReport
09-04-2022
New SolarMarker (Jupyter) Campaign Demonstrates the Malwares Changing Attack Patterns
https://unit42.paloaltonetworks.com/solarmarker-malware
Threats:
Solarmarker (tags: dropper, backdoor, rat, malware, stealer)
Jupyter_stealer
IOCs:
File: 45
IP: 18
Hash: 23
Links:
09-04-2022
New SolarMarker (Jupyter) Campaign Demonstrates the Malwares Changing Attack Patterns
https://unit42.paloaltonetworks.com/solarmarker-malware
Threats:
Solarmarker (tags: dropper, backdoor, rat, malware, stealer)
Jupyter_stealer
IOCs:
File: 45
IP: 18
Hash: 23
Links:
https://github.com/de4dot/de4dotUnit 42
New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns
A new version of SolarMarker malware appears to upgrade evasion abilities and demonstrates that the infostealer and backdoor continues to evolve.
#ParsedReport
09-04-2022
The State of Browser Extension Malware
https://blog.zimperium.com/the-state-of-browser-extension-malware
Industry:
Financial
IOCs:
File: 5
IP: 1
09-04-2022
The State of Browser Extension Malware
https://blog.zimperium.com/the-state-of-browser-extension-malware
Industry:
Financial
IOCs:
File: 5
IP: 1
Zimperium Mobile Security Blog
The State of Browser Extension Malware - Zimperium Mobile Security Blog
Web browsers have become very lucrative and effective attack surfaces. Zimperium zLabs team has classified thousands of malicious browser extension samples. Read on to learn the state of browser extensions today.
#ParsedReport
09-04-2022
Looking Inside Pandoras Box
https://www.fortinet.com/blog/threat-research/looking-inside-pandoras-box
Threats:
Pandora (tags: ransomware, malware, scan, rat)
Filecoder
Industry:
Financial
Geo:
Japanese
TTPs:
Tactics: 2
Technics: 11
IOCs:
Hash: 2
File: 19
Registry: 1
Links:
09-04-2022
Looking Inside Pandoras Box
https://www.fortinet.com/blog/threat-research/looking-inside-pandoras-box
Threats:
Pandora (tags: ransomware, malware, scan, rat)
Filecoder
Industry:
Financial
Geo:
Japanese
TTPs:
Tactics: 2
Technics: 11
IOCs:
Hash: 2
File: 19
Registry: 1
Links:
https://github.com/ARMmbed/mbedtlshttps://github.com/mandiant/flare-emuFortinet Blog
Looking Inside Pandora’s Box | FortiGuard Labs
FortiGuard Labs analyzes the emerging state-of-the-art Pandora ransomware targeting corporate networks for financial gain. Read our blog to see how it evades detection, anti-analysis, and more. Rea…
#ParsedReport
10-04-2022
Dragon News Blog. MoqHao Part 2: Continued European Expansion
https://team-cymru.com/blog/2022/04/07/moqhao-part-2-continued-european-expansion
Actors/Campaigns:
Roaming_mantis
Threats:
Moqhao (tags: phishing, malware)
Wroba
Formbook
Merlin_tool
Industry:
Financial
Geo:
Japan, South Korea, Taiwan, France, Germany, United States
IOCs:
Hash: 2
IP: 52
Links:
10-04-2022
Dragon News Blog. MoqHao Part 2: Continued European Expansion
https://team-cymru.com/blog/2022/04/07/moqhao-part-2-continued-european-expansion
Actors/Campaigns:
Roaming_mantis
Threats:
Moqhao (tags: phishing, malware)
Wroba
Formbook
Merlin_tool
Industry:
Financial
Geo:
Japan, South Korea, Taiwan, France, Germany, United States
IOCs:
Hash: 2
IP: 52
Links:
https://github.com/Ne0nd0g/merlinhttps://github.com/salesforce/jarmhttps://github.com/ninosekiTeam Cymru
MoqHao Part 2: Continued European Expansion
Monitoring Roaming Mantis Operations with Pure Signal™ Recon This blog is a product of ongoing collaboration with @ninoseki, a Tokyo-based researcher who has tracked MoqHao for several years. His public GitHub contains numerous useful OSINT threat hunting…
#ParsedReport
11-04-2022
MetaStealer malware: An improved version of RedLine actively distributed via malspam campaign
https://www.secureblink.com/cyber-security-news/meta-stealer-malware-an-improved-version-of-red-line-actively-distributed-via-malspam-campaign
Threats:
Meta_stealer (tags: phishing, stealer, spam, botnet, malware)
Redline_stealer (tags: phishing, stealer, spam, botnet, malware)
Industry:
E-commerce
IOCs:
File: 2
IP: 1
11-04-2022
MetaStealer malware: An improved version of RedLine actively distributed via malspam campaign
https://www.secureblink.com/cyber-security-news/meta-stealer-malware-an-improved-version-of-red-line-actively-distributed-via-malspam-campaign
Threats:
Meta_stealer (tags: phishing, stealer, spam, botnet, malware)
Redline_stealer (tags: phishing, stealer, spam, botnet, malware)
Industry:
E-commerce
IOCs:
File: 2
IP: 1
#ParsedReport
11-04-2022
Snow abuse and gluttony: Analysis of suspected Lazarus attack activities against Korean companies
https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA
Actors/Campaigns:
Lazarus (tags: malware, phishing)
Industry:
Financial
Geo:
Asia, Korean
CVEs:
CVE-2017-0199 [Vulners]
Vulners: Score: 9.3, CVSS: 9.6,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, *)
- microsoft windows server 2012 (-)
- microsoft windows vista (*)
- microsoft office (2010, 2013, 2016, 2007)
- microsoft windows 7 (*)
have more...
IOCs:
File: 7
Coin: 1
Hash: 21
11-04-2022
Snow abuse and gluttony: Analysis of suspected Lazarus attack activities against Korean companies
https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA
Actors/Campaigns:
Lazarus (tags: malware, phishing)
Industry:
Financial
Geo:
Asia, Korean
CVEs:
CVE-2017-0199 [Vulners]
Vulners: Score: 9.3, CVSS: 9.6,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, *)
- microsoft windows server 2012 (-)
- microsoft windows vista (*)
- microsoft office (2010, 2013, 2016, 2007)
- microsoft windows 7 (*)
have more...
IOCs:
File: 7
Coin: 1
Hash: 21
Weixin Official Accounts Platform
雪虐风饕:疑似Lazarus组织针对韩国企业的攻击活动分析
近日,奇安信威胁情报中心红雨滴团队在日常的威胁狩猎中捕获到了大量针对韩国企业的鱼叉式网络钓鱼攻击样本。其通过带漏洞的文档或chm文件进行感染,并区分当前操作系统位数,执行对应系统位数的宏代码,以达到最佳的攻击效果。
#ParsedReport
11-04-2022
Analysis of the SunnyDay ransomware. Introduction
https://seguranca-informatica.pt/analysis-of-the-sunnyday-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=analysis-of-the-sunnyday-ransomware
Threats:
Sunnyday (tags: ransomware, malware)
Medusalocker
Industry:
Financial
IOCs:
File: 4
Hash: 3
Path: 1
Coin: 1
YARA: Found
11-04-2022
Analysis of the SunnyDay ransomware. Introduction
https://seguranca-informatica.pt/analysis-of-the-sunnyday-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=analysis-of-the-sunnyday-ransomware
Threats:
Sunnyday (tags: ransomware, malware)
Medusalocker
Industry:
Financial
IOCs:
File: 4
Hash: 3
Path: 1
Coin: 1
YARA: Found
#ParsedReport
12-04-2022
SystemBC Being Used by Various Attackers
https://asec.ahnlab.com/en/33600
Actors/Campaigns:
Darkside
Pseudomanuscrypt
Threats:
Systembc (tags: proxy, spam, malware, ransomware, dropper, scan, rat, stealer, dns)
Smokeloader_backdoor
Emotet
Rig_tool
Ryuk
Egregor
Cobalt_strike
Psexec_tool
Cryptbot_stealer
Redline_stealer
Trojan/win.malpe.r480644
Trojan/win.generic.c5006057
Malware/win32.rl_generic.r358611
Trojan/win32.agent.c3511593
Industry:
Financial
IOCs:
File: 5
Hash: 4
Domain: 5
IP: 4
Url: 2
Links:
12-04-2022
SystemBC Being Used by Various Attackers
https://asec.ahnlab.com/en/33600
Actors/Campaigns:
Darkside
Pseudomanuscrypt
Threats:
Systembc (tags: proxy, spam, malware, ransomware, dropper, scan, rat, stealer, dns)
Smokeloader_backdoor
Emotet
Rig_tool
Ryuk
Egregor
Cobalt_strike
Psexec_tool
Cryptbot_stealer
Redline_stealer
Trojan/win.malpe.r480644
Trojan/win.generic.c5006057
Malware/win32.rl_generic.r358611
Trojan/win32.agent.c3511593
Industry:
Financial
IOCs:
File: 5
Hash: 4
Domain: 5
IP: 4
Url: 2
Links:
https://github.com/wbenny/mini-torASEC
SystemBC Being Used by Various Attackers - ASEC
SystemBC Being Used by Various Attackers ASEC
#ParsedReport
12-04-2022
Fake Chrome Setup Leads to NetSupportManager RAT and Mars Stealer
https://www.esentire.com/blog/fake-chrome-setup-leads-to-netsupportmanager-rat-and-mars-stealer
Threats:
Netsupportmanager_rat (tags: rat, malware, fraud, phishing, stealer)
Mars_stealer (tags: rat, malware, fraud, phishing, stealer)
More_eggs
Industry:
Financial
IOCs:
File: 13
Coin: 1
Domain: 2
IP: 1
Hash: 8
12-04-2022
Fake Chrome Setup Leads to NetSupportManager RAT and Mars Stealer
https://www.esentire.com/blog/fake-chrome-setup-leads-to-netsupportmanager-rat-and-mars-stealer
Threats:
Netsupportmanager_rat (tags: rat, malware, fraud, phishing, stealer)
Mars_stealer (tags: rat, malware, fraud, phishing, stealer)
More_eggs
Industry:
Financial
IOCs:
File: 13
Coin: 1
Domain: 2
IP: 1
Hash: 8
eSentire
Fake Chrome Setup Leads to NetSupportManager RAT and Mars Stealer
#ParsedReport
12-04-2022
Tarrask malware uses scheduled tasks for defense evasion
https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion
Actors/Campaigns:
Hafnium (tags: malware)
Threats:
Tarrask (tags: malware, rat)
Godzilla_loader (tags: malware)
Ligolo
Industry:
Telco
IOCs:
Registry: 1
Path: 2
File: 15
Hash: 3
Links:
12-04-2022
Tarrask malware uses scheduled tasks for defense evasion
https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion
Actors/Campaigns:
Hafnium (tags: malware)
Threats:
Tarrask (tags: malware, rat)
Godzilla_loader (tags: malware)
Ligolo
Industry:
Telco
IOCs:
Registry: 1
Path: 2
File: 15
Hash: 3
Links:
https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/TarraskHashIoC.yamlhttps://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/ScheduleTaskHide.yamlhttps://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityAlert/AVTarrask.yamlMicrosoft News
Tarrask malware uses scheduled tasks for defense evasion
Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks,…
#ParsedReport
12-04-2022
Malware Campaigns Targeting African Banking Sector
https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector
Threats:
Html_smuggling_technique (tags: rat, malware)
Cloudeye
Remcos_rat
Industry:
Financial
Geo:
Africa
IOCs:
File: 4
Hash: 6
Url: 2
Domain: 3
12-04-2022
Malware Campaigns Targeting African Banking Sector
https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector
Threats:
Html_smuggling_technique (tags: rat, malware)
Cloudeye
Remcos_rat
Industry:
Financial
Geo:
Africa
IOCs:
File: 4
Hash: 6
Url: 2
Domain: 3
HP Wolf Security
Malware Campaigns Targeting African Banking Sector | HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, Malware Campaigns Targeting African Banking Sector, to learn more about cyber threats and cyber security.
👍1
#ParsedReport
12-04-2022
Attackers linger on government agency computers before deploying Lockbit ransomware
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware
Threats:
Lockbit (tags: rat, scan, ransomware, malware, cryptomining, proxy, vpn)
Anydesk_tool (tags: ransomware)
Mimikatz (tags: ransomware)
Screenconnect_tool (tags: ransomware)
Psexec_tool (tags: ransomware)
Gmer_tool (tags: ransomware)
Iobit_tool (tags: ransomware)
Putty_tool (tags: ransomware)
Bogus
Lazagne
Nlbrute_tool
Passview_tool
Industry:
Government, Healthcare
Geo:
American, Iran, Poland, Bulgaria, Russia, Canada, Estonia
IOCs:
File: 2
IP: 1
Hash: 10
12-04-2022
Attackers linger on government agency computers before deploying Lockbit ransomware
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware
Threats:
Lockbit (tags: rat, scan, ransomware, malware, cryptomining, proxy, vpn)
Anydesk_tool (tags: ransomware)
Mimikatz (tags: ransomware)
Screenconnect_tool (tags: ransomware)
Psexec_tool (tags: ransomware)
Gmer_tool (tags: ransomware)
Iobit_tool (tags: ransomware)
Putty_tool (tags: ransomware)
Bogus
Lazagne
Nlbrute_tool
Passview_tool
Industry:
Government, Healthcare
Geo:
American, Iran, Poland, Bulgaria, Russia, Canada, Estonia
IOCs:
File: 2
IP: 1
Hash: 10
Sophos News
Attackers linger on government agency computers before deploying Lockbit ransomware
Threat actors spent more than five months remotely googling for tools from the target’s machines
#ParsedReport
12-04-2022
Industroyer2: Industroyer reloaded
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded
Actors/Campaigns:
Sandworm
Threats:
Crashoverride (tags: rat, trojan, malware)
Killdisk (tags: rat, malware)
Orcshred (tags: malware)
Soloshred (tags: malware)
Awfulshred (tags: malware)
Eternal_petya
Arguepatch_loader
Industry:
Financial, Government, Ics, Energy
Geo:
Ukraine, Russia
IOCs:
File: 2
Hash: 7
12-04-2022
Industroyer2: Industroyer reloaded
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded
Actors/Campaigns:
Sandworm
Threats:
Crashoverride (tags: rat, trojan, malware)
Killdisk (tags: rat, malware)
Orcshred (tags: malware)
Soloshred (tags: malware)
Awfulshred (tags: malware)
Eternal_petya
Arguepatch_loader
Industry:
Financial, Government, Ics, Energy
Geo:
Ukraine, Russia
IOCs:
File: 2
Hash: 7
WeLiveSecurity
Industroyer2: Industroyer reloaded
ESET researchers have responded to a cyber-incident that affected an energy provider in Ukraine and involved ICS-capable malware that we've named Industroyer2.
#ParsedReport
13-04-2022
Caution. Virus/XLS Xanpei Infecting Normal Excel Files
https://asec.ahnlab.com/en/33630
Threats:
Xanpei (tags: malware, cryptomining, scan)
Bitminer
IOCs:
Hash: 2
File: 2
Path: 1
Url: 3
13-04-2022
Caution. Virus/XLS Xanpei Infecting Normal Excel Files
https://asec.ahnlab.com/en/33630
Threats:
Xanpei (tags: malware, cryptomining, scan)
Bitminer
IOCs:
Hash: 2
File: 2
Path: 1
Url: 3
ASEC BLOG
[Caution] Virus/XLS Xanpei Infecting Normal Excel Files - ASEC BLOG
The ASEC analysis team has recently discovered the constant distribution of malware strains that spread the infection when Excel file is opened. Besides infecting normal Excel files, they can also perform additional malicious behaviors such as acting as a…
#ParsedReport
13-04-2022
Emotet modules and recent attacks
https://securelist.com/emotet-modules-and-recent-attacks/106290
Threats:
Emotet (tags: malware, spam, botnet, trojan)
Mail_passview_tool
Trickbot
Industry:
Financial
Geo:
Malaysia, Germany, Italy, Brazil, China, India, Indonesia, Mexico, Russia, Japan, Vietnam
IOCs:
Path: 2
Registry: 1
File: 3
IP: 40
13-04-2022
Emotet modules and recent attacks
https://securelist.com/emotet-modules-and-recent-attacks/106290
Threats:
Emotet (tags: malware, spam, botnet, trojan)
Mail_passview_tool
Trickbot
Industry:
Financial
Geo:
Malaysia, Germany, Italy, Brazil, China, India, Indonesia, Mexico, Russia, Japan, Vietnam
IOCs:
Path: 2
Registry: 1
File: 3
IP: 40
Securelist
Kaspersky report on Emotet modules and recent attacks
Emotet was disrupted in January 2021 and returned in November. This report provides technical description of its active modules and statistics on the malware's recent attacks.
#ParsedReport
13-04-2022
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware
Actors/Campaigns:
Darkside (tags: malware, ransomware)
Blackmatter (tags: malware, ransomware)
Threats:
Z_loader (tags: fraud, proxy, spam, scam, malware, ransomware, rat, trojan, phishing)
Zeus (tags: malware, ransomware)
Cobalt_strike (tags: malware, ransomware)
Ragnarlocker (tags: malware, ransomware)
Ryuk (tags: malware, ransomware)
Atera_tool
Psexec_tool
Industry:
Telco, Financial
Geo:
China, Japan
CVEs:
CVE-2020-1599 [Vulners]
Vulners: Score: 2.1, CVSS: 3.9,
Vulners: Exploitation: True
X-Force: Risk: 5.5
X-Force: Patch: Official fix
Soft:
- microsoft windows 10 (-, 20h2, 1607, 1803, 1809, 1903, 1909, 2004)
- microsoft windows 7 (-)
- microsoft windows 8.1 (-)
- microsoft windows rt 8.1 (-)
- microsoft windows server 2008 (-, r2)
have more...
CVE-2012-0151 [Vulners]
Vulners: Score: 9.3, CVSS: 7.7,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows vista (*, *)
- microsoft windows server 2008 (r2, *, *, *, r2)
- microsoft windows xp (*, -)
- microsoft windows 7 (*, *)
- microsoft windows server 2003 (*)
have more...
CVE-2013-3900 [Vulners]
Vulners: Score: 7.6, CVSS: 7.3,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, r2, -)
- microsoft windows 7 (-)
- microsoft windows rt (-)
- microsoft windows 8.1 (-)
- microsoft windows server 2003 (-)
have more...
TTPs:
Tactics: 2
Technics: 0
IOCs:
Domain: 14
Url: 2
File: 16
Path: 1
13-04-2022
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware
Actors/Campaigns:
Darkside (tags: malware, ransomware)
Blackmatter (tags: malware, ransomware)
Threats:
Z_loader (tags: fraud, proxy, spam, scam, malware, ransomware, rat, trojan, phishing)
Zeus (tags: malware, ransomware)
Cobalt_strike (tags: malware, ransomware)
Ragnarlocker (tags: malware, ransomware)
Ryuk (tags: malware, ransomware)
Atera_tool
Psexec_tool
Industry:
Telco, Financial
Geo:
China, Japan
CVEs:
CVE-2020-1599 [Vulners]
Vulners: Score: 2.1, CVSS: 3.9,
Vulners: Exploitation: True
X-Force: Risk: 5.5
X-Force: Patch: Official fix
Soft:
- microsoft windows 10 (-, 20h2, 1607, 1803, 1809, 1903, 1909, 2004)
- microsoft windows 7 (-)
- microsoft windows 8.1 (-)
- microsoft windows rt 8.1 (-)
- microsoft windows server 2008 (-, r2)
have more...
CVE-2012-0151 [Vulners]
Vulners: Score: 9.3, CVSS: 7.7,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows vista (*, *)
- microsoft windows server 2008 (r2, *, *, *, r2)
- microsoft windows xp (*, -)
- microsoft windows 7 (*, *)
- microsoft windows server 2003 (*)
have more...
CVE-2013-3900 [Vulners]
Vulners: Score: 7.6, CVSS: 7.3,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, r2, -)
- microsoft windows 7 (-)
- microsoft windows rt (-)
- microsoft windows 8.1 (-)
- microsoft windows server 2003 (-)
have more...
TTPs:
Tactics: 2
Technics: 0
IOCs:
Domain: 14
Url: 2
File: 16
Path: 1
Microsoft Security Blog
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware | Microsoft Security Blog
Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. In this blog, we detail the various characteristics for identifying ZLoader activity, including its associated…