#ParsedReport
09-04-2022
The State of Browser Extension Malware
https://blog.zimperium.com/the-state-of-browser-extension-malware
Industry:
Financial
IOCs:
File: 5
IP: 1
09-04-2022
The State of Browser Extension Malware
https://blog.zimperium.com/the-state-of-browser-extension-malware
Industry:
Financial
IOCs:
File: 5
IP: 1
Zimperium Mobile Security Blog
The State of Browser Extension Malware - Zimperium Mobile Security Blog
Web browsers have become very lucrative and effective attack surfaces. Zimperium zLabs team has classified thousands of malicious browser extension samples. Read on to learn the state of browser extensions today.
#ParsedReport
09-04-2022
Looking Inside Pandoras Box
https://www.fortinet.com/blog/threat-research/looking-inside-pandoras-box
Threats:
Pandora (tags: ransomware, malware, scan, rat)
Filecoder
Industry:
Financial
Geo:
Japanese
TTPs:
Tactics: 2
Technics: 11
IOCs:
Hash: 2
File: 19
Registry: 1
Links:
09-04-2022
Looking Inside Pandoras Box
https://www.fortinet.com/blog/threat-research/looking-inside-pandoras-box
Threats:
Pandora (tags: ransomware, malware, scan, rat)
Filecoder
Industry:
Financial
Geo:
Japanese
TTPs:
Tactics: 2
Technics: 11
IOCs:
Hash: 2
File: 19
Registry: 1
Links:
https://github.com/ARMmbed/mbedtlshttps://github.com/mandiant/flare-emuFortinet Blog
Looking Inside Pandora’s Box | FortiGuard Labs
FortiGuard Labs analyzes the emerging state-of-the-art Pandora ransomware targeting corporate networks for financial gain. Read our blog to see how it evades detection, anti-analysis, and more. Rea…
#ParsedReport
10-04-2022
Dragon News Blog. MoqHao Part 2: Continued European Expansion
https://team-cymru.com/blog/2022/04/07/moqhao-part-2-continued-european-expansion
Actors/Campaigns:
Roaming_mantis
Threats:
Moqhao (tags: phishing, malware)
Wroba
Formbook
Merlin_tool
Industry:
Financial
Geo:
Japan, South Korea, Taiwan, France, Germany, United States
IOCs:
Hash: 2
IP: 52
Links:
10-04-2022
Dragon News Blog. MoqHao Part 2: Continued European Expansion
https://team-cymru.com/blog/2022/04/07/moqhao-part-2-continued-european-expansion
Actors/Campaigns:
Roaming_mantis
Threats:
Moqhao (tags: phishing, malware)
Wroba
Formbook
Merlin_tool
Industry:
Financial
Geo:
Japan, South Korea, Taiwan, France, Germany, United States
IOCs:
Hash: 2
IP: 52
Links:
https://github.com/Ne0nd0g/merlinhttps://github.com/salesforce/jarmhttps://github.com/ninosekiTeam Cymru
MoqHao Part 2: Continued European Expansion
Monitoring Roaming Mantis Operations with Pure Signal™ Recon This blog is a product of ongoing collaboration with @ninoseki, a Tokyo-based researcher who has tracked MoqHao for several years. His public GitHub contains numerous useful OSINT threat hunting…
#ParsedReport
11-04-2022
MetaStealer malware: An improved version of RedLine actively distributed via malspam campaign
https://www.secureblink.com/cyber-security-news/meta-stealer-malware-an-improved-version-of-red-line-actively-distributed-via-malspam-campaign
Threats:
Meta_stealer (tags: phishing, stealer, spam, botnet, malware)
Redline_stealer (tags: phishing, stealer, spam, botnet, malware)
Industry:
E-commerce
IOCs:
File: 2
IP: 1
11-04-2022
MetaStealer malware: An improved version of RedLine actively distributed via malspam campaign
https://www.secureblink.com/cyber-security-news/meta-stealer-malware-an-improved-version-of-red-line-actively-distributed-via-malspam-campaign
Threats:
Meta_stealer (tags: phishing, stealer, spam, botnet, malware)
Redline_stealer (tags: phishing, stealer, spam, botnet, malware)
Industry:
E-commerce
IOCs:
File: 2
IP: 1
#ParsedReport
11-04-2022
Snow abuse and gluttony: Analysis of suspected Lazarus attack activities against Korean companies
https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA
Actors/Campaigns:
Lazarus (tags: malware, phishing)
Industry:
Financial
Geo:
Asia, Korean
CVEs:
CVE-2017-0199 [Vulners]
Vulners: Score: 9.3, CVSS: 9.6,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, *)
- microsoft windows server 2012 (-)
- microsoft windows vista (*)
- microsoft office (2010, 2013, 2016, 2007)
- microsoft windows 7 (*)
have more...
IOCs:
File: 7
Coin: 1
Hash: 21
11-04-2022
Snow abuse and gluttony: Analysis of suspected Lazarus attack activities against Korean companies
https://mp.weixin.qq.com/s/kcIaoB8Yta1zI6Py-uxupA
Actors/Campaigns:
Lazarus (tags: malware, phishing)
Industry:
Financial
Geo:
Asia, Korean
CVEs:
CVE-2017-0199 [Vulners]
Vulners: Score: 9.3, CVSS: 9.6,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, *)
- microsoft windows server 2012 (-)
- microsoft windows vista (*)
- microsoft office (2010, 2013, 2016, 2007)
- microsoft windows 7 (*)
have more...
IOCs:
File: 7
Coin: 1
Hash: 21
Weixin Official Accounts Platform
雪虐风饕:疑似Lazarus组织针对韩国企业的攻击活动分析
近日,奇安信威胁情报中心红雨滴团队在日常的威胁狩猎中捕获到了大量针对韩国企业的鱼叉式网络钓鱼攻击样本。其通过带漏洞的文档或chm文件进行感染,并区分当前操作系统位数,执行对应系统位数的宏代码,以达到最佳的攻击效果。
#ParsedReport
11-04-2022
Analysis of the SunnyDay ransomware. Introduction
https://seguranca-informatica.pt/analysis-of-the-sunnyday-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=analysis-of-the-sunnyday-ransomware
Threats:
Sunnyday (tags: ransomware, malware)
Medusalocker
Industry:
Financial
IOCs:
File: 4
Hash: 3
Path: 1
Coin: 1
YARA: Found
11-04-2022
Analysis of the SunnyDay ransomware. Introduction
https://seguranca-informatica.pt/analysis-of-the-sunnyday-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=analysis-of-the-sunnyday-ransomware
Threats:
Sunnyday (tags: ransomware, malware)
Medusalocker
Industry:
Financial
IOCs:
File: 4
Hash: 3
Path: 1
Coin: 1
YARA: Found
#ParsedReport
12-04-2022
SystemBC Being Used by Various Attackers
https://asec.ahnlab.com/en/33600
Actors/Campaigns:
Darkside
Pseudomanuscrypt
Threats:
Systembc (tags: proxy, spam, malware, ransomware, dropper, scan, rat, stealer, dns)
Smokeloader_backdoor
Emotet
Rig_tool
Ryuk
Egregor
Cobalt_strike
Psexec_tool
Cryptbot_stealer
Redline_stealer
Trojan/win.malpe.r480644
Trojan/win.generic.c5006057
Malware/win32.rl_generic.r358611
Trojan/win32.agent.c3511593
Industry:
Financial
IOCs:
File: 5
Hash: 4
Domain: 5
IP: 4
Url: 2
Links:
12-04-2022
SystemBC Being Used by Various Attackers
https://asec.ahnlab.com/en/33600
Actors/Campaigns:
Darkside
Pseudomanuscrypt
Threats:
Systembc (tags: proxy, spam, malware, ransomware, dropper, scan, rat, stealer, dns)
Smokeloader_backdoor
Emotet
Rig_tool
Ryuk
Egregor
Cobalt_strike
Psexec_tool
Cryptbot_stealer
Redline_stealer
Trojan/win.malpe.r480644
Trojan/win.generic.c5006057
Malware/win32.rl_generic.r358611
Trojan/win32.agent.c3511593
Industry:
Financial
IOCs:
File: 5
Hash: 4
Domain: 5
IP: 4
Url: 2
Links:
https://github.com/wbenny/mini-torASEC
SystemBC Being Used by Various Attackers - ASEC
SystemBC Being Used by Various Attackers ASEC
#ParsedReport
12-04-2022
Fake Chrome Setup Leads to NetSupportManager RAT and Mars Stealer
https://www.esentire.com/blog/fake-chrome-setup-leads-to-netsupportmanager-rat-and-mars-stealer
Threats:
Netsupportmanager_rat (tags: rat, malware, fraud, phishing, stealer)
Mars_stealer (tags: rat, malware, fraud, phishing, stealer)
More_eggs
Industry:
Financial
IOCs:
File: 13
Coin: 1
Domain: 2
IP: 1
Hash: 8
12-04-2022
Fake Chrome Setup Leads to NetSupportManager RAT and Mars Stealer
https://www.esentire.com/blog/fake-chrome-setup-leads-to-netsupportmanager-rat-and-mars-stealer
Threats:
Netsupportmanager_rat (tags: rat, malware, fraud, phishing, stealer)
Mars_stealer (tags: rat, malware, fraud, phishing, stealer)
More_eggs
Industry:
Financial
IOCs:
File: 13
Coin: 1
Domain: 2
IP: 1
Hash: 8
eSentire
Fake Chrome Setup Leads to NetSupportManager RAT and Mars Stealer
#ParsedReport
12-04-2022
Tarrask malware uses scheduled tasks for defense evasion
https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion
Actors/Campaigns:
Hafnium (tags: malware)
Threats:
Tarrask (tags: malware, rat)
Godzilla_loader (tags: malware)
Ligolo
Industry:
Telco
IOCs:
Registry: 1
Path: 2
File: 15
Hash: 3
Links:
12-04-2022
Tarrask malware uses scheduled tasks for defense evasion
https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion
Actors/Campaigns:
Hafnium (tags: malware)
Threats:
Tarrask (tags: malware, rat)
Godzilla_loader (tags: malware)
Ligolo
Industry:
Telco
IOCs:
Registry: 1
Path: 2
File: 15
Hash: 3
Links:
https://github.com/Azure/Azure-Sentinel/blob/master/Detections/MultipleDataSources/TarraskHashIoC.yamlhttps://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityEvent/ScheduleTaskHide.yamlhttps://github.com/Azure/Azure-Sentinel/blob/master/Detections/SecurityAlert/AVTarrask.yamlMicrosoft News
Tarrask malware uses scheduled tasks for defense evasion
Microsoft Detection and Response Team (DART) researchers have uncovered malware that creates “hidden” scheduled tasks as a defense evasion technique. In this post, we will demonstrate how threat actors create scheduled tasks, how they cover their tracks,…
#ParsedReport
12-04-2022
Malware Campaigns Targeting African Banking Sector
https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector
Threats:
Html_smuggling_technique (tags: rat, malware)
Cloudeye
Remcos_rat
Industry:
Financial
Geo:
Africa
IOCs:
File: 4
Hash: 6
Url: 2
Domain: 3
12-04-2022
Malware Campaigns Targeting African Banking Sector
https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector
Threats:
Html_smuggling_technique (tags: rat, malware)
Cloudeye
Remcos_rat
Industry:
Financial
Geo:
Africa
IOCs:
File: 4
Hash: 6
Url: 2
Domain: 3
HP Wolf Security
Malware Campaigns Targeting African Banking Sector | HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, Malware Campaigns Targeting African Banking Sector, to learn more about cyber threats and cyber security.
👍1
#ParsedReport
12-04-2022
Attackers linger on government agency computers before deploying Lockbit ransomware
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware
Threats:
Lockbit (tags: rat, scan, ransomware, malware, cryptomining, proxy, vpn)
Anydesk_tool (tags: ransomware)
Mimikatz (tags: ransomware)
Screenconnect_tool (tags: ransomware)
Psexec_tool (tags: ransomware)
Gmer_tool (tags: ransomware)
Iobit_tool (tags: ransomware)
Putty_tool (tags: ransomware)
Bogus
Lazagne
Nlbrute_tool
Passview_tool
Industry:
Government, Healthcare
Geo:
American, Iran, Poland, Bulgaria, Russia, Canada, Estonia
IOCs:
File: 2
IP: 1
Hash: 10
12-04-2022
Attackers linger on government agency computers before deploying Lockbit ransomware
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware
Threats:
Lockbit (tags: rat, scan, ransomware, malware, cryptomining, proxy, vpn)
Anydesk_tool (tags: ransomware)
Mimikatz (tags: ransomware)
Screenconnect_tool (tags: ransomware)
Psexec_tool (tags: ransomware)
Gmer_tool (tags: ransomware)
Iobit_tool (tags: ransomware)
Putty_tool (tags: ransomware)
Bogus
Lazagne
Nlbrute_tool
Passview_tool
Industry:
Government, Healthcare
Geo:
American, Iran, Poland, Bulgaria, Russia, Canada, Estonia
IOCs:
File: 2
IP: 1
Hash: 10
Sophos News
Attackers linger on government agency computers before deploying Lockbit ransomware
Threat actors spent more than five months remotely googling for tools from the target’s machines
#ParsedReport
12-04-2022
Industroyer2: Industroyer reloaded
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded
Actors/Campaigns:
Sandworm
Threats:
Crashoverride (tags: rat, trojan, malware)
Killdisk (tags: rat, malware)
Orcshred (tags: malware)
Soloshred (tags: malware)
Awfulshred (tags: malware)
Eternal_petya
Arguepatch_loader
Industry:
Financial, Government, Ics, Energy
Geo:
Ukraine, Russia
IOCs:
File: 2
Hash: 7
12-04-2022
Industroyer2: Industroyer reloaded
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded
Actors/Campaigns:
Sandworm
Threats:
Crashoverride (tags: rat, trojan, malware)
Killdisk (tags: rat, malware)
Orcshred (tags: malware)
Soloshred (tags: malware)
Awfulshred (tags: malware)
Eternal_petya
Arguepatch_loader
Industry:
Financial, Government, Ics, Energy
Geo:
Ukraine, Russia
IOCs:
File: 2
Hash: 7
WeLiveSecurity
Industroyer2: Industroyer reloaded
ESET researchers have responded to a cyber-incident that affected an energy provider in Ukraine and involved ICS-capable malware that we've named Industroyer2.
#ParsedReport
13-04-2022
Caution. Virus/XLS Xanpei Infecting Normal Excel Files
https://asec.ahnlab.com/en/33630
Threats:
Xanpei (tags: malware, cryptomining, scan)
Bitminer
IOCs:
Hash: 2
File: 2
Path: 1
Url: 3
13-04-2022
Caution. Virus/XLS Xanpei Infecting Normal Excel Files
https://asec.ahnlab.com/en/33630
Threats:
Xanpei (tags: malware, cryptomining, scan)
Bitminer
IOCs:
Hash: 2
File: 2
Path: 1
Url: 3
ASEC BLOG
[Caution] Virus/XLS Xanpei Infecting Normal Excel Files - ASEC BLOG
The ASEC analysis team has recently discovered the constant distribution of malware strains that spread the infection when Excel file is opened. Besides infecting normal Excel files, they can also perform additional malicious behaviors such as acting as a…
#ParsedReport
13-04-2022
Emotet modules and recent attacks
https://securelist.com/emotet-modules-and-recent-attacks/106290
Threats:
Emotet (tags: malware, spam, botnet, trojan)
Mail_passview_tool
Trickbot
Industry:
Financial
Geo:
Malaysia, Germany, Italy, Brazil, China, India, Indonesia, Mexico, Russia, Japan, Vietnam
IOCs:
Path: 2
Registry: 1
File: 3
IP: 40
13-04-2022
Emotet modules and recent attacks
https://securelist.com/emotet-modules-and-recent-attacks/106290
Threats:
Emotet (tags: malware, spam, botnet, trojan)
Mail_passview_tool
Trickbot
Industry:
Financial
Geo:
Malaysia, Germany, Italy, Brazil, China, India, Indonesia, Mexico, Russia, Japan, Vietnam
IOCs:
Path: 2
Registry: 1
File: 3
IP: 40
Securelist
Kaspersky report on Emotet modules and recent attacks
Emotet was disrupted in January 2021 and returned in November. This report provides technical description of its active modules and statistics on the malware's recent attacks.
#ParsedReport
13-04-2022
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware
Actors/Campaigns:
Darkside (tags: malware, ransomware)
Blackmatter (tags: malware, ransomware)
Threats:
Z_loader (tags: fraud, proxy, spam, scam, malware, ransomware, rat, trojan, phishing)
Zeus (tags: malware, ransomware)
Cobalt_strike (tags: malware, ransomware)
Ragnarlocker (tags: malware, ransomware)
Ryuk (tags: malware, ransomware)
Atera_tool
Psexec_tool
Industry:
Telco, Financial
Geo:
China, Japan
CVEs:
CVE-2020-1599 [Vulners]
Vulners: Score: 2.1, CVSS: 3.9,
Vulners: Exploitation: True
X-Force: Risk: 5.5
X-Force: Patch: Official fix
Soft:
- microsoft windows 10 (-, 20h2, 1607, 1803, 1809, 1903, 1909, 2004)
- microsoft windows 7 (-)
- microsoft windows 8.1 (-)
- microsoft windows rt 8.1 (-)
- microsoft windows server 2008 (-, r2)
have more...
CVE-2012-0151 [Vulners]
Vulners: Score: 9.3, CVSS: 7.7,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows vista (*, *)
- microsoft windows server 2008 (r2, *, *, *, r2)
- microsoft windows xp (*, -)
- microsoft windows 7 (*, *)
- microsoft windows server 2003 (*)
have more...
CVE-2013-3900 [Vulners]
Vulners: Score: 7.6, CVSS: 7.3,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, r2, -)
- microsoft windows 7 (-)
- microsoft windows rt (-)
- microsoft windows 8.1 (-)
- microsoft windows server 2003 (-)
have more...
TTPs:
Tactics: 2
Technics: 0
IOCs:
Domain: 14
Url: 2
File: 16
Path: 1
13-04-2022
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware
Actors/Campaigns:
Darkside (tags: malware, ransomware)
Blackmatter (tags: malware, ransomware)
Threats:
Z_loader (tags: fraud, proxy, spam, scam, malware, ransomware, rat, trojan, phishing)
Zeus (tags: malware, ransomware)
Cobalt_strike (tags: malware, ransomware)
Ragnarlocker (tags: malware, ransomware)
Ryuk (tags: malware, ransomware)
Atera_tool
Psexec_tool
Industry:
Telco, Financial
Geo:
China, Japan
CVEs:
CVE-2020-1599 [Vulners]
Vulners: Score: 2.1, CVSS: 3.9,
Vulners: Exploitation: True
X-Force: Risk: 5.5
X-Force: Patch: Official fix
Soft:
- microsoft windows 10 (-, 20h2, 1607, 1803, 1809, 1903, 1909, 2004)
- microsoft windows 7 (-)
- microsoft windows 8.1 (-)
- microsoft windows rt 8.1 (-)
- microsoft windows server 2008 (-, r2)
have more...
CVE-2012-0151 [Vulners]
Vulners: Score: 9.3, CVSS: 7.7,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows vista (*, *)
- microsoft windows server 2008 (r2, *, *, *, r2)
- microsoft windows xp (*, -)
- microsoft windows 7 (*, *)
- microsoft windows server 2003 (*)
have more...
CVE-2013-3900 [Vulners]
Vulners: Score: 7.6, CVSS: 7.3,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- microsoft windows server 2008 (r2, r2, -)
- microsoft windows 7 (-)
- microsoft windows rt (-)
- microsoft windows 8.1 (-)
- microsoft windows server 2003 (-)
have more...
TTPs:
Tactics: 2
Technics: 0
IOCs:
Domain: 14
Url: 2
File: 16
Path: 1
Microsoft Security Blog
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware | Microsoft Security Blog
Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. In this blog, we detail the various characteristics for identifying ZLoader activity, including its associated…
#ParsedReport
13-04-2022
Fodcha, a new DDos botnet
https://blog.netlab.360.com/fodcha-a-new-ddos-botnet
Threats:
Fodcha_botnet (tags: scan, botnet, rat, backdoor, ddos, dns)
Industry:
Telco
Geo:
Korea, China, India, Japan
CVEs:
CVE-2021-22205 [Vulners]
Vulners: Score: 7.5, CVSS: 5.6,
Vulners: Exploitation: True
X-Force: Risk: 9.9
X-Force: Patch: Official fix
Soft:
- gitlab (<13.8.8, <13.8.8, <13.9.6, <13.9.6, <13.10.3, <13.10.3)
CVE-2021-35394 [Vulners]
Vulners: Score: 10.0, CVSS: 5.4,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- realtek realtek jungle sdk (le3.4.14b)
IOCs:
Hash: 37
Url: 28
Domain: 2
13-04-2022
Fodcha, a new DDos botnet
https://blog.netlab.360.com/fodcha-a-new-ddos-botnet
Threats:
Fodcha_botnet (tags: scan, botnet, rat, backdoor, ddos, dns)
Industry:
Telco
Geo:
Korea, China, India, Japan
CVEs:
CVE-2021-22205 [Vulners]
Vulners: Score: 7.5, CVSS: 5.6,
Vulners: Exploitation: True
X-Force: Risk: 9.9
X-Force: Patch: Official fix
Soft:
- gitlab (<13.8.8, <13.8.8, <13.9.6, <13.9.6, <13.10.3, <13.10.3)
CVE-2021-35394 [Vulners]
Vulners: Score: 10.0, CVSS: 5.4,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- realtek realtek jungle sdk (le3.4.14b)
IOCs:
Hash: 37
Url: 28
Domain: 2
360 Netlab Blog - Network Security Research Lab at 360
Fodcha, a new DDos botnet
Overview
Recently, CNCERT and 360netlab worked together and discovered a rapidly spreading DDoS botnet on the Internet. The global infection looks fairly big as just in China there are more than 10,000 daily active bots (IPs) and alsomore than 100 DDoS victims…
Recently, CNCERT and 360netlab worked together and discovered a rapidly spreading DDoS botnet on the Internet. The global infection looks fairly big as just in China there are more than 10,000 daily active bots (IPs) and alsomore than 100 DDoS victims…
#ParsedReport
13-04-2022
Enemybot: A Look into Keksec's Latest DDoS Botnet
https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet
Actors/Campaigns:
Keksec
Threats:
Enemybot (tags: botnet, cryptomining, ddos, rat, malware)
Bashlite (tags: botnet, ddos)
Mirai
Beastmode_botnet
Log4shell_vuln
Industry:
Iot
CVEs:
CVE-2021-41773 [Vulners]
Vulners: Score: 4.3, CVSS: 4.4,
Vulners: Exploitation: True
X-Force: Risk: 7.5
X-Force: Patch: Official fix
Soft:
- apache http server (2.4.49)
- fedoraproject fedora (34, 35)
- oracle instantis enterprisetrack (17.1, 17.2, 17.3)
- netapp cloud backup (-)
CVE-2017-18368 [Vulners]
Vulners: Score: 10.0, CVSS: 3.1,
Vulners: Exploitation: True
X-Force: Risk: 7.3
X-Force: Patch: Unavailable
Soft:
- billion 5200w-t firmware (7.3.8.0)
- zyxel p660hn-t1a v2 firmware (7.3.15.0)
- zyxel p660hn-t1a v1 firmware (7.3.15.0)
CVE-2020-17456 [Vulners]
Vulners: Score: 7.5, CVSS: 7.0,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Unavailable
Soft:
- seowonintech slc-130 firmware (-)
- seowonintech slr-120s firmware (-)
CVE-2022-27226 [Vulners]
Vulners: Score: 9.3, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 8
X-Force: Patch: Unavailable
Soft:
- irz ru21 firmware (le2022-03-16)
- irz ru21w firmware (le2022-03-16)
- irz rl21 firmware (le2022-03-16)
- irz ru41 firmware (le2022-03-16)
- irz rl01 firmware (le2022-03-16)
have more...
CVE-2022-25075 [Vulners]
Vulners: Score: 7.5, CVSS: 6.9,
Vulners: Exploitation: Unknown
X-Force: Risk: 7.3
X-Force: Patch: Official fix
Soft:
- totolink a3000ru firmware (v5.9c.2280_b20180512)
have more...
IOCs:
Hash: 28
File: 12
Url: 19
Domain: 1
13-04-2022
Enemybot: A Look into Keksec's Latest DDoS Botnet
https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet
Actors/Campaigns:
Keksec
Threats:
Enemybot (tags: botnet, cryptomining, ddos, rat, malware)
Bashlite (tags: botnet, ddos)
Mirai
Beastmode_botnet
Log4shell_vuln
Industry:
Iot
CVEs:
CVE-2021-41773 [Vulners]
Vulners: Score: 4.3, CVSS: 4.4,
Vulners: Exploitation: True
X-Force: Risk: 7.5
X-Force: Patch: Official fix
Soft:
- apache http server (2.4.49)
- fedoraproject fedora (34, 35)
- oracle instantis enterprisetrack (17.1, 17.2, 17.3)
- netapp cloud backup (-)
CVE-2017-18368 [Vulners]
Vulners: Score: 10.0, CVSS: 3.1,
Vulners: Exploitation: True
X-Force: Risk: 7.3
X-Force: Patch: Unavailable
Soft:
- billion 5200w-t firmware (7.3.8.0)
- zyxel p660hn-t1a v2 firmware (7.3.15.0)
- zyxel p660hn-t1a v1 firmware (7.3.15.0)
CVE-2020-17456 [Vulners]
Vulners: Score: 7.5, CVSS: 7.0,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Unavailable
Soft:
- seowonintech slc-130 firmware (-)
- seowonintech slr-120s firmware (-)
CVE-2022-27226 [Vulners]
Vulners: Score: 9.3, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 8
X-Force: Patch: Unavailable
Soft:
- irz ru21 firmware (le2022-03-16)
- irz ru21w firmware (le2022-03-16)
- irz rl21 firmware (le2022-03-16)
- irz ru41 firmware (le2022-03-16)
- irz rl01 firmware (le2022-03-16)
have more...
CVE-2022-25075 [Vulners]
Vulners: Score: 7.5, CVSS: 6.9,
Vulners: Exploitation: Unknown
X-Force: Risk: 7.3
X-Force: Patch: Official fix
Soft:
- totolink a3000ru firmware (v5.9c.2280_b20180512)
have more...
IOCs:
Hash: 28
File: 12
Url: 19
Domain: 1
Fortinet Blog
Enemybot: A Look into Keksec's Latest DDoS Botnet
FortiGuard Labs observed a new DDoS botnet calling itself “Enemybot” and attributing itself to the Keksec threat group. Read our blog to learn its methods of obfuscation, how it leverages vulnerabi…
#ParsedReport
14-04-2022
ASEC Weekly Malware Statistics (April 4th, 2022 April 10th, 2022)
https://asec.ahnlab.com/en/33679
Threats:
Agent_tesla (tags: malware)
Formbook (tags: malware)
Lokibot_stealer (tags: malware)
Redline_stealer (tags: malware)
Beamwinhttp_loader (tags: malware)
IOCs:
Domain: 3
IP: 10
Email: 5
File: 20
Url: 26
14-04-2022
ASEC Weekly Malware Statistics (April 4th, 2022 April 10th, 2022)
https://asec.ahnlab.com/en/33679
Threats:
Agent_tesla (tags: malware)
Formbook (tags: malware)
Lokibot_stealer (tags: malware)
Redline_stealer (tags: malware)
Beamwinhttp_loader (tags: malware)
IOCs:
Domain: 3
IP: 10
Email: 5
File: 20
Url: 26
ASEC BLOG
ASEC Weekly Malware Statistics (April 4th, 2022 - April 10th, 2022) - ASEC BLOG
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from April 4th, 2022 (Monday) to April 10th, 2022 (Sunday). For the main category, info-stealer…
#ParsedReport
14-04-2022
Check Point Research detects Vulnerability in the Rarible NFT Marketplace, Preventing Risk of Account Takeover and Cryptocurrency Theft
https://research.checkpoint.com/2022/check-point-research-detects-vulnerability-in-the-rarible-nft-marketplace-preventing-risk-of-account-take-over-and-cryptocurrency-theft
Industry:
E-commerce, Financial
IOCs:
Coin: 1
14-04-2022
Check Point Research detects Vulnerability in the Rarible NFT Marketplace, Preventing Risk of Account Takeover and Cryptocurrency Theft
https://research.checkpoint.com/2022/check-point-research-detects-vulnerability-in-the-rarible-nft-marketplace-preventing-risk-of-account-take-over-and-cryptocurrency-theft
Industry:
E-commerce, Financial
IOCs:
Coin: 1
Check Point Research
Check Point Research detects Vulnerability in the Rarible NFT Marketplace, Preventing Risk of Account Takeover and Cryptocurrency…
14/04/2022 Research by: Roman Zaikin, Dikla Barda & Oded Vanunu Highlights: Check Point Research identifies a vulnerability within the Rarible NFT Marketplace that allows attackers to take over cryptocurrency wallets By luring victims to click on a malicious…
#ParsedReport
14-04-2022
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
http://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html
Threats:
Zingo_stealer (tags: stealer, ransomware, malware, cryptomining, rat)
Redline_stealer (tags: fraud, malware, stealer)
Xmrig_miner (tags: malware, cryptomining, stealer, rat)
Exodus
Industry:
Financial
Geo:
Russian
TTPs:
Tactics: 2
Technics: 0
IOCs:
Url: 5
Domain: 3
File: 17
Path: 8
IP: 1
Coin: 1
Hash: 349
14-04-2022
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
http://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html
Threats:
Zingo_stealer (tags: stealer, ransomware, malware, cryptomining, rat)
Redline_stealer (tags: fraud, malware, stealer)
Xmrig_miner (tags: malware, cryptomining, stealer, rat)
Exodus
Industry:
Financial
Geo:
Russian
TTPs:
Tactics: 2
Technics: 0
IOCs:
Url: 5
Domain: 3
File: 17
Path: 8
IP: 1
Coin: 1
Hash: 349
Cisco Talos Blog
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
Update (04/14/22): Following the initial publication of this blog, we observed a new post in the Haskers Gang Telegram channel announcing that ownership of the ZingoStealer project is being transferred to a new threat actor.
We also observed the malware…
We also observed the malware…
#ParsedReport
14-04-2022
Lazarus Targets Chemical Sector
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
Actors/Campaigns:
Lazarus (tags: backdoor, rat, malware)
Dream_job (tags: malware)
Threats:
Skynet_botnet
Industry:
Chemical, Government, Healthcare
Geo:
Korea, USA
IOCs:
File: 16
Hash: 32
Url: 3
Path: 4
IP: 2
Domain: 5
14-04-2022
Lazarus Targets Chemical Sector
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lazarus-dream-job-chemical
Actors/Campaigns:
Lazarus (tags: backdoor, rat, malware)
Dream_job (tags: malware)
Threats:
Skynet_botnet
Industry:
Chemical, Government, Healthcare
Geo:
Korea, USA
IOCs:
File: 16
Hash: 32
Url: 3
Path: 4
IP: 2
Domain: 5
Security
Lazarus Targets Chemical Sector
Continuation of Operation Dream Job sees North Korea-linked APT target orgs in espionage campaign.