#ParsedReport
27-04-2022
Diplomatic/security-related word documents are being distributed
https://asec-ahnlab-com.translate.goog/ko/33827/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Kimsuky
Geo:
Korea, China
IOCs:
File: 5
Path: 2
Hash: 3
Url: 1
27-04-2022
Diplomatic/security-related word documents are being distributed
https://asec-ahnlab-com.translate.goog/ko/33827/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Kimsuky
Geo:
Korea, China
IOCs:
File: 5
Path: 2
Hash: 3
Url: 1
ASEC BLOG
외교/안보 관련 내용의 워드문서 유포 중 - ASEC BLOG
ASEC 분석팀은 대북 관련 파일명으로 악성 워드 문서가 지속적으로 유포되고 있음을 확인하였다. 워드 문서에는 악성 VBA 매크로 코드가 포함되어 있으며 <대북 관련 본문 내용 악성 워드의 지속 유포 정황 확인>에서 소개한 문서 파일과 동일한 유형으로 확인된다. 최근 유포가 확인된 워드 문서의 파일명은 다음과 같다. 220426-북한의 외교정책과 우리의 대응방향(정**박사).doc (4/26) 북한의 외교정책과 우리의 대응방향.doc (4/26) 중국의…
Forwarded from Пост Лукацкого
Интересная история. После оформления договоренности о покупке Twitter'а Маском руководство соцсети запретило внесение любых изменений в код платформы (для внесения нужно согласование на уровне вице-президента), опасаясь саботажа со стороны сотрудников, которым могла не понравиться продажа компании и личность Маска, что могло заставить их внести в код какую-нибудь бяку. Управление безопасной разработкой становится все более модной темой 😊
Bloomberg.com
Twitter Locks Down Product Changes After Agreeing to Musk Bid
Twitter Inc. locked down changes to its social networking platform through Friday after accepting a $44 billion bid from billionaire Elon Musk, making it harder for employees to make unauthorized changes, according to people familiar with the matter.
#ParsedReport
27-04-2022
Targeted attack on Thailand Pass customers delivers AsyncRAT
https://www.zscaler.com/blogs/security-research/targeted-attack-thailand-pass-customers-delivers-asyncrat
Threats:
Asyncrat_rat (tags: phishing, malware, ransomware, spam, trojan)
Industry:
Aerospace
Geo:
Thailand
IOCs:
Domain: 3
Url: 3
File: 23
IP: 1
Hash: 15
27-04-2022
Targeted attack on Thailand Pass customers delivers AsyncRAT
https://www.zscaler.com/blogs/security-research/targeted-attack-thailand-pass-customers-delivers-asyncrat
Threats:
Asyncrat_rat (tags: phishing, malware, ransomware, spam, trojan)
Industry:
Aerospace
Geo:
Thailand
IOCs:
Domain: 3
Url: 3
File: 23
IP: 1
Hash: 15
Zscaler
Targeted attack on Thailand Pass customers delivers AsyncRAT | Zscaler
Thailand Pass web system delivers AsyncRAT and its technical details
#ParsedReport
27-04-2022
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload
https://www.nozominetworks.com/blog/industroyer2-nozomi-networks-labs-analyzes-the-iec-104-payload
Actors/Campaigns:
Sandworm
Threats:
Crashoverride (tags: rat, ransomware, scan, malware)
Botenago
Incontroller_tool
Log4shell_vuln
Industry:
Iot, Energy
Geo:
Ukraine
IOCs:
File: 6
Path: 1
Hash: 2
YARA: Found
27-04-2022
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload
https://www.nozominetworks.com/blog/industroyer2-nozomi-networks-labs-analyzes-the-iec-104-payload
Actors/Campaigns:
Sandworm
Threats:
Crashoverride (tags: rat, ransomware, scan, malware)
Botenago
Incontroller_tool
Log4shell_vuln
Industry:
Iot, Energy
Geo:
Ukraine
IOCs:
File: 6
Path: 1
Hash: 2
YARA: Found
Nozomi Networks
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload
Nozomi Networks Labs presents findings from their analysis of an Industroyer2 malware sample, along with recommendations to increase protection.
#ParsedReport
27-04-2022
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility
Threats:
Cobalt_strike (tags: malware, scan, ransomware, rat)
Lockbit (tags: malware, scan, ransomware, rat)
Reflectiveloader
Stealbit
IOCs:
File: 4
Path: 6
Url: 3
Hash: 6
IP: 2
YARA: Found
27-04-2022
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility
Threats:
Cobalt_strike (tags: malware, scan, ransomware, rat)
Lockbit (tags: malware, scan, ransomware, rat)
Reflectiveloader
Stealbit
IOCs:
File: 4
Path: 6
Url: 3
Hash: 6
IP: 2
YARA: Found
SentinelOne
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.
#ParsedReport
28-04-2022
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware. Technical analysis
https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html
Actors/Campaigns:
Earth_berberoka (tags: rat, dropper, proxy, malware, backdoor)
Threats:
Gh0st_rat (tags: malware)
Plugx_rat (tags: malware)
Puppetloader (tags: malware)
Tigerplug
Basicloader
Quasar_rat
Asyncrat_rat
IOCs:
Hash: 1
File: 12
Path: 1
Links:
28-04-2022
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware. Technical analysis
https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html
Actors/Campaigns:
Earth_berberoka (tags: rat, dropper, proxy, malware, backdoor)
Threats:
Gh0st_rat (tags: malware)
Plugx_rat (tags: malware)
Puppetloader (tags: malware)
Tigerplug
Basicloader
Quasar_rat
Asyncrat_rat
IOCs:
Hash: 1
File: 12
Path: 1
Links:
https://github.com/denji/golang-tlshttps://github.com/lucas-clemente/quic-goTrend Micro
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
#ParsedReport
28-04-2022
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
Actors/Campaigns:
Red_delta (tags: malware, rat, dns)
Threats:
Plugx_rat (tags: rat, malware, dns)
Geo:
Poland, Belarus, Russian, Myanmar, Asia, Ukraine, Chinas, Lithuania, Vietnam, China, Latvia
IOCs:
File: 1
Path: 1
IP: 3
Hash: 4
28-04-2022
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
Actors/Campaigns:
Red_delta (tags: malware, rat, dns)
Threats:
Plugx_rat (tags: rat, malware, dns)
Geo:
Poland, Belarus, Russian, Myanmar, Asia, Ukraine, Chinas, Lithuania, Vietnam, China, Latvia
IOCs:
File: 1
Path: 1
IP: 3
Hash: 4
Secureworks
BRONZE PRESIDENT targets Russian speakers with updated PlugX - Blog
: The threat group’s targeting shift could reflect a change in China’s intelligence collection requirements due to the war in Ukraine.
#ParsedReport
27-04-2022
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
https://www.mandiant.com/resources/unc2452-merged-into-apt29
Actors/Campaigns:
Darkhalo (tags: proxy, dns, backdoor, phishing, malware)
Duke (tags: proxy, dns, backdoor, phishing, malware)
Threats:
Cobalt_strike
Sunburst
Domain_fronting_technique
Raindrop_tool
Teardrop_tool
Mamadogs_tool
Crimsonbox_tool
Guardrails_tool
Dcsync_technique
Kerberoasting_technique
Industry:
Government, Telco, Education, Healthcare
Geo:
Asia, America, Russia
TTPs:
Tactics: 12
Technics: 55
27-04-2022
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
https://www.mandiant.com/resources/unc2452-merged-into-apt29
Actors/Campaigns:
Darkhalo (tags: proxy, dns, backdoor, phishing, malware)
Duke (tags: proxy, dns, backdoor, phishing, malware)
Threats:
Cobalt_strike
Sunburst
Domain_fronting_technique
Raindrop_tool
Teardrop_tool
Mamadogs_tool
Crimsonbox_tool
Guardrails_tool
Dcsync_technique
Kerberoasting_technique
Industry:
Government, Telco, Education, Healthcare
Geo:
Asia, America, Russia
TTPs:
Tactics: 12
Technics: 55
Google Cloud Blog
UNC2452 Merged into APT29 | Russia-Based Espionage Group | Google Cloud Blog
UNC2452 Merged into APT29. Mandiant has gathered sufficient evidence to assess that the activity tracked as UNC2452 is attributable to APT29.
#ParsedReport
27-04-2022
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
https://www.welivesecurity.com/2022/04/27/lookback-ta410-umbrella-cyberespionage-ttps-activity
Actors/Campaigns:
Ta410 (tags: rat, malware, backdoor, dropper, rootkit, proxy, phishing, keylogger)
Stone_panda
A41apt
Equation
Threats:
Flowcloud_rat (tags: rootkit, backdoor)
Plugx_rat (tags: rat, backdoor)
Quasar_rat (tags: backdoor)
Proxylogon_exploit
Proxyshell_vuln
Lolbin
Htran
Earthworm_tool
Farfli
Gh0st_rat
Guardrails_tool
Metasploit_tool
Dnguard_tool
Rozena
Meterpreter_tool
Eternalblue_vuln
Industry:
Government, Education
Geo:
China, Africa, Israel, Ukraine, French, Japan, India, Asia
CVEs:
CVE-2017-11882 [Vulners]
Vulners: Score: 9.3, CVSS: 8.3,
Vulners: Exploitation: True
X-Force: Risk: 7.8
X-Force: Patch: Official fix
Soft:
- microsoft office (2013, 2010, 2016, 2007)
CVE-2019-0604 [Vulners]
Vulners: Score: 7.5, CVSS: 4.1,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- microsoft sharepoint foundation (2013)
- microsoft sharepoint server (2019, 2010)
- microsoft sharepoint enterprise server (2016)
TTPs:
Tactics: 10
Technics: 53
IOCs:
File: 25
Domain: 6
Hash: 43
Path: 7
Url: 7
Registry: 6
IP: 14
YARA: Found
Links:
27-04-2022
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
https://www.welivesecurity.com/2022/04/27/lookback-ta410-umbrella-cyberespionage-ttps-activity
Actors/Campaigns:
Ta410 (tags: rat, malware, backdoor, dropper, rootkit, proxy, phishing, keylogger)
Stone_panda
A41apt
Equation
Threats:
Flowcloud_rat (tags: rootkit, backdoor)
Plugx_rat (tags: rat, backdoor)
Quasar_rat (tags: backdoor)
Proxylogon_exploit
Proxyshell_vuln
Lolbin
Htran
Earthworm_tool
Farfli
Gh0st_rat
Guardrails_tool
Metasploit_tool
Dnguard_tool
Rozena
Meterpreter_tool
Eternalblue_vuln
Industry:
Government, Education
Geo:
China, Africa, Israel, Ukraine, French, Japan, India, Asia
CVEs:
CVE-2017-11882 [Vulners]
Vulners: Score: 9.3, CVSS: 8.3,
Vulners: Exploitation: True
X-Force: Risk: 7.8
X-Force: Patch: Official fix
Soft:
- microsoft office (2013, 2010, 2016, 2007)
CVE-2019-0604 [Vulners]
Vulners: Score: 7.5, CVSS: 4.1,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- microsoft sharepoint foundation (2013)
- microsoft sharepoint server (2019, 2010)
- microsoft sharepoint enterprise server (2016)
TTPs:
Tactics: 10
Technics: 53
IOCs:
File: 25
Domain: 6
Hash: 43
Path: 7
Url: 7
Registry: 6
IP: 14
YARA: Found
Links:
https://github.com/LOLBAS-Project/LOLBAS#user-content-the-history-of-the-lolbin
https://github.com/eset/malware-ioc
https://github.com/sin5678/gh0st
https://github.com/UndefinedIdentifier/LCX
https://github.com/quasar/Quasar
https://github.com/protocolbuffers/protobuf
https://github.com/a0rtega/pafish
https://github.com/rootkiter/EarthWormWeLiveSecurity
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
ESET research reveals a detailed profile of TA410, a cyberespionage umbrella group that we believe consists of three different teams using different toolsets.
#ParsedReport
28-04-2022
This isn't Optimus Prime's Bumblebee but it's Still Transforming
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
Threats:
Bumblebee (tags: botnet, malware, ransomware, trojan, rat)
Bazarbackdoor (tags: malware)
Icedid
Cobalt_strike
Sliver_tool
Meterpreter_tool
Conti (tags: malware)
Diavol
Prometheus
Kpot_stealer
Buer_loader
Gozi
Industry:
Financial
Geo:
Ukrainian
IOCs:
File: 13
Hash: 5
Links:
28-04-2022
This isn't Optimus Prime's Bumblebee but it's Still Transforming
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
Threats:
Bumblebee (tags: botnet, malware, ransomware, trojan, rat)
Bazarbackdoor (tags: malware)
Icedid
Cobalt_strike
Sliver_tool
Meterpreter_tool
Conti (tags: malware)
Diavol
Prometheus
Kpot_stealer
Buer_loader
Gozi
Industry:
Financial
Geo:
Ukrainian
IOCs:
File: 13
Hash: 5
Links:
https://github.com/LordNoteworthy/al-khaser/blob/06d4a89e9ecc3e49e4d2df67fe0b2d6faf04166e/al-khaser/Shared/Utils.cpp#L950Proofpoint
This isn't Optimus Prime's Bumblebee but it's Still Transforming | Proofpoint US
Key Findings Proofpoint has tracked a new malware loader called Bumblebee used by multiple crimeware threat actors previously observed delivering BazaLoader and IcedID. Several threat
#ParsedReport
28-04-2022
Diving into the Emotet Maldoc Boutade
https://labs.k7computing.com/index.php/diving-into-the-emotet-maldoc-boutade
Threats:
Emotet (tags: malware, spam, rat, trojan)
Vajraspy
IOCs:
File: 9
Path: 1
Url: 26
Hash: 5
28-04-2022
Diving into the Emotet Maldoc Boutade
https://labs.k7computing.com/index.php/diving-into-the-emotet-maldoc-boutade
Threats:
Emotet (tags: malware, spam, rat, trojan)
Vajraspy
IOCs:
File: 9
Path: 1
Url: 26
Hash: 5
K7 Labs
Diving into the Emotet Maldoc Boutade - K7 Labs
Emotet is a malware that is spread mainly via e-mail spam campaigns. A typical spam email contains an infected/weaponized document. […]
#technique
Defence Evasion Technique: Timestomping Detection – NTFS Forensics
https://www.inversecos.com/2022/04/defence-evasion-technique-timestomping.html
Defence Evasion Technique: Timestomping Detection – NTFS Forensics
https://www.inversecos.com/2022/04/defence-evasion-technique-timestomping.html
Inversecos
Defence Evasion Technique: Timestomping Detection – NTFS Forensics
#ParsedReport
28-04-2022
Trello From the Other Side: Tracking APT29 Phishing Campaigns
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
Actors/Campaigns:
Duke (tags: dropper, malware, phishing, rat, proxy, backdoor, dns)
Darkhalo (tags: phishing)
Unc2542 (tags: phishing)
Threats:
Beatdrop_loader (tags: phishing, malware)
Boommic_loader (tags: phishing, malware)
Envyscout (tags: malware)
Beacon (tags: malware)
Html_smuggling_technique
Cobalt_strike (tags: malware)
Bart
Timestomp_tool
Kerberoasting_technique
Industry:
Government
Geo:
Asia, Ukraine, Russia
TTPs:
Tactics: 13
Technics: 88
IOCs:
File: 10
Path: 3
Hash: 15
Registry: 1
Url: 1
28-04-2022
Trello From the Other Side: Tracking APT29 Phishing Campaigns
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
Actors/Campaigns:
Duke (tags: dropper, malware, phishing, rat, proxy, backdoor, dns)
Darkhalo (tags: phishing)
Unc2542 (tags: phishing)
Threats:
Beatdrop_loader (tags: phishing, malware)
Boommic_loader (tags: phishing, malware)
Envyscout (tags: malware)
Beacon (tags: malware)
Html_smuggling_technique
Cobalt_strike (tags: malware)
Bart
Timestomp_tool
Kerberoasting_technique
Industry:
Government
Geo:
Asia, Ukraine, Russia
TTPs:
Tactics: 13
Technics: 88
IOCs:
File: 10
Path: 3
Hash: 15
Registry: 1
Url: 1
Google Cloud Blog
Tracking APT29 Phishing Campaigns | Atlassian Trello | Google Cloud Blog
Mandiant has been tracking extensive APT29 phishing campaigns targeting diplomatic organizations in Europe
#ParsedReport
28-04-2022
Malware Analysis Report (AR22-115B)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115b
Threats:
Isaacwiper (tags: malware)
Hermeticwizard (tags: malware)
Hermeticwiper (tags: malware)
Trojan/win32.agent (tags: malware)
Trojan.win32.trjgen.jngwij (tags: malware)
Alureon (tags: malware)
IOCs:
Path: 1
Hash: 43
File: 2
28-04-2022
Malware Analysis Report (AR22-115B)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115b
Threats:
Isaacwiper (tags: malware)
Hermeticwizard (tags: malware)
Hermeticwiper (tags: malware)
Trojan/win32.agent (tags: malware)
Trojan.win32.trjgen.jngwij (tags: malware)
Alureon (tags: malware)
IOCs:
Path: 1
Hash: 43
File: 2
#ParsedReport
28-04-2022
Malware Analysis Report (AR22-115A)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115a
Threats:
Hermeticwiper (tags: malware)
Killdisk (tags: malware)
Trojan.win32.malware (tags: malware)
IOCs:
Path: 3
Coin: 3
Hash: 57
Registry: 2
28-04-2022
Malware Analysis Report (AR22-115A)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115a
Threats:
Hermeticwiper (tags: malware)
Killdisk (tags: malware)
Trojan.win32.malware (tags: malware)
IOCs:
Path: 3
Coin: 3
Hash: 57
Registry: 2
#ParsedReport
28-04-2022
Malware Analysis Report (AR22-115C)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115c
Threats:
Killdisk (tags: malware)
Alureon (tags: malware)
Trojan/win.agent (tags: malware)
Trojan/w32.agent.9216 (tags: malware)
IOCs:
Hash: 6
28-04-2022
Malware Analysis Report (AR22-115C)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115c
Threats:
Killdisk (tags: malware)
Alureon (tags: malware)
Trojan/win.agent (tags: malware)
Trojan/w32.agent.9216 (tags: malware)
IOCs:
Hash: 6
#ParsedReport
28-04-2022
Peeking into PrivateLoader
https://www.zscaler.com/blogs/security-research/peeking-privateloader
Threats:
Privateloader (tags: ransomware, stealer, malware, rat)
Vidar_stealer
Redline_stealer
Smokeloader_backdoor
Beacon
Industry:
Financial
IOCs:
Path: 1
Url: 4
IP: 2
File: 1
Hash: 2
28-04-2022
Peeking into PrivateLoader
https://www.zscaler.com/blogs/security-research/peeking-privateloader
Threats:
Privateloader (tags: ransomware, stealer, malware, rat)
Vidar_stealer
Redline_stealer
Smokeloader_backdoor
Beacon
Industry:
Financial
IOCs:
Path: 1
Url: 4
IP: 2
File: 1
Hash: 2
Zscaler
Peeking into PrivateLoader | Zscaler
PrivateLoader's primary purpose is to download and execute additional malware for a pay-per-install (PPI) malware distribution service.
#ParsedReport
28-04-2022
Lazarus arsenal update: analysis of recent Andariel attack samples
https://mp-weixin-qq-com.translate.goog/s/QfbzuIKUPTXE4GdpBMsGbQ?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Lazarus (tags: rat, malware, backdoor, proxy)
Industry:
Financial
Geo:
Korean, Asia
IOCs:
Hash: 13
IP: 2
Url: 4
File: 5
Domain: 1
28-04-2022
Lazarus arsenal update: analysis of recent Andariel attack samples
https://mp-weixin-qq-com.translate.goog/s/QfbzuIKUPTXE4GdpBMsGbQ?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Lazarus (tags: rat, malware, backdoor, proxy)
Industry:
Financial
Geo:
Korean, Asia
IOCs:
Hash: 13
IP: 2
Url: 4
File: 5
Domain: 1
微信公众平台
Lazarus武器库更新:Andariel近期攻击样本分析
近日,奇安信威胁情报中心红雨滴团队在日常的威胁狩猎中捕获到一批与Lazarus APT组织的下属团体Andariel相关的攻击样本,均为PE可执行文件。根据这批样本上传VT的时间可知相关攻击活动至少从今年2月份开始发起。
#ParsedReport
28-04-2022
LAPSUS$: Recent techniques, tactics and procedures
https://research.nccgroup.com/2022/04/28/lapsus-recent-techniques-tactics-and-procedures
Actors/Campaigns:
Lapsus (tags: ransomware, malware, vpn, dns)
Threats:
Rvtools_tool
Adexplorer_tool
Industry:
Financial
TTPs:
Tactics: 4
Technics: 15
IOCs:
Domain: 1
IP: 3
Url: 1
Links:
28-04-2022
LAPSUS$: Recent techniques, tactics and procedures
https://research.nccgroup.com/2022/04/28/lapsus-recent-techniques-tactics-and-procedures
Actors/Campaigns:
Lapsus (tags: ransomware, malware, vpn, dns)
Threats:
Rvtools_tool
Adexplorer_tool
Industry:
Financial
TTPs:
Tactics: 4
Technics: 15
IOCs:
Domain: 1
IP: 3
Url: 1
Links:
https://docs.github.com/en/code-security/secret-scanning/about-secret-scanningNccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
#ParsedReport
28-04-2022
eSentire Threat Intelligence Malware Analysis: SolarMarker
https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-solarmarker
Threats:
Solarmarker (tags: rat, dns, backdoor, stealer, malware, phishing, vpn)
Fingerprintjs_tool
Velar
Arkei_stealer
Exodus (tags: stealer)
Grateful_pos (tags: stealer)
Geo:
Emea, Russian, America, Apac, Africa
IOCs:
File: 5
Path: 1
IP: 10
Hash: 14
YARA: Found
Links:
28-04-2022
eSentire Threat Intelligence Malware Analysis: SolarMarker
https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-solarmarker
Threats:
Solarmarker (tags: rat, dns, backdoor, stealer, malware, phishing, vpn)
Fingerprintjs_tool
Velar
Arkei_stealer
Exodus (tags: stealer)
Grateful_pos (tags: stealer)
Geo:
Emea, Russian, America, Apac, Africa
IOCs:
File: 5
Path: 1
IP: 10
Hash: 14
YARA: Found
Links:
https://github.com/nicolauns/hunter-php-javascript-obfuscator