#ParsedReport
27-04-2022
Targeted attack on Thailand Pass customers delivers AsyncRAT
https://www.zscaler.com/blogs/security-research/targeted-attack-thailand-pass-customers-delivers-asyncrat
Threats:
Asyncrat_rat (tags: phishing, malware, ransomware, spam, trojan)
Industry:
Aerospace
Geo:
Thailand
IOCs:
Domain: 3
Url: 3
File: 23
IP: 1
Hash: 15
27-04-2022
Targeted attack on Thailand Pass customers delivers AsyncRAT
https://www.zscaler.com/blogs/security-research/targeted-attack-thailand-pass-customers-delivers-asyncrat
Threats:
Asyncrat_rat (tags: phishing, malware, ransomware, spam, trojan)
Industry:
Aerospace
Geo:
Thailand
IOCs:
Domain: 3
Url: 3
File: 23
IP: 1
Hash: 15
Zscaler
Targeted attack on Thailand Pass customers delivers AsyncRAT | Zscaler
Thailand Pass web system delivers AsyncRAT and its technical details
#ParsedReport
27-04-2022
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload
https://www.nozominetworks.com/blog/industroyer2-nozomi-networks-labs-analyzes-the-iec-104-payload
Actors/Campaigns:
Sandworm
Threats:
Crashoverride (tags: rat, ransomware, scan, malware)
Botenago
Incontroller_tool
Log4shell_vuln
Industry:
Iot, Energy
Geo:
Ukraine
IOCs:
File: 6
Path: 1
Hash: 2
YARA: Found
27-04-2022
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload
https://www.nozominetworks.com/blog/industroyer2-nozomi-networks-labs-analyzes-the-iec-104-payload
Actors/Campaigns:
Sandworm
Threats:
Crashoverride (tags: rat, ransomware, scan, malware)
Botenago
Incontroller_tool
Log4shell_vuln
Industry:
Iot, Energy
Geo:
Ukraine
IOCs:
File: 6
Path: 1
Hash: 2
YARA: Found
Nozomi Networks
Industroyer2: Nozomi Networks Labs Analyzes the IEC 104 Payload
Nozomi Networks Labs presents findings from their analysis of an Industroyer2 malware sample, along with recommendations to increase protection.
#ParsedReport
27-04-2022
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility
Threats:
Cobalt_strike (tags: malware, scan, ransomware, rat)
Lockbit (tags: malware, scan, ransomware, rat)
Reflectiveloader
Stealbit
IOCs:
File: 4
Path: 6
Url: 3
Hash: 6
IP: 2
YARA: Found
27-04-2022
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
https://www.sentinelone.com/labs/lockbit-ransomware-side-loads-cobalt-strike-beacon-with-legitimate-vmware-utility
Threats:
Cobalt_strike (tags: malware, scan, ransomware, rat)
Lockbit (tags: malware, scan, ransomware, rat)
Reflectiveloader
Stealbit
IOCs:
File: 4
Path: 6
Url: 3
Hash: 6
IP: 2
YARA: Found
SentinelOne
LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility
Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.
#ParsedReport
28-04-2022
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware. Technical analysis
https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html
Actors/Campaigns:
Earth_berberoka (tags: rat, dropper, proxy, malware, backdoor)
Threats:
Gh0st_rat (tags: malware)
Plugx_rat (tags: malware)
Puppetloader (tags: malware)
Tigerplug
Basicloader
Quasar_rat
Asyncrat_rat
IOCs:
Hash: 1
File: 12
Path: 1
Links:
28-04-2022
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware. Technical analysis
https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html
Actors/Campaigns:
Earth_berberoka (tags: rat, dropper, proxy, malware, backdoor)
Threats:
Gh0st_rat (tags: malware)
Plugx_rat (tags: malware)
Puppetloader (tags: malware)
Tigerplug
Basicloader
Quasar_rat
Asyncrat_rat
IOCs:
Hash: 1
File: 12
Path: 1
Links:
https://github.com/denji/golang-tlshttps://github.com/lucas-clemente/quic-goTrend Micro
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
#ParsedReport
28-04-2022
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
Actors/Campaigns:
Red_delta (tags: malware, rat, dns)
Threats:
Plugx_rat (tags: rat, malware, dns)
Geo:
Poland, Belarus, Russian, Myanmar, Asia, Ukraine, Chinas, Lithuania, Vietnam, China, Latvia
IOCs:
File: 1
Path: 1
IP: 3
Hash: 4
28-04-2022
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
Actors/Campaigns:
Red_delta (tags: malware, rat, dns)
Threats:
Plugx_rat (tags: rat, malware, dns)
Geo:
Poland, Belarus, Russian, Myanmar, Asia, Ukraine, Chinas, Lithuania, Vietnam, China, Latvia
IOCs:
File: 1
Path: 1
IP: 3
Hash: 4
Secureworks
BRONZE PRESIDENT targets Russian speakers with updated PlugX - Blog
: The threat group’s targeting shift could reflect a change in China’s intelligence collection requirements due to the war in Ukraine.
#ParsedReport
27-04-2022
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
https://www.mandiant.com/resources/unc2452-merged-into-apt29
Actors/Campaigns:
Darkhalo (tags: proxy, dns, backdoor, phishing, malware)
Duke (tags: proxy, dns, backdoor, phishing, malware)
Threats:
Cobalt_strike
Sunburst
Domain_fronting_technique
Raindrop_tool
Teardrop_tool
Mamadogs_tool
Crimsonbox_tool
Guardrails_tool
Dcsync_technique
Kerberoasting_technique
Industry:
Government, Telco, Education, Healthcare
Geo:
Asia, America, Russia
TTPs:
Tactics: 12
Technics: 55
27-04-2022
Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
https://www.mandiant.com/resources/unc2452-merged-into-apt29
Actors/Campaigns:
Darkhalo (tags: proxy, dns, backdoor, phishing, malware)
Duke (tags: proxy, dns, backdoor, phishing, malware)
Threats:
Cobalt_strike
Sunburst
Domain_fronting_technique
Raindrop_tool
Teardrop_tool
Mamadogs_tool
Crimsonbox_tool
Guardrails_tool
Dcsync_technique
Kerberoasting_technique
Industry:
Government, Telco, Education, Healthcare
Geo:
Asia, America, Russia
TTPs:
Tactics: 12
Technics: 55
Google Cloud Blog
UNC2452 Merged into APT29 | Russia-Based Espionage Group | Google Cloud Blog
UNC2452 Merged into APT29. Mandiant has gathered sufficient evidence to assess that the activity tracked as UNC2452 is attributable to APT29.
#ParsedReport
27-04-2022
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
https://www.welivesecurity.com/2022/04/27/lookback-ta410-umbrella-cyberespionage-ttps-activity
Actors/Campaigns:
Ta410 (tags: rat, malware, backdoor, dropper, rootkit, proxy, phishing, keylogger)
Stone_panda
A41apt
Equation
Threats:
Flowcloud_rat (tags: rootkit, backdoor)
Plugx_rat (tags: rat, backdoor)
Quasar_rat (tags: backdoor)
Proxylogon_exploit
Proxyshell_vuln
Lolbin
Htran
Earthworm_tool
Farfli
Gh0st_rat
Guardrails_tool
Metasploit_tool
Dnguard_tool
Rozena
Meterpreter_tool
Eternalblue_vuln
Industry:
Government, Education
Geo:
China, Africa, Israel, Ukraine, French, Japan, India, Asia
CVEs:
CVE-2017-11882 [Vulners]
Vulners: Score: 9.3, CVSS: 8.3,
Vulners: Exploitation: True
X-Force: Risk: 7.8
X-Force: Patch: Official fix
Soft:
- microsoft office (2013, 2010, 2016, 2007)
CVE-2019-0604 [Vulners]
Vulners: Score: 7.5, CVSS: 4.1,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- microsoft sharepoint foundation (2013)
- microsoft sharepoint server (2019, 2010)
- microsoft sharepoint enterprise server (2016)
TTPs:
Tactics: 10
Technics: 53
IOCs:
File: 25
Domain: 6
Hash: 43
Path: 7
Url: 7
Registry: 6
IP: 14
YARA: Found
Links:
27-04-2022
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
https://www.welivesecurity.com/2022/04/27/lookback-ta410-umbrella-cyberespionage-ttps-activity
Actors/Campaigns:
Ta410 (tags: rat, malware, backdoor, dropper, rootkit, proxy, phishing, keylogger)
Stone_panda
A41apt
Equation
Threats:
Flowcloud_rat (tags: rootkit, backdoor)
Plugx_rat (tags: rat, backdoor)
Quasar_rat (tags: backdoor)
Proxylogon_exploit
Proxyshell_vuln
Lolbin
Htran
Earthworm_tool
Farfli
Gh0st_rat
Guardrails_tool
Metasploit_tool
Dnguard_tool
Rozena
Meterpreter_tool
Eternalblue_vuln
Industry:
Government, Education
Geo:
China, Africa, Israel, Ukraine, French, Japan, India, Asia
CVEs:
CVE-2017-11882 [Vulners]
Vulners: Score: 9.3, CVSS: 8.3,
Vulners: Exploitation: True
X-Force: Risk: 7.8
X-Force: Patch: Official fix
Soft:
- microsoft office (2013, 2010, 2016, 2007)
CVE-2019-0604 [Vulners]
Vulners: Score: 7.5, CVSS: 4.1,
Vulners: Exploitation: True
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- microsoft sharepoint foundation (2013)
- microsoft sharepoint server (2019, 2010)
- microsoft sharepoint enterprise server (2016)
TTPs:
Tactics: 10
Technics: 53
IOCs:
File: 25
Domain: 6
Hash: 43
Path: 7
Url: 7
Registry: 6
IP: 14
YARA: Found
Links:
https://github.com/LOLBAS-Project/LOLBAS#user-content-the-history-of-the-lolbin
https://github.com/eset/malware-ioc
https://github.com/sin5678/gh0st
https://github.com/UndefinedIdentifier/LCX
https://github.com/quasar/Quasar
https://github.com/protocolbuffers/protobuf
https://github.com/a0rtega/pafish
https://github.com/rootkiter/EarthWormWeLiveSecurity
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
ESET research reveals a detailed profile of TA410, a cyberespionage umbrella group that we believe consists of three different teams using different toolsets.
#ParsedReport
28-04-2022
This isn't Optimus Prime's Bumblebee but it's Still Transforming
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
Threats:
Bumblebee (tags: botnet, malware, ransomware, trojan, rat)
Bazarbackdoor (tags: malware)
Icedid
Cobalt_strike
Sliver_tool
Meterpreter_tool
Conti (tags: malware)
Diavol
Prometheus
Kpot_stealer
Buer_loader
Gozi
Industry:
Financial
Geo:
Ukrainian
IOCs:
File: 13
Hash: 5
Links:
28-04-2022
This isn't Optimus Prime's Bumblebee but it's Still Transforming
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
Threats:
Bumblebee (tags: botnet, malware, ransomware, trojan, rat)
Bazarbackdoor (tags: malware)
Icedid
Cobalt_strike
Sliver_tool
Meterpreter_tool
Conti (tags: malware)
Diavol
Prometheus
Kpot_stealer
Buer_loader
Gozi
Industry:
Financial
Geo:
Ukrainian
IOCs:
File: 13
Hash: 5
Links:
https://github.com/LordNoteworthy/al-khaser/blob/06d4a89e9ecc3e49e4d2df67fe0b2d6faf04166e/al-khaser/Shared/Utils.cpp#L950Proofpoint
This isn't Optimus Prime's Bumblebee but it's Still Transforming | Proofpoint US
Key Findings Proofpoint has tracked a new malware loader called Bumblebee used by multiple crimeware threat actors previously observed delivering BazaLoader and IcedID. Several threat
#ParsedReport
28-04-2022
Diving into the Emotet Maldoc Boutade
https://labs.k7computing.com/index.php/diving-into-the-emotet-maldoc-boutade
Threats:
Emotet (tags: malware, spam, rat, trojan)
Vajraspy
IOCs:
File: 9
Path: 1
Url: 26
Hash: 5
28-04-2022
Diving into the Emotet Maldoc Boutade
https://labs.k7computing.com/index.php/diving-into-the-emotet-maldoc-boutade
Threats:
Emotet (tags: malware, spam, rat, trojan)
Vajraspy
IOCs:
File: 9
Path: 1
Url: 26
Hash: 5
K7 Labs
Diving into the Emotet Maldoc Boutade - K7 Labs
Emotet is a malware that is spread mainly via e-mail spam campaigns. A typical spam email contains an infected/weaponized document. […]
#technique
Defence Evasion Technique: Timestomping Detection – NTFS Forensics
https://www.inversecos.com/2022/04/defence-evasion-technique-timestomping.html
Defence Evasion Technique: Timestomping Detection – NTFS Forensics
https://www.inversecos.com/2022/04/defence-evasion-technique-timestomping.html
Inversecos
Defence Evasion Technique: Timestomping Detection – NTFS Forensics
#ParsedReport
28-04-2022
Trello From the Other Side: Tracking APT29 Phishing Campaigns
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
Actors/Campaigns:
Duke (tags: dropper, malware, phishing, rat, proxy, backdoor, dns)
Darkhalo (tags: phishing)
Unc2542 (tags: phishing)
Threats:
Beatdrop_loader (tags: phishing, malware)
Boommic_loader (tags: phishing, malware)
Envyscout (tags: malware)
Beacon (tags: malware)
Html_smuggling_technique
Cobalt_strike (tags: malware)
Bart
Timestomp_tool
Kerberoasting_technique
Industry:
Government
Geo:
Asia, Ukraine, Russia
TTPs:
Tactics: 13
Technics: 88
IOCs:
File: 10
Path: 3
Hash: 15
Registry: 1
Url: 1
28-04-2022
Trello From the Other Side: Tracking APT29 Phishing Campaigns
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
Actors/Campaigns:
Duke (tags: dropper, malware, phishing, rat, proxy, backdoor, dns)
Darkhalo (tags: phishing)
Unc2542 (tags: phishing)
Threats:
Beatdrop_loader (tags: phishing, malware)
Boommic_loader (tags: phishing, malware)
Envyscout (tags: malware)
Beacon (tags: malware)
Html_smuggling_technique
Cobalt_strike (tags: malware)
Bart
Timestomp_tool
Kerberoasting_technique
Industry:
Government
Geo:
Asia, Ukraine, Russia
TTPs:
Tactics: 13
Technics: 88
IOCs:
File: 10
Path: 3
Hash: 15
Registry: 1
Url: 1
Google Cloud Blog
Tracking APT29 Phishing Campaigns | Atlassian Trello | Google Cloud Blog
Mandiant has been tracking extensive APT29 phishing campaigns targeting diplomatic organizations in Europe
#ParsedReport
28-04-2022
Malware Analysis Report (AR22-115B)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115b
Threats:
Isaacwiper (tags: malware)
Hermeticwizard (tags: malware)
Hermeticwiper (tags: malware)
Trojan/win32.agent (tags: malware)
Trojan.win32.trjgen.jngwij (tags: malware)
Alureon (tags: malware)
IOCs:
Path: 1
Hash: 43
File: 2
28-04-2022
Malware Analysis Report (AR22-115B)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115b
Threats:
Isaacwiper (tags: malware)
Hermeticwizard (tags: malware)
Hermeticwiper (tags: malware)
Trojan/win32.agent (tags: malware)
Trojan.win32.trjgen.jngwij (tags: malware)
Alureon (tags: malware)
IOCs:
Path: 1
Hash: 43
File: 2
#ParsedReport
28-04-2022
Malware Analysis Report (AR22-115A)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115a
Threats:
Hermeticwiper (tags: malware)
Killdisk (tags: malware)
Trojan.win32.malware (tags: malware)
IOCs:
Path: 3
Coin: 3
Hash: 57
Registry: 2
28-04-2022
Malware Analysis Report (AR22-115A)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115a
Threats:
Hermeticwiper (tags: malware)
Killdisk (tags: malware)
Trojan.win32.malware (tags: malware)
IOCs:
Path: 3
Coin: 3
Hash: 57
Registry: 2
#ParsedReport
28-04-2022
Malware Analysis Report (AR22-115C)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115c
Threats:
Killdisk (tags: malware)
Alureon (tags: malware)
Trojan/win.agent (tags: malware)
Trojan/w32.agent.9216 (tags: malware)
IOCs:
Hash: 6
28-04-2022
Malware Analysis Report (AR22-115C)
https://us-cert.cisa.gov/ncas/analysis-reports/ar22-115c
Threats:
Killdisk (tags: malware)
Alureon (tags: malware)
Trojan/win.agent (tags: malware)
Trojan/w32.agent.9216 (tags: malware)
IOCs:
Hash: 6
#ParsedReport
28-04-2022
Peeking into PrivateLoader
https://www.zscaler.com/blogs/security-research/peeking-privateloader
Threats:
Privateloader (tags: ransomware, stealer, malware, rat)
Vidar_stealer
Redline_stealer
Smokeloader_backdoor
Beacon
Industry:
Financial
IOCs:
Path: 1
Url: 4
IP: 2
File: 1
Hash: 2
28-04-2022
Peeking into PrivateLoader
https://www.zscaler.com/blogs/security-research/peeking-privateloader
Threats:
Privateloader (tags: ransomware, stealer, malware, rat)
Vidar_stealer
Redline_stealer
Smokeloader_backdoor
Beacon
Industry:
Financial
IOCs:
Path: 1
Url: 4
IP: 2
File: 1
Hash: 2
Zscaler
Peeking into PrivateLoader | Zscaler
PrivateLoader's primary purpose is to download and execute additional malware for a pay-per-install (PPI) malware distribution service.
#ParsedReport
28-04-2022
Lazarus arsenal update: analysis of recent Andariel attack samples
https://mp-weixin-qq-com.translate.goog/s/QfbzuIKUPTXE4GdpBMsGbQ?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Lazarus (tags: rat, malware, backdoor, proxy)
Industry:
Financial
Geo:
Korean, Asia
IOCs:
Hash: 13
IP: 2
Url: 4
File: 5
Domain: 1
28-04-2022
Lazarus arsenal update: analysis of recent Andariel attack samples
https://mp-weixin-qq-com.translate.goog/s/QfbzuIKUPTXE4GdpBMsGbQ?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Lazarus (tags: rat, malware, backdoor, proxy)
Industry:
Financial
Geo:
Korean, Asia
IOCs:
Hash: 13
IP: 2
Url: 4
File: 5
Domain: 1
微信公众平台
Lazarus武器库更新:Andariel近期攻击样本分析
近日,奇安信威胁情报中心红雨滴团队在日常的威胁狩猎中捕获到一批与Lazarus APT组织的下属团体Andariel相关的攻击样本,均为PE可执行文件。根据这批样本上传VT的时间可知相关攻击活动至少从今年2月份开始发起。
#ParsedReport
28-04-2022
LAPSUS$: Recent techniques, tactics and procedures
https://research.nccgroup.com/2022/04/28/lapsus-recent-techniques-tactics-and-procedures
Actors/Campaigns:
Lapsus (tags: ransomware, malware, vpn, dns)
Threats:
Rvtools_tool
Adexplorer_tool
Industry:
Financial
TTPs:
Tactics: 4
Technics: 15
IOCs:
Domain: 1
IP: 3
Url: 1
Links:
28-04-2022
LAPSUS$: Recent techniques, tactics and procedures
https://research.nccgroup.com/2022/04/28/lapsus-recent-techniques-tactics-and-procedures
Actors/Campaigns:
Lapsus (tags: ransomware, malware, vpn, dns)
Threats:
Rvtools_tool
Adexplorer_tool
Industry:
Financial
TTPs:
Tactics: 4
Technics: 15
IOCs:
Domain: 1
IP: 3
Url: 1
Links:
https://docs.github.com/en/code-security/secret-scanning/about-secret-scanningNccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
#ParsedReport
28-04-2022
eSentire Threat Intelligence Malware Analysis: SolarMarker
https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-solarmarker
Threats:
Solarmarker (tags: rat, dns, backdoor, stealer, malware, phishing, vpn)
Fingerprintjs_tool
Velar
Arkei_stealer
Exodus (tags: stealer)
Grateful_pos (tags: stealer)
Geo:
Emea, Russian, America, Apac, Africa
IOCs:
File: 5
Path: 1
IP: 10
Hash: 14
YARA: Found
Links:
28-04-2022
eSentire Threat Intelligence Malware Analysis: SolarMarker
https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-solarmarker
Threats:
Solarmarker (tags: rat, dns, backdoor, stealer, malware, phishing, vpn)
Fingerprintjs_tool
Velar
Arkei_stealer
Exodus (tags: stealer)
Grateful_pos (tags: stealer)
Geo:
Emea, Russian, America, Apac, Africa
IOCs:
File: 5
Path: 1
IP: 10
Hash: 14
YARA: Found
Links:
https://github.com/nicolauns/hunter-php-javascript-obfuscator#ParsedReport
29-04-2022
Distribution of malicious word documents related to the North Korean 4.25 military parade
https://asec-ahnlab-com.translate.goog/ko/33878/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Kimsuky (tags: malware)
Threats:
Nuclear (tags: malware)
Anchor (tags: malware)
Geo:
Korea
IOCs:
File: 5
Hash: 1
Url: 1
29-04-2022
Distribution of malicious word documents related to the North Korean 4.25 military parade
https://asec-ahnlab-com.translate.goog/ko/33878/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Kimsuky (tags: malware)
Threats:
Nuclear (tags: malware)
Anchor (tags: malware)
Geo:
Korea
IOCs:
File: 5
Hash: 1
Url: 1
ASEC
북한 4.25 열병식 관련 내용의 악성 워드 문서 유포 - ASEC
북한 4.25 열병식 관련 내용의 악성 워드 문서 유포 ASEC
#ParsedReport
30-04-2022
SpiderLabs Blog. Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/stormous-the-pro-russian-clout-hungry-ransomware-gang-targets-the-us-and-ukraine
Actors/Campaigns:
Lapsus (tags: ransomware)
Threats:
Clout_hungry (tags: ddos, ransomware)
Industry:
Financial, Government, Healthcare
Geo:
Ukrainian, Saudi, India, Chinese, American, Ukraine, Russia, Arabia
30-04-2022
SpiderLabs Blog. Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/stormous-the-pro-russian-clout-hungry-ransomware-gang-targets-the-us-and-ukraine
Actors/Campaigns:
Lapsus (tags: ransomware)
Threats:
Clout_hungry (tags: ddos, ransomware)
Industry:
Financial, Government, Healthcare
Geo:
Ukrainian, Saudi, India, Chinese, American, Ukraine, Russia, Arabia
Trustwave
Stormous: The Pro-Russian, Clout Hungry Ransomware Gang Targets the US and Ukraine | Trustwave
As part of our regular Dark Web and cybercriminal research, Trustwave SpiderLabs has uncovered and analyzed postings from a politically motivated, pro-Russian ransomware group named Stormous.
#ParsedReport
30-04-2022
THE LOTUS PANDA IS AWAKE, AGAIN. ANALYSIS OF ITS LAST STRIKE.
https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike
Actors/Campaigns:
Naikon (tags: rat, malware, phishing)
Threats:
Beacon (tags: rat)
Viper_rat (tags: rat)
Cobalt_strike (tags: rat)
Arl_tool (tags: rat)
Meterpreter_tool
Powershell_shell_tool
Industry:
Government
Geo:
China, Malaysia, Asian, Philippines, Thailand, Singapore, Indonesia, Cambodia, Myanmar, Vietnam
TTPs:
Tactics: 4
Technics: 7
IOCs:
Path: 1
File: 3
Hash: 4
IP: 1
Links:
30-04-2022
THE LOTUS PANDA IS AWAKE, AGAIN. ANALYSIS OF ITS LAST STRIKE.
https://cluster25.io/2022/04/29/lotus-panda-awake-last-strike
Actors/Campaigns:
Naikon (tags: rat, malware, phishing)
Threats:
Beacon (tags: rat)
Viper_rat (tags: rat)
Cobalt_strike (tags: rat)
Arl_tool (tags: rat)
Meterpreter_tool
Powershell_shell_tool
Industry:
Government
Geo:
China, Malaysia, Asian, Philippines, Thailand, Singapore, Indonesia, Cambodia, Myanmar, Vietnam
TTPs:
Tactics: 4
Technics: 7
IOCs:
Path: 1
File: 3
Hash: 4
IP: 1
Links:
https://github.com/FunnyWolf/Viper
https://github.com/TophantTechnology/ARL