#ParsedReport
03-05-2022
Update on cyber activity in Eastern Europe
https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe
Actors/Campaigns:
Fancy_bear
Cold_river
Ghostwriter
Curious_gorge
Comment_crew
Threats:
Turla
Industry:
Petroleum, Government, Ngo, Telco, Logistic, Financial
Geo:
Belarusian, Russia, Iran, Korea, Ukraine, Lithuania, Russian, China, Asia
IOCs:
File: 1
Hash: 2
Domain: 14
Email: 1
03-05-2022
Update on cyber activity in Eastern Europe
https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe
Actors/Campaigns:
Fancy_bear
Cold_river
Ghostwriter
Curious_gorge
Comment_crew
Threats:
Turla
Industry:
Petroleum, Government, Ngo, Telco, Logistic, Financial
Geo:
Belarusian, Russia, Iran, Korea, Ukraine, Lithuania, Russian, China, Asia
IOCs:
File: 1
Hash: 2
Domain: 14
Email: 1
Google
Update on cyber activity in Eastern Europe
An update on cyber activity in eastern Europe.
#ParsedReport
03-05-2022
Analysis of BlackByte Ransomware's Go-Based Variants. Key Points
https://www.zscaler.com/blogs/security-research/analysis-blackbyte-ransomwares-go-based-variants
Threats:
Blackbyte (tags: ransomware, malware, rat)
Revil
Lockbit
Industry:
Ics, Financial
Geo:
Russia, Russian, Ukrainian, Belarusian
TTPs:
Tactics: 1
Technics: 0
IOCs:
Hash: 9
Url: 4
Path: 20
File: 36
Registry: 7
IP: 1
Links:
03-05-2022
Analysis of BlackByte Ransomware's Go-Based Variants. Key Points
https://www.zscaler.com/blogs/security-research/analysis-blackbyte-ransomwares-go-based-variants
Threats:
Blackbyte (tags: ransomware, malware, rat)
Revil
Lockbit
Industry:
Ics, Financial
Geo:
Russia, Russian, Ukrainian, Belarusian
TTPs:
Tactics: 1
Technics: 0
IOCs:
Hash: 9
Url: 4
Path: 20
File: 36
Registry: 7
IP: 1
Links:
https://github.com/golang/go/blob/master/src/crypto/des/cipher.gohttps://github.com/SpiderLabs/BlackByteDecryptor/blob/main/BlackByteDecryptor/Decryptor.cshttps://github.com/andrivet/ADVobfuscatorhttps://gist.github.com/api0cradle/d4aaef39db0d845627d819b2b6b30512Zscaler
Analyzing BlackByte Ransomware's Go-Based Variants | Zscaler
In this post, Zscaler ThreatLabz analyzes two variants of the Go-based implementation of BlackByte ransomware. Read more.
#ParsedReport
04-05-2022
Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack
https://www.crowdstrike.com/blog/compromised-docker-honeypots-used-for-pro-ukrainian-dos-attack
Threats:
Lemonduck
Industry:
Government, Retail, Financial, Energy, Chemical
Geo:
Belarusian, Russian, Ukraine
IOCs:
Hash: 5
04-05-2022
Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack
https://www.crowdstrike.com/blog/compromised-docker-honeypots-used-for-pro-ukrainian-dos-attack
Threats:
Lemonduck
Industry:
Government, Retail, Financial, Energy, Chemical
Geo:
Belarusian, Russian, Ukraine
IOCs:
Hash: 5
CrowdStrike.com
Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack
In February 2022, Docker Engine honeypots were compromised to execute different Docker images targeting Russian and Belarusian websites in a DoS attack.
#ParsedReport
04-05-2022
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware
Threats:
Gootloader (tags: malware)
IOCs:
Hash: 2
Url: 6
Links:
04-05-2022
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware
https://threatresearch.ext.hp.com/tips-for-automating-ioc-extraction-from-gootloader-a-changing-javascript-malware
Threats:
Gootloader (tags: malware)
IOCs:
Hash: 2
Url: 6
Links:
https://github.com/hpthreatresearch/tools/blob/main/gootloader/decode.pyHP Wolf Security
Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware | HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware, to learn more about cyber threats and cyber security.
#ParsedReport
04-05-2022
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
https://www.recordedfuture.com/solardeflection-c2-infrastructure-used-by-nobelium-in-company-brand-misuse
Actors/Campaigns:
Solardeflection (tags: phishing,)
Darkhalo (tags: phishing)
Duke
Lunarreflection
Threats:
Cobalt_strike
Industry:
Government, Ngo
Geo:
Russian, Ukraine
IOCs:
Domain: 60
Hash: 11
04-05-2022
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
https://www.recordedfuture.com/solardeflection-c2-infrastructure-used-by-nobelium-in-company-brand-misuse
Actors/Campaigns:
Solardeflection (tags: phishing,)
Darkhalo (tags: phishing)
Duke
Lunarreflection
Threats:
Cobalt_strike
Industry:
Government, Ngo
Geo:
Russian, Ukraine
IOCs:
Domain: 60
Hash: 11
Recordedfuture
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse
This report profiles the unique infrastructure used by Russian state-sponsored threat activity group NOBELIUM. The activity was identified through a combination of large-scale automated network traffic analytics and analysis derived from open source reporting.…
#ParsedReport
04-05-2022
AsyncRAT Activity
https://www.esentire.com/blog/asyncrat-activity
Threats:
Asyncrat_rat
More_eggs
Html_smuggling_technique
Geo:
America, Apac, Emea, Africa
IOCs:
File: 8
Path: 2
04-05-2022
AsyncRAT Activity
https://www.esentire.com/blog/asyncrat-activity
Threats:
Asyncrat_rat
More_eggs
Html_smuggling_technique
Geo:
America, Apac, Emea, Africa
IOCs:
File: 8
Path: 2
eSentire
AsyncRAT Activity
AsyncRAT is an open-source remote access trojan with varying capabilities including remote access, file exfiltration, and keylogging.
#ParsedReport
04-05-2022
A new secret stash for fileless malware
https://securelist.com/a-new-secret-stash-for-fileless-malware/106393
Threats:
Cobalt_strike (tags: malware)
Netspi (tags: malware, trojan)
Blackbone (tags: malware, trojan)
Slingshot
Beacon
Mimikatz
IOCs:
File: 17
Path: 11
Domain: 7
Url: 1
IP: 2
Hash: 29
Links:
04-05-2022
A new secret stash for fileless malware
https://securelist.com/a-new-secret-stash-for-fileless-malware/106393
Threats:
Cobalt_strike (tags: malware)
Netspi (tags: malware, trojan)
Blackbone (tags: malware, trojan)
Slingshot
Beacon
Mimikatz
IOCs:
File: 17
Path: 11
Domain: 7
Url: 1
IP: 2
Hash: 29
Links:
https://github.com/silentbreaksec/ThrowbackSecurelist
A new secret stash for “fileless” malware
We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign.
#ParsedReport
04-05-2022
Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive
Actors/Campaigns:
Axiom (tags: rootkit, rat, backdoor, proxy, malware)
Threats:
Deploylog (tags: rootkit, rat, malware)
Spyder (tags: malware)
Privatelog (tags: rootkit)
Winnkit (tags: rootkit, rat, malware)
Stashlog (tags: malware)
Sparklog
Lolbin
Cryptopp_tool
Industry:
Government
Geo:
Chinese
TTPs:
Tactics: 4
Technics: 0
IOCs:
File: 18
Path: 32
Registry: 1
Hash: 14
Links:
04-05-2022
Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
https://www.cybereason.com/blog/operation-cuckoobees-a-winnti-malware-arsenal-deep-dive
Actors/Campaigns:
Axiom (tags: rootkit, rat, backdoor, proxy, malware)
Threats:
Deploylog (tags: rootkit, rat, malware)
Spyder (tags: malware)
Privatelog (tags: rootkit)
Winnkit (tags: rootkit, rat, malware)
Stashlog (tags: malware)
Sparklog
Lolbin
Cryptopp_tool
Industry:
Government
Geo:
Chinese
TTPs:
Tactics: 4
Technics: 0
IOCs:
File: 18
Path: 32
Registry: 1
Hash: 14
Links:
https://github.com/securycore/Ikeext-PrivescCybereason
Operation CuckooBees: A Winnti Malware Arsenal Deep-Dive
This research zeroes in on the Winnti malware arsenal and includes analysis of the observed malware and the complex Winnti infection chain, including evasive maneuvers and stealth techniques that are baked-in to the malware code...
#ParsedReport
04-05-2022
Minerva Labs Blog
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Threats:
Blackbasta (tags: ransomware, cryptomining)
Geo:
American, Deutsche
IOCs:
Path: 1
File: 3
Registry: 2
Hash: 3
04-05-2022
Minerva Labs Blog
https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service
Threats:
Blackbasta (tags: ransomware, cryptomining)
Geo:
American, Deutsche
IOCs:
Path: 1
File: 3
Registry: 2
Hash: 3
Minerva-Labs
New Black Basta Ransomware Hijacks Windows Fax Service
We take a deep dive into how the Black Basta ransomware works, from infection to decryption.
#ParsedReport
04-05-2022
Attacking Emotets Control Flow Flattening
https://news.sophos.com/en-us/2022/05/04/attacking-emotets-control-flow-flattening
Actors/Campaigns:
Stone_panda
Threats:
Emotet (tags: spam, botnet, malware)
Stantinko
IOCs:
Hash: 2
Links:
04-05-2022
Attacking Emotets Control Flow Flattening
https://news.sophos.com/en-us/2022/05/04/attacking-emotets-control-flow-flattening
Actors/Campaigns:
Stone_panda
Threats:
Emotet (tags: spam, botnet, malware)
Stantinko
IOCs:
Hash: 2
Links:
https://github.com/obfuscator-llvm/obfuscator/wikihttps://github.com/eset/stadeohttps://github.com/sophoslabs/emotet\_unflatten\_pocSophos News
Attacking Emotet’s Control Flow Flattening
Sweeping aside one obfuscation technique in a notorious strain of malware
#ParsedReport
04-05-2022
Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903
Actors/Campaigns:
Unc2903 (tags: scan, rat, malware, proxy, vpn)
Industry:
Financial
CVEs:
CVE-2021-21311 [Vulners]
Vulners: Score: 6.4, CVSS: 4.5,
Vulners: Exploitation: Unknown
X-Force: Risk: 5.3
X-Force: Patch: Official fix
Soft:
- adminer (<4.7.9)
- debian debian linux (9.0)
CVE-2019-0211 [Vulners]
Vulners: Score: 7.2, CVSS: 3.9,
Vulners: Exploitation: Unknown
X-Force: Risk: 8.2
X-Force: Patch: Official fix
Soft:
- apache http server (le2.4.38)
- fedoraproject fedora (29, 30)
- canonical ubuntu linux (16.04, 18.04, 18.10, 14.04)
- debian debian linux (9.0)
- opensuse leap (42.3, 15.0)
have more...
TTPs:
Tactics: 5
Technics: 6
IOCs:
IP: 5
Url: 3
File: 3
Coin: 3
Hash: 1
Links:
04-05-2022
Old Services, New Tricks: Cloud Metadata Abuse by UNC2903
https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903
Actors/Campaigns:
Unc2903 (tags: scan, rat, malware, proxy, vpn)
Industry:
Financial
CVEs:
CVE-2021-21311 [Vulners]
Vulners: Score: 6.4, CVSS: 4.5,
Vulners: Exploitation: Unknown
X-Force: Risk: 5.3
X-Force: Patch: Official fix
Soft:
- adminer (<4.7.9)
- debian debian linux (9.0)
CVE-2019-0211 [Vulners]
Vulners: Score: 7.2, CVSS: 3.9,
Vulners: Exploitation: Unknown
X-Force: Risk: 8.2
X-Force: Patch: Official fix
Soft:
- apache http server (le2.4.38)
- fedoraproject fedora (29, 30)
- canonical ubuntu linux (16.04, 18.04, 18.10, 14.04)
- debian debian linux (9.0)
- opensuse leap (42.3, 15.0)
have more...
TTPs:
Tactics: 5
Technics: 6
IOCs:
IP: 5
Url: 3
File: 3
Coin: 3
Hash: 1
Links:
https://github.com/duo-labs/cloudmapperhttps://github.com/latacora/remediate-AWS-IMDSv1https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6https://github.com/salesforce/metabadgerhttps://github.com/prowler-cloud/prowler/blob/master/checks/check\_extra786Google Cloud Blog
Old Services, New Tricks: Cloud Metadata Abuse by UNC2903 | Google Cloud Blog
#ParsedReport
04-05-2022
Minerva Labs Blog
https://blog.minerva-labs.com/a-new-blustealer-loader-uses-direct-syscalls-to-evade-edrs
Threats:
Blu_stealer (tags: phishing, stealer, malware, cryptomining, ransomware)
Spyex
Hallowing_technique
Exodus
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 4
Path: 4
Registry: 2
Hash: 4
04-05-2022
Minerva Labs Blog
https://blog.minerva-labs.com/a-new-blustealer-loader-uses-direct-syscalls-to-evade-edrs
Threats:
Blu_stealer (tags: phishing, stealer, malware, cryptomining, ransomware)
Spyex
Hallowing_technique
Exodus
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 4
Path: 4
Registry: 2
Hash: 4
Rapid7
Rapid7 Cybersecurity - Command Your Attack Surface
Level up SecOps with the only endpoint to cloud, unified cybersecurity platform. Confidently act to prevent breaches with a leading MDR partner. Request demo!
#ParsedReport
04-05-2022
Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation
https://www.cybereason.com/blog/operation-cuckoobees-cybereason-uncovers-massive-chinese-intellectual-property-theft-operation
Actors/Campaigns:
Axiom (tags: malware)
Threats:
Deploylog
Spyder
Privatelog
Winnkit
Stashlog
Eternal_petya
Industry:
Government, E-commerce
Geo:
America, Asia, Chinese, China
04-05-2022
Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation
https://www.cybereason.com/blog/operation-cuckoobees-cybereason-uncovers-massive-chinese-intellectual-property-theft-operation
Actors/Campaigns:
Axiom (tags: malware)
Threats:
Deploylog
Spyder
Privatelog
Winnkit
Stashlog
Eternal_petya
Industry:
Government, E-commerce
Geo:
America, Asia, Chinese, China
Cybereason
Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation
Cybereason recently an attack assessed to be the work of Chinese APT Winnti that operated undetected, siphoning intellectual property and sensitive data - the two companion reports examine the tactics and techniques of the overall campaign as well as more…
#ParsedReport
05-05-2022
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service. Attack overview
https://www.trendmicro.com/en_us/research/22/e/netdooka-framework-distributed-via-privateloader-ppi.html
Threats:
Netdooka (tags: botnet, backdoor, trojan, malware, dropper, rat, ddos)
Privateloader (tags: botnet, backdoor, trojan, malware, dropper, rat, ddos)
Smokeloader_backdoor (tags: malware)
Redline_stealer (tags: malware)
Anubis (tags: malware)
Viper_rat
Trojan.win32.stop.el
Trojan.win64.protdrive.a
Trojan.win32.vindor.a
IOCs:
File: 4
Path: 3
IP: 3
Hash: 38
Url: 5
Links:
05-05-2022
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service. Attack overview
https://www.trendmicro.com/en_us/research/22/e/netdooka-framework-distributed-via-privateloader-ppi.html
Threats:
Netdooka (tags: botnet, backdoor, trojan, malware, dropper, rat, ddos)
Privateloader (tags: botnet, backdoor, trojan, malware, dropper, rat, ddos)
Smokeloader_backdoor (tags: malware)
Redline_stealer (tags: malware)
Anubis (tags: malware)
Viper_rat
Trojan.win32.stop.el
Trojan.win64.protdrive.a
Trojan.win32.vindor.a
IOCs:
File: 4
Path: 3
IP: 3
Hash: 38
Url: 5
Links:
https://github.com/microsoft/Windows-driver-samples/tree/master/general/obcallbackhttps://github.com/SweetIceLolly/Prevent\_File\_DeletionTrend Micro
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
This report focuses on the components and infection chain of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver.
#ParsedReport
05-05-2022
Top Cyber Threats to the Telecom Industry
https://www.intezer.com/blog/incident-response/cyber-threats-telecom-industry
Actors/Campaigns:
Lightbasin
Lapsus
Evil_corp
Threats:
Macaw
Cobalt_strike
Beacon
Vermilion
Industry:
Telco, Iot, Aerospace, Media
Geo:
Russian, Iranian, Polish
05-05-2022
Top Cyber Threats to the Telecom Industry
https://www.intezer.com/blog/incident-response/cyber-threats-telecom-industry
Actors/Campaigns:
Lightbasin
Lapsus
Evil_corp
Threats:
Macaw
Cobalt_strike
Beacon
Vermilion
Industry:
Telco, Iot, Aerospace, Media
Geo:
Russian, Iranian, Polish
Intezer
Top Cyber Threats to the Telecom Industry
Learn about top threats to the telecom industry and how teams are using automation to keep up with alert triage, incident response, and threat hunting.
Как-то мимо прошло обновление списка группировок
https://twitter.com/Cyberknow20/status/1520746724763250688
https://twitter.com/Cyberknow20/status/1520746724763250688
Twitter
CyberKnow
📢📢Update 13. 1 MAY. #cybertracker 📢📢 74 Groups: 46 Pro-Ukraine 26 Pro-Russia 2 Unknown(UNK) 7 removed. Usual caveats apply. Tips/Info welcome. #cybersecurity #ThreatIntelligence #Russiaukrainewar #CyberAttack #infosec #UkraineRussiaWar cyberknow.medium.com/update…
#ParsedReport
05-05-2022
Mustang Panda deploys a new wave of malware targeting Europe
http://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html
Actors/Campaigns:
Red_delta (tags: trojan, rat, phishing, malware)
Threats:
Meterpreter_tool (tags: rat, malware)
Plugx_rat (tags: rat, malware)
Cobalt_strike
Bespoke (tags: rat, malware)
Lolbas_technique
Industry:
Telco, Government, Ngo
Geo:
Russia, Mongolia, Afghan, Japanese, Ukraine, Asia, Tibet, Japan, Taiwan, Ukrainian, Belarus, Myanmar, Greece, Indian, American, Asian
IOCs:
File: 14
IP: 28
Path: 5
Registry: 1
Hash: 114
Domain: 1
Url: 44
05-05-2022
Mustang Panda deploys a new wave of malware targeting Europe
http://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html
Actors/Campaigns:
Red_delta (tags: trojan, rat, phishing, malware)
Threats:
Meterpreter_tool (tags: rat, malware)
Plugx_rat (tags: rat, malware)
Cobalt_strike
Bespoke (tags: rat, malware)
Lolbas_technique
Industry:
Telco, Government, Ngo
Geo:
Russia, Mongolia, Afghan, Japanese, Ukraine, Asia, Tibet, Japan, Taiwan, Ukrainian, Belarus, Myanmar, Greece, Indian, American, Asian
IOCs:
File: 14
IP: 28
Path: 5
Registry: 1
Hash: 114
Domain: 1
Url: 44
Cisco Talos Blog
Mustang Panda deploys a new wave of malware targeting Europe
* In February 2022, corresponding roughly with the start of the Russian Invasion of Ukraine, Cisco Talos began observing the China-based threat actor Mustang Panda conducting phishing campaigns against European entities, including Russian organizations. Some…
#ParsedReport
05-05-2022
"Excuse me, how will the conflict between Russia and Ukraine affect the situation on the peninsula?" Analysis of the recent targeted attack activities of APT organization Kimsuky
https://blog-nsfocus-net.translate.goog/apt-kimsuky-3/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Kimsuky (tags: trojan, phishing, malware)
Geo:
Ukraine, Korea, Russia
IOCs:
File: 27
Url: 7
Path: 1
05-05-2022
"Excuse me, how will the conflict between Russia and Ukraine affect the situation on the peninsula?" Analysis of the recent targeted attack activities of APT organization Kimsuky
https://blog-nsfocus-net.translate.goog/apt-kimsuky-3/?_x_tr_sch=http&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Kimsuky (tags: trojan, phishing, malware)
Geo:
Ukraine, Korea, Russia
IOCs:
File: 27
Url: 7
Path: 1
#ParsedReport
05-05-2022
North Koreas Lazarus: their initial access trade-craft using social media and social engineering. tl;dr
https://research.nccgroup.com/2022/05/05/north-koreas-lazarus-and-their-initial-access-trade-craft-using-social-media-and-social-engineering
Actors/Campaigns:
Lazarus (tags: malware, vpn, phishing)
Threats:
Lcpdot (tags: vpn, malware)
Industry:
Government
Geo:
Koreas
TTPs:
Tactics: 1
Technics: 4
IOCs:
Domain: 6
Path: 2
File: 3
IP: 1
Hash: 6
05-05-2022
North Koreas Lazarus: their initial access trade-craft using social media and social engineering. tl;dr
https://research.nccgroup.com/2022/05/05/north-koreas-lazarus-and-their-initial-access-trade-craft-using-social-media-and-social-engineering
Actors/Campaigns:
Lazarus (tags: malware, vpn, phishing)
Threats:
Lcpdot (tags: vpn, malware)
Industry:
Government
Geo:
Koreas
TTPs:
Tactics: 1
Technics: 4
IOCs:
Domain: 6
Path: 2
File: 3
IP: 1
Hash: 6
#ParsedReport
05-05-2022
Nigerian Tesla: 419 scammer gone malware distributor unmasked
https://blog.malwarebytes.com/threat-intelligence/2022/05/nigerian-tesla-419-scammer-gone-malware-distributor-unmasked
Threats:
Agent_tesla (tags: phishing, ransomware, malware, spam, stealer, scam, dns, vpn)
Avemaria_rat
Netwire_rat
4shared
Cassandraprotector_tool
Geo:
Nigeria, Nigerian, Ukraine, Ukrainian
IOCs:
File: 2
Email: 25
Domain: 1
05-05-2022
Nigerian Tesla: 419 scammer gone malware distributor unmasked
https://blog.malwarebytes.com/threat-intelligence/2022/05/nigerian-tesla-419-scammer-gone-malware-distributor-unmasked
Threats:
Agent_tesla (tags: phishing, ransomware, malware, spam, stealer, scam, dns, vpn)
Avemaria_rat
Netwire_rat
4shared
Cassandraprotector_tool
Geo:
Nigeria, Nigerian, Ukraine, Ukrainian
IOCs:
File: 2
Email: 25
Domain: 1
Malwarebytes Labs
Nigerian Tesla: 419 scammer gone malware distributor unmasked
Scamming, phishing and other data theft is all part of Nigeria Tesla's portfolio.
#ParsedReport
05-05-2022
Cybercrime loves company: Conti cooperated with other ransomware gangs
https://intel471.com/blog/conti-ransomware-cooperation-maze-lockbit-ragnar-locker
Threats:
Conti (tags: ransomware, malware)
Ryuk (tags: ransomware)
Maze (tags: ransomware)
Lockbit (tags: ransomware)
Ragnarlocker (tags: ransomware)
Emotet (tags: ransomware)
Trickbot
Geo:
Russian
05-05-2022
Cybercrime loves company: Conti cooperated with other ransomware gangs
https://intel471.com/blog/conti-ransomware-cooperation-maze-lockbit-ragnar-locker
Threats:
Conti (tags: ransomware, malware)
Ryuk (tags: ransomware)
Maze (tags: ransomware)
Lockbit (tags: ransomware)
Ragnarlocker (tags: ransomware)
Emotet (tags: ransomware)
Trickbot
Geo:
Russian
Intel471
Cybercrime loves company: Conti cooperated with other ransomware gangs
Conti kept a close eye on other ransomware groups and borrowed some of their techniques and best practices for their own operations.