#ParsedReport
26-05-2022
Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)
https://www.microsoft.com/security/blog/2022/05/25/detecting-and-preventing-privilege-escalation-attacks-leveraging-kerberos-relaying-krbrelayup
Threats:
Krbrelayup_tool (tags: malware)
Rubeus_tool
Krbrelay_tool
Scmuacbypass_tool
Whisker_tool
Adcspwn_tool
Links:
26-05-2022
Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)
https://www.microsoft.com/security/blog/2022/05/25/detecting-and-preventing-privilege-escalation-attacks-leveraging-kerberos-relaying-krbrelayup
Threats:
Krbrelayup_tool (tags: malware)
Rubeus_tool
Krbrelay_tool
Scmuacbypass_tool
Whisker_tool
Adcspwn_tool
Links:
https://github.com/Dec0ne/KrbRelayUpMicrosoft News
Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)
The privilege escalation hacking tool KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/ SharpMad, Whisker, and ADCSPwn tools in attacks. Although this attack won’t function for Azure Active Directory…
#ParsedReport
26-05-2022
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them
https://www.deepinstinct.com/blog/types-of-dropper-malware-in-microsoft-office
Actors/Campaigns:
Aggaa (tags: malware)
Threats:
Emotet (tags: dropper, malware)
Revenge_rat (tags: malware)
Dridex (tags: dropper)
IOCs:
Url: 1
Path: 1
File: 2
Hash: 7
Links:
26-05-2022
Blame the Messenger: 4 Types of Dropper Malware in Microsoft Office & How to Detect Them
https://www.deepinstinct.com/blog/types-of-dropper-malware-in-microsoft-office
Actors/Campaigns:
Aggaa (tags: malware)
Threats:
Emotet (tags: dropper, malware)
Revenge_rat (tags: malware)
Dridex (tags: dropper)
IOCs:
Url: 1
Path: 1
File: 2
Hash: 7
Links:
https://github.com/deepinstinct/Excellerhttps://github.com/DidierStevens/DidierStevensSuite/blob/master/oledump.pyDeep Instinct
4 Types of Dropper Malware in Microsoft Office & How to Detect Them | Deep Instinct
Read up on the newest types of dropper malware affecting Microsoft Office. Deep Instinct’s experts have put together a guide for detecting & preventing these malicious threats.
#ParsedReport
26-05-2022
New malware Campaign delivers Android RAT. Sophisticated RAT spying on Mobile Devices
https://blog.cyble.com/2022/05/26/new-malware-campaign-delivers-android-rat
Industry:
Financial
TTPs:
Tactics: 4
Technics: 0
IOCs:
File: 5
Domain: 1
Hash: 5
26-05-2022
New malware Campaign delivers Android RAT. Sophisticated RAT spying on Mobile Devices
https://blog.cyble.com/2022/05/26/new-malware-campaign-delivers-android-rat
Industry:
Financial
TTPs:
Tactics: 4
Technics: 0
IOCs:
File: 5
Domain: 1
Hash: 5
#ParsedReport
26-05-2022
Black Basta Besting Your Network?
https://securityintelligence.com/posts/black-basta-ransomware-group-besting-network
Threats:
Blackbasta (tags: malware, ransomware)
Conti
Industry:
Financial
IOCs:
Coin: 1
Hash: 7
File: 2
26-05-2022
Black Basta Besting Your Network?
https://securityintelligence.com/posts/black-basta-ransomware-group-besting-network
Threats:
Blackbasta (tags: malware, ransomware)
Conti
Industry:
Financial
IOCs:
Coin: 1
Hash: 7
File: 2
Security Intelligence
Black Basta besting your network?
Explore in-depth insights behind the Black Basta ransomware group. IBM Security X-Force shares the analysis.
#ParsedReport
27-05-2022
XLL Malware Distributed Through Email
https://asec.ahnlab.com/en/34756
Threats:
Lokibot_stealer (tags: malware)
Trojan/win.agent.c5025449 (tags: malware)
Ransomware/win.carlos.c5025252 (tags: malware)
IOCs:
File: 5
Url: 3
Hash: 5
27-05-2022
XLL Malware Distributed Through Email
https://asec.ahnlab.com/en/34756
Threats:
Lokibot_stealer (tags: malware)
Trojan/win.agent.c5025449 (tags: malware)
Ransomware/win.carlos.c5025252 (tags: malware)
IOCs:
File: 5
Url: 3
Hash: 5
ASEC
XLL Malware Distributed Through Email - ASEC
Malware strains have been created and distributed in various forms and types. As such, the ASEC analysis team is actively monitoring and analyzing such changes to allow AhnLab products to detect them. This post will introduce XLL malware that was discovered…
#ParsedReport
27-05-2022
The Four Horsemen of Software Supply Chain Attacks
https://www.esentire.com/blog/the-four-horsemen-of-software-supply-chain-attacks
Threats:
Log4shell_vuln
Revil (tags: ransomware)
Industry:
Financial
Geo:
Apac, America, Africa, Emea
IOCs:
File: 6
27-05-2022
The Four Horsemen of Software Supply Chain Attacks
https://www.esentire.com/blog/the-four-horsemen-of-software-supply-chain-attacks
Threats:
Log4shell_vuln
Revil (tags: ransomware)
Industry:
Financial
Geo:
Apac, America, Africa, Emea
IOCs:
File: 6
eSentire
The Four Horsemen of software supply chain attacks.
Although security leaders can expect business disruption and reputational damage to occur by default, the consequences of supply chain attacks are dire. Read this blog to learn about the four…
#ParsedReport
27-05-2022
ASEC Weekly Malware Statistics (May 16th, 2022 May 22nd, 2022)
https://asec.ahnlab.com/en/34785
Threats:
Agent_tesla (tags: malware)
Formbook (tags: malware)
Lokibot_stealer (tags: malware)
Redline_stealer (tags: malware)
Beamwinhttp_loader (tags: malware)
Avemaria_rat (tags: malware)
Industry:
Financial, Transport
IOCs:
Domain: 4
IP: 23
Email: 5
File: 30
Url: 25
27-05-2022
ASEC Weekly Malware Statistics (May 16th, 2022 May 22nd, 2022)
https://asec.ahnlab.com/en/34785
Threats:
Agent_tesla (tags: malware)
Formbook (tags: malware)
Lokibot_stealer (tags: malware)
Redline_stealer (tags: malware)
Beamwinhttp_loader (tags: malware)
Avemaria_rat (tags: malware)
Industry:
Financial, Transport
IOCs:
Domain: 4
IP: 23
Email: 5
File: 30
Url: 25
ASEC BLOG
ASEC Weekly Malware Statistics (May 16th, 2022 - May 22nd, 2022) - ASEC BLOG
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from May 16th, 2022 (Monday) to May 22nd, 2022 (Sunday). For the main category, info-stealer…
#ParsedReport
27-05-2022
BAZARLOADER: Analysing The Main Loader. Step 1: Checking System Languages
https://www.0ffset.net/reverse-engineering/analysing-the-main-bazarloader/?utm_source=rss&utm_medium=rss&utm_campaign=analysing-the-main-bazarloader
Threats:
Bazarbackdoor (tags: malware, dns)
Cobalt_strike
Conti
Geo:
Russia
IOCs:
File: 1
Functions Names: 37
Links:
27-05-2022
BAZARLOADER: Analysing The Main Loader. Step 1: Checking System Languages
https://www.0ffset.net/reverse-engineering/analysing-the-main-bazarloader/?utm_source=rss&utm_medium=rss&utm_campaign=analysing-the-main-bazarloader
Threats:
Bazarbackdoor (tags: malware, dns)
Cobalt_strike
Conti
Geo:
Russia
IOCs:
File: 1
Functions Names: 37
Links:
https://github.com/m0n0ph1/Process-Hollowing0ffset Training Solutions | Practical and Affordable Cyber Security Training
BAZARLOADER: Analysing The Main Loader | 0ffset Training Solutions
This post is a follow up on the last one on BAZARLOADER. If you’re interested in how to unpack the initial stages of this malware, you can check it out here. In this post, we’ll cover the final stage of this loader, which has the capability to download and…
#ParsedReport
27-05-2022
APT-C-53 (Gamaredon) New Round DDoS Attack Mission Analysis
https://mp-weixin-qq-com.translate.goog/s/gJFSlpIlbaI11lcClNN_Xw?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
Actors/Campaigns:
Gamaredon (tags: malware, phishing, ddos, trojan)
Industry:
Government
IOCs:
Hash: 19
27-05-2022
APT-C-53 (Gamaredon) New Round DDoS Attack Mission Analysis
https://mp-weixin-qq-com.translate.goog/s/gJFSlpIlbaI11lcClNN_Xw?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
Actors/Campaigns:
Gamaredon (tags: malware, phishing, ddos, trojan)
Industry:
Government
IOCs:
Hash: 19
微信公众平台
APT-C-53(Gamaredon)新一轮DDoS攻击任务分析
360安全大脑监测到APT-C-53(Gamaredon)组织相关的网络攻击活动愈加频繁,发现该组织开始下发开源DDoS木马程序“LOIC”进行DDoS攻击活动
#ParsedReport
27-05-2022
Blog. Win11 users beware! Magniber ransomware has been upgraded again, aiming at win11
https://blog.360totalsecurity.com/en/win11-users-beware-magniber-ransomware-has-been-upgraded-again-aiming-at-win11
Threats:
Magniber (tags: ransomware)
Industry:
Financial
Geo:
Ukraines
IOCs:
File: 2
Url: 4
Hash: 5
27-05-2022
Blog. Win11 users beware! Magniber ransomware has been upgraded again, aiming at win11
https://blog.360totalsecurity.com/en/win11-users-beware-magniber-ransomware-has-been-upgraded-again-aiming-at-win11
Threats:
Magniber (tags: ransomware)
Industry:
Financial
Geo:
Ukraines
IOCs:
File: 2
Url: 4
Hash: 5
360 Total Security Blog
Win11 users beware! Magniber ransomware has been upgraded again, aiming at win11 | 360 Total Security Blog
At the end of April this year, the Magniber ransomware disguised as a Windows 10 upgrade patch package and spread widely, and 360 Security Center...
#ParsedReport
27-05-2022
Threat Source newsletter (May 26, 2022) BlackByte adds itself to the grocery list of big game hunters
http://blog.talosintelligence.com/2022/05/threat-source-newsletter-may-26-2022.html
Actors/Campaigns:
Red_delta
Threats:
Blackbyte (tags: spyware, trojan, cryptomining, ransomware, malware)
Conti
Predator
Cytrox
Industry:
Government
Geo:
Netherlands, Mexico, Indonesia, Greece, Colombia, Armenia, America, Madagascar, Spain, Egypt, Vietnam, China, Ukraine, Serbia
IOCs:
Hash: 10
File: 4
27-05-2022
Threat Source newsletter (May 26, 2022) BlackByte adds itself to the grocery list of big game hunters
http://blog.talosintelligence.com/2022/05/threat-source-newsletter-may-26-2022.html
Actors/Campaigns:
Red_delta
Threats:
Blackbyte (tags: spyware, trojan, cryptomining, ransomware, malware)
Conti
Predator
Cytrox
Industry:
Government
Geo:
Netherlands, Mexico, Indonesia, Greece, Colombia, Armenia, America, Madagascar, Spain, Egypt, Vietnam, China, Ukraine, Serbia
IOCs:
Hash: 10
File: 4
Talosintelligence
Threat Source newsletter (May 26, 2022) — BlackByte adds itself to the grocery list of big game hunters
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Докручиваю автоматический парсер отчетов.
Научил его вытаскивать:
- Windows KB
- Расширения файлов (указанные по тексту, без самого имени файла)
- Имена функций (пока что только Camel-case. Но теперь можно запоминать какая малварь какие ф-ции дергает, если это, конечно, указано в отчете).
Научил его вытаскивать:
- Windows KB
- Расширения файлов (указанные по тексту, без самого имени файла)
- Имена функций (пока что только Camel-case. Но теперь можно запоминать какая малварь какие ф-ции дергает, если это, конечно, указано в отчете).
#ParsedReport
30-05-2022
Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC Part II
https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware-part-two
Threats:
Avemaria_rat
Sbit_rat
Pandorahvnc_rat
Vba/agent.ddon!tr (tags: malware)
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 3
Path: 1
Domain: 5
Coin: 1
Functions Names: 1
30-05-2022
Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC Part II
https://www.fortinet.com/blog/threat-research/phishing-campaign-delivering-fileless-malware-part-two
Threats:
Avemaria_rat
Sbit_rat
Pandorahvnc_rat
Vba/agent.ddon!tr (tags: malware)
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 3
Path: 1
Domain: 5
Coin: 1
Functions Names: 1
Fortinet Blog
Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part II
FortiGuard Labs discovered a phishing campaign delivering fileless malware AveMariaRAT, BitRAT, and PandoraHVNC to steal sensitive information from a victim’s device. Read part II of our analysis t…
#ParsedReport
30-05-2022
APT-C-53 (Gamaredon) New Round DDoS Attack Mission Analysis
https://mp-weixin-qq-com.translate.goog/s/gJFSlpIlbaI11lcClNN_Xw?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Gamaredon (tags: ddos, phishing, trojan, malware)
Industry:
Government
IOCs:
Hash: 19
30-05-2022
APT-C-53 (Gamaredon) New Round DDoS Attack Mission Analysis
https://mp-weixin-qq-com.translate.goog/s/gJFSlpIlbaI11lcClNN_Xw?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Actors/Campaigns:
Gamaredon (tags: ddos, phishing, trojan, malware)
Industry:
Government
IOCs:
Hash: 19
微信公众平台
APT-C-53(Gamaredon)新一轮DDoS攻击任务分析
360安全大脑监测到APT-C-53(Gamaredon)组织相关的网络攻击活动愈加频繁,发现该组织开始下发开源DDoS木马程序“LOIC”进行DDoS攻击活动
#ParsedReport
30-05-2022
ASEC Weekly Malware Statistics ( 20220523 \~ 20220529 )
https://asec-ahnlab-com.translate.goog/ko/34862/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Threats:
Agent_tesla (tags: scan, malware, stealer)
Azorult
Formbook (tags: stealer)
Lokibot_stealer
Avemaria_rat
Beamwinhttp_loader
Garbage_cleaner
Cryptbot_stealer
Remcos_rat (tags: spam, malware, rat)
Nanocore_rat
Industry:
Transport
Geo:
Pacific, Korea
IOCs:
Domain: 4
IP: 3
Email: 5
File: 28
Url: 11
30-05-2022
ASEC Weekly Malware Statistics ( 20220523 \~ 20220529 )
https://asec-ahnlab-com.translate.goog/ko/34862/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Threats:
Agent_tesla (tags: scan, malware, stealer)
Azorult
Formbook (tags: stealer)
Lokibot_stealer
Avemaria_rat
Beamwinhttp_loader
Garbage_cleaner
Cryptbot_stealer
Remcos_rat (tags: spam, malware, rat)
Nanocore_rat
Industry:
Transport
Geo:
Pacific, Korea
IOCs:
Domain: 4
IP: 3
Email: 5
File: 28
Url: 11
ASEC BLOG
ASEC 주간 악성코드 통계 ( 20220523 ~ 20220529 ) - ASEC BLOG
ASEC 분석팀에서는 ASEC 자동 분석 시스템 RAPIT 을 활용하여 알려진 악성코드들에 대한 분류 및 대응을 진행하고 있다. 본 포스팅에서는 2022년 5월 23일 월요일부터 5월 29일 일요일까지 한 주간 수집된 악성코드의 통계를 정리한다. 대분류 상으로는 인포스틸러가 76.9%로 1위를 차지하였으며, 그 다음으로는 RAT (Remote Administration Tool) 악성코드가 16.6%, 다운로더 5.2%, 랜섬웨어 1.3%로 집계되었다.…
#ParsedReport
30-05-2022
GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need
https://cloudsek.com/threatintelligence/goodwill-ransomware-forces-victims-to-donate-to-the-poor-and-provides-financial-assistance-to-patients-in-need
Threats:
Goodwill (tags: malware, ransomware, rat)
Gozi (tags: ransomware)
Hiddentear
Industry:
Financial, Healthcare
Geo:
India, Turkish, Indian
TTPs:
Tactics: 1
Technics: 0
IOCs:
IP: 2
Hash: 4
Functions Names: 1
30-05-2022
GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need
https://cloudsek.com/threatintelligence/goodwill-ransomware-forces-victims-to-donate-to-the-poor-and-provides-financial-assistance-to-patients-in-need
Threats:
Goodwill (tags: malware, ransomware, rat)
Gozi (tags: ransomware)
Hiddentear
Industry:
Financial, Healthcare
Geo:
India, Turkish, Indian
TTPs:
Tactics: 1
Technics: 0
IOCs:
IP: 2
Hash: 4
Functions Names: 1
Cloudsek
GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need | Threat Intelligence…
Goodwill ransomware group propagates very unusual demands in exchange for the decryption key. The Robin Hood-like group is forcing its Victims to donate to the poor and provides financial assistance to the patients in need.
#ParsedReport
30-05-2022
research report. Analysis of Active Kthmimu Mining Trojans
https://www-antiy-cn.translate.goog/research/notice&report/research_report/20220527.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Threats:
Kthmimu
Log4shell_vuln
Xmrig_miner
Ymacco
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 2
Url: 7
IP: 4
Coin: 1
Hash: 8
30-05-2022
research report. Analysis of Active Kthmimu Mining Trojans
https://www-antiy-cn.translate.goog/research/notice&report/research_report/20220527.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=ru&_x_tr_pto=wapp
Threats:
Kthmimu
Log4shell_vuln
Xmrig_miner
Ymacco
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 2
Url: 7
IP: 4
Coin: 1
Hash: 8
www-antiy-cn.translate.goog
活跃的Kthmimu挖矿木马分析
安天是引领威胁检测与防御能力发展的网络安全国家队,为客户构建端点防护、流量监测、边界防护、导流捕获、深度分析、应急处置的安全基石
#ParsedReport
31-05-2022
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
https://www.trendmicro.com/en_us/research/22/e/patch-your-wso2-cve-2022-29464-exploited-to-install-linux-compatible-cobalt-strike-beacons-other-malware.html
Threats:
Cobalt_strike (tags: rat, botnet, cryptomining, malware, trojan, scan, backdoor)
Beacon (tags: rat, botnet, cryptomining, malware, trojan, scan, backdoor)
Metasploit_tool (tags: malware)
Mirai (tags: malware)
Spring4shell (tags: malware)
Malxmr_miner (tags: malware)
Industry:
Energy, Education, Financial, Healthcare, Government
CVEs:
CVE-2022-22965 [Vulners]
Vulners: Score: 7.5, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- vmware spring framework (<5.3.18, <5.2.20)
- cisco cx cloud agent (<2.1.0)
- oracle sd-wan edge (9.0, 9.1)
- oracle retail xstore point of service (20.0.1, 21.0.0)
- oracle communications cloud native core security edge protection proxy (1.7.0, 22.1.0)
have more...
CVE-2022-29464 [Vulners]
Vulners: Score: 10.0, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- wso2 api manager (le4.0.0)
- wso2 enterprise integrator (le6.6.0)
- wso2 identity server (le5.11.0)
- wso2 identity server analytics (5.4.0, 5.4.1, 5.5.0, 5.6.0)
- wso2 identity server as key manager (le5.10.0)
have more...
CVE-2012-4681 [Vulners]
Vulners: Score: 10.0, CVSS: 4.8,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- sun jdk (1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0.200, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0.210, 1.6.0, 1.4.2_13, 1.4.2_30, 1.4.2_12, 1.4.2_31, 1.4.2_3, 1.4.2_8, 1.4.2_16, 1.4.2_23, 1.4.2_32, 1.4.2_18, 1.4.2_19, 1.4.2_29, 1.4.2_6, 1.4.2_26, 1.4.2, 1.4.2_7, 1.4.2_27, 1.4.2_28, 1.4.2_35, 1.4.2_36, 1.4.2_4, 1.4.2_11, 1.4.2_22, 1.4.2_1, 1.4.2_2, 1.4.2_9, 1.4.2_10, 1.4.2_17, 1.4.2_37, 1.4.2_5, 1.4.2_14, 1.4.2_25, 1.4.2_33, 1.4.2_34, 1.4.2_15, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0)
- sun jre (1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.4.2_26, 1.4.2_7, 1.4.2_27, 1.4.2_16, 1.4.2_24, 1.4.2_4, 1.4.2_13, 1.4.2_29, 1.4.2_1, 1.4.2_8, 1.4.2_25, 1.4.2_15, 1.4.2_31, 1.4.2_2, 1.4.2_19, 1.4.2_14, 1.4.2_21, 1.4.2_22, 1.4.2_30, 1.4.2_37, 1.4.2_9, 1.4.2_17, 1.4.2_18, 1.4.2_33, 1.4.2_35, 1.4.2_23, 1.4.2_32, 1.4.2_3, 1.4.2_10, 1.4.2_11, 1.4.2_12, 1.4.2_20, 1.4.2_28, 1.4.2_36, 1.4.2_5, 1.4.2_34, 1.4.2_6, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0)
- oracle jre (1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, le1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.7.0, le1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, le1.4.2_38, le1.5.0)
- oracle jdk (1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, le1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, le1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, le1.4.2_38, le1.5.0)
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 2
IP: 1
Hash: 13
Path: 1
Url: 1
Links:
31-05-2022
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
https://www.trendmicro.com/en_us/research/22/e/patch-your-wso2-cve-2022-29464-exploited-to-install-linux-compatible-cobalt-strike-beacons-other-malware.html
Threats:
Cobalt_strike (tags: rat, botnet, cryptomining, malware, trojan, scan, backdoor)
Beacon (tags: rat, botnet, cryptomining, malware, trojan, scan, backdoor)
Metasploit_tool (tags: malware)
Mirai (tags: malware)
Spring4shell (tags: malware)
Malxmr_miner (tags: malware)
Industry:
Energy, Education, Financial, Healthcare, Government
CVEs:
CVE-2022-22965 [Vulners]
Vulners: Score: 7.5, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- vmware spring framework (<5.3.18, <5.2.20)
- cisco cx cloud agent (<2.1.0)
- oracle sd-wan edge (9.0, 9.1)
- oracle retail xstore point of service (20.0.1, 21.0.0)
- oracle communications cloud native core security edge protection proxy (1.7.0, 22.1.0)
have more...
CVE-2022-29464 [Vulners]
Vulners: Score: 10.0, CVSS: PENDING,
Vulners: Exploitation: Unknown
X-Force: Risk: 9.8
X-Force: Patch: Official fix
Soft:
- wso2 api manager (le4.0.0)
- wso2 enterprise integrator (le6.6.0)
- wso2 identity server (le5.11.0)
- wso2 identity server analytics (5.4.0, 5.4.1, 5.5.0, 5.6.0)
- wso2 identity server as key manager (le5.10.0)
have more...
CVE-2012-4681 [Vulners]
Vulners: Score: 10.0, CVSS: 4.8,
Vulners: Exploitation: True
X-Force: Risk: 9.3
X-Force: Patch: Official fix
Soft:
- sun jdk (1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0.200, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0.210, 1.6.0, 1.4.2_13, 1.4.2_30, 1.4.2_12, 1.4.2_31, 1.4.2_3, 1.4.2_8, 1.4.2_16, 1.4.2_23, 1.4.2_32, 1.4.2_18, 1.4.2_19, 1.4.2_29, 1.4.2_6, 1.4.2_26, 1.4.2, 1.4.2_7, 1.4.2_27, 1.4.2_28, 1.4.2_35, 1.4.2_36, 1.4.2_4, 1.4.2_11, 1.4.2_22, 1.4.2_1, 1.4.2_2, 1.4.2_9, 1.4.2_10, 1.4.2_17, 1.4.2_37, 1.4.2_5, 1.4.2_14, 1.4.2_25, 1.4.2_33, 1.4.2_34, 1.4.2_15, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0)
- sun jre (1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.4.2_26, 1.4.2_7, 1.4.2_27, 1.4.2_16, 1.4.2_24, 1.4.2_4, 1.4.2_13, 1.4.2_29, 1.4.2_1, 1.4.2_8, 1.4.2_25, 1.4.2_15, 1.4.2_31, 1.4.2_2, 1.4.2_19, 1.4.2_14, 1.4.2_21, 1.4.2_22, 1.4.2_30, 1.4.2_37, 1.4.2_9, 1.4.2_17, 1.4.2_18, 1.4.2_33, 1.4.2_35, 1.4.2_23, 1.4.2_32, 1.4.2_3, 1.4.2_10, 1.4.2_11, 1.4.2_12, 1.4.2_20, 1.4.2_28, 1.4.2_36, 1.4.2_5, 1.4.2_34, 1.4.2_6, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0, 1.5.0)
- oracle jre (1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, le1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.7.0, le1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, le1.4.2_38, le1.5.0)
- oracle jdk (1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, le1.6.0, 1.6.0, 1.6.0, 1.6.0, 1.6.0, le1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, 1.7.0, le1.4.2_38, le1.5.0)
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 2
IP: 1
Hash: 13
Path: 1
Url: 1
Links:
https://github.com/wso2/product-apim/issues?q=is%3Aopen+is%3Aissuehttps://github.com/hakivvihttps://github.com/shadow1ng/fscanhttps://github.com/hakivvi/CVE-2022-29464/blob/main/exploit.pyhttps://github.com/wso2/product-apimTrend Micro
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately.
#ParsedReport
31-05-2022
New Black Basta Ransomware Group
https://cyberint.com/blog/research/blackbasta
Threats:
Blackbasta (tags: ransomware, malware)
Conti (tags: ransomware)
Avoslocker
Industry:
Financial, Retail
Geo:
Germany, Peru
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 3
Functions Names: 1
31-05-2022
New Black Basta Ransomware Group
https://cyberint.com/blog/research/blackbasta
Threats:
Blackbasta (tags: ransomware, malware)
Conti (tags: ransomware)
Avoslocker
Industry:
Financial, Retail
Geo:
Germany, Peru
TTPs:
Tactics: 1
Technics: 0
IOCs:
File: 3
Functions Names: 1
Cyberint
New Black Basta Ransomware Group
A new ransomware group, Black Basta, has emerged in the past month and has already claimed 29 victims. Learn more in our research report.
#ParsedReport
31-05-2022
XLoader Botnet: Find Me If You Can. Introduction
https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can
Threats:
Formbook (tags: stealer, rat, malware, botnet, trojan)
IOCs:
Hash: 11
31-05-2022
XLoader Botnet: Find Me If You Can. Introduction
https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can
Threats:
Formbook (tags: stealer, rat, malware, botnet, trojan)
IOCs:
Hash: 11
Check Point Research
XLoader Botnet: Find Me If You Can - Check Point Research
Research by: Alexey Bukhteyev & Raman Ladutska Introduction In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. We described how XLoader emerged in the Darknet community…