Tue, 01 Mar 2022 22:56:50 +0000
The Conti ransomware leaks
https://blog.malwarebytes.com/threat-intelligence/2022/03/the-conti-ransomware-leaks/
Malwarebytes Labs
The Conti ransomware leaks
Perhaps one of the most interesting leaks for the threat intelligence community, the Conti data dumps will provide invaluable data for a long time to come.
Tue, 01 Mar 2022 23:17:18 +0000
Malware Analysis Report – Rewterz | LokiBOT
https://www.rewterz.com/articles/malware-analysis-report-rewterz-lokibot
Rewterz
Malware Analysis Report - Rewterz | LokiBOT | Rewterz
Malware Analysis Report - Rewterz | LokiBOT
Wed, 02 Mar 2022 04:01:50 +0000
Magniber Disguised as Normal Windows Installer (MSI) Being Redistributed (February 22nd)
https://asec.ahnlab.com/en/32226/
ASEC BLOG
Magniber Disguised as Normal Windows Installer (MSI) Being Redistributed (February 22nd) - ASEC BLOG
In the morning of February 22nd, the ASEC analysis team has discovered the redistribution of Magniber that disguised itself as normal Windows Installers (MSI) instead of the previous Windows app (APPX) The distributed Magniber files have MSI as their extension…
Wed, 02 Mar 2022 21:23:15 +0000
DanaBot Launches DDoS Attack Against the Ukrainian Ministry of Defense
https://www.zscaler.com/blogs/security-research/danabot-launches-ddos-attack-against-ukrainian-ministry-defense
Zscaler
DanaBot Launches DDoS Attack | ThreatLabz
Researchers at Zscaler discovered a DDoS attack launched by DanaBot against the Ukrainian Ministry of Defense.
Thu, 03 Mar 2022 02:15:23 +0000
ASEC Weekly Malware Statistics (February 21st, 2022 – February 27th, 2022)
https://asec.ahnlab.com/en/32293/
ASEC BLOG
ASEC Weekly Malware Statistics (February 21st, 2022 - February 27th, 2022) - ASEC BLOG
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 21st, 2022 (Monday) to February 27th, 2022 (Sunday). For the main category,…
Thu, 03 Mar 2022 09:37:08 +0000
Help for Ukraine: Free decryptor for HermeticRansom ransomware
https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=help-for-ukraine-free-decryptor-for-hermeticransom-ransomware
Avast Threat Labs
Help for Ukraine: Free decryptor for HermeticRansom ransomware - Avast Threat Labs
On February 24th, the Avast Threat Labs discovered a new ransomware strain accompanying the data wiper HermeticWiper malware, which our colleagues at ESET found circulating in the Ukraine. Following this naming convention, we opted to name the strain we…
Thu, 03 Mar 2022 14:17:27 +0000
Cyberattacks are Prominent in the Russia-Ukraine Conflict
https://www.trendmicro.com/en_us/research/22/c/cyberattacks-are-prominent-in-the-russia-ukraine-conflict.html
Trend Micro
Cyberattacks are Prominent in the Russia-Ukraine Conflict
Fri, 04 Mar 2022 03:35:07 +0000
Ongoing Cyberwarfare
https://blog.cyble.com/2022/02/25/ongoing-cyberwarfare/
Cyble
Ongoing Cyberwarfare
Cyble Research Labs analyzes significant acts of cyberwarfare that have occurred so far in the Russia-Ukraine Conflict.
Fri, 04 Mar 2022 03:35:07 +0000
Vultur Banking Trojan Spreading Via Fake Google Play Store App
https://blog.cyble.com/2022/02/25/vultur-banking-trojan-spreading-via-fake-google-play-store-app/
Cyble
Vultur Banking Trojan Spreading Via Fake Google Play Store App
The Vultur malware is delivered as an add-on payload via a fake app called 2FA Authenticator, which over 10,000 people have downloaded.
Fri, 04 Mar 2022 03:35:07 +0000
Emotet Malware back in Action
https://blog.cyble.com/2022/02/26/emotet-malware-back-in-action/
Cyble
Emotet Malware back in Action
Cyble researchers analyze the new attack vectors being leveraged by the recently resurfaced Emotet Malware.
Fri, 04 Mar 2022 03:35:07 +0000
Ongoing Cyberwarfare: A Look at the Key Cyberattacks
https://blog.cyble.com/2022/03/03/ongoing-cyberwarfare-a-look-at-the-key-cyberattacks/
Fri, 04 Mar 2022 08:34:55 +0000
Ongoing Cyberwarfare: A Look at the Key Cyberattacks
https://blog.cyble.com/2022/03/04/ongoing-cyberwarfare-a-look-at-the-key-cyberattacks/
Cyble
Ongoing Cyberwarfare: A Look at the Key Cyberattacks
Security researchers at Cyble Research Labs have compiled a list of critical incidents in the escalating Russia-Ukraine conflict.
Fri, 04 Mar 2022 17:22:20 +0000
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
Malwarebytes
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
Hours before the invasion of Ukraine by Russian forces, a new piece of malware was launched at Ukrainian targets. In this blog post, we take apart its components and highlight its capabilities.
Digging into HermeticWiper
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/digging-into-hermeticwiper.html
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/digging-into-hermeticwiper.html
Trellix
Digging into HermeticWiper
The HermeticWiper malware aims to destroy the boot sectors of any (removable) disk on the infected machine, with the help of a benign partition manager driver.
Ukraine-Themed Malspam Drops Agent Tesla
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/ukraine-themed-malspam-drops-agent-tesla/
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/ukraine-themed-malspam-drops-agent-tesla/
Infoblox Blog
Agent Tesla Malware Delivered Through Russia & Ukraine Related Emails | Infoblox
The Agent Tesla malspam campaign has been observed using messages related to the conflict in Ukraine. Learn the indicators and mitigation techniques now.
Deep Analysis of Redline Stealer: Leaked Credential with WCF
https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904
https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904
Medium
Deep Analysis of Redline Stealer: Leaked Credential with WCF
Author: Jiho Kim | S2W TALON
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Fox-IT International blog
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay An…
RuRAT Used In Spear-Phishing Attacks Against Media Organisations In United States
https://cluster25.io/2022/03/03/rurat-used-in-spear-phishing-attacks-against-media-organisations-in-united-states/
https://cluster25.io/2022/03/03/rurat-used-in-spear-phishing-attacks-against-media-organisations-in-united-states/
Sat, 05 Mar 2022 16:12:20 +0000
Government
Legitimate Sites used as Cobalt Strike C2s against Indian
Government
https://www.telsy.com/legitimate-sites-used-as-cobalt-strike-c2s-against-indian-government/
Telsy
Legitimate Sites used as Cobalt Strike C2s against Indian Government - Telsy
Telsy Threat Intelligence team observed a Cobalt Strike attack against members of the Indian government or local institutions.
Targeted APT Activity: BABYSHARK Is Out for Blood
https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood
https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood
Huntress
Targeted APT Activity: BABYSHARK Is Out for Blood | Huntress
We discovered malicious, targeted advanced persistent threat (APT) activity on a partner's system. Here, we dive into the BABYSHARK malware strain.