Honeypot agent for malware curation with Siphon
I made this post about a tool a created to fetch the latest samples from threat intelligence platforms.
The tool has had a major upgrade, and now allows you to generate agents to deploy on honeypots, that can monitor folders for file activity (writes, creations).
Agents have exposed API endpoints to query and download indexed samples from, and are interacted with via Mutual TLS - allowing you to interact with it just how you'd interact with other integrations. If you try it out on your infrastructure, feel free to feedback on GitHub!
https://github.com/pygrum/siphon
The 1st sample in the image above represents an example file written to disk in a folder monitored by a Windows agent.
๐ฃpygrum
๐@malwr
I made this post about a tool a created to fetch the latest samples from threat intelligence platforms.
The tool has had a major upgrade, and now allows you to generate agents to deploy on honeypots, that can monitor folders for file activity (writes, creations).
Agents have exposed API endpoints to query and download indexed samples from, and are interacted with via Mutual TLS - allowing you to interact with it just how you'd interact with other integrations. If you try it out on your infrastructure, feel free to feedback on GitHub!
https://github.com/pygrum/siphon
The 1st sample in the image above represents an example file written to disk in a folder monitored by a Windows agent.
๐ฃpygrum
๐@malwr
Reddit
From the Malware community on Reddit: A malware curation tool that allows you to query, download and investigate fresh samplesโฆ
Explore this post and more from the Malware community
Amazon Prime email scammer snatches defeat from the jaws of victory
https://www.malwarebytes.com/blog/news/2023/10/amazon-prime
๐@malwr
https://www.malwarebytes.com/blog/news/2023/10/amazon-prime
๐@malwr
Malwarebytes
Amazon Prime email scammer snatches defeat from the jaws of victory
A very convincing Amazon Prime scam landed in our mail server today and...went straight to spam. Here's why.
Major Cyber Incident: KA-SAT 9A - EuRepoC: European Repository of Cyber Incidents - Other incident names: Viasat, AcidRain
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
EuRepoC: European Repository of Cyber Incidents
Major Cyber Incident: KA-SAT 9A - EuRepoC: European Repository of Cyber Incidents
Major Cyber Incident: KA-SAT 9A Other incident names: Viasat, AcidRain 4 October 2023 Kerttunen, Mika; Schuck, Kim; Hemmelskamp, Jonas EN About KA-SAT 9A The GEO satellite broadband services of the US communications company Viasat (KA-SAT 9A network) wereโฆ
100,000 [internet exposed industrial control systems that have been identified so far](https://www.bitsight.com/blog/bitsight-identifies-nearly-100000-exposed-industrial-control-systems)
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Bitsight
Bitsight identifies nearly 100,000 exposed industrial control systems | Bitsight
Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) potentially allowing an attacker to access and control physical infrastructure.
Quishing Triage 101: How to Investigate Suspicious QR Codes in Emails
๐ฃdigicat
Tl;dr- donโt scan it with your phone. Use the tools you normally do.
You can take a screen shot of the email and put it in cyberchef for a quick result.
๐คLethargicEscapist
๐@malwr
๐ฃdigicat
Tl;dr- donโt scan it with your phone. Use the tools you normally do.
You can take a screen shot of the email and put it in cyberchef for a quick result.
๐คLethargicEscapist
๐@malwr
The Future of Open-Source Botnets and Preparedness Against Threats: Supershell Botnet - or how the CTI gained access to the infrastructure
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
SOCRadarยฎ Cyber Intelligence Inc.
Home - SOCRadarยฎ Extended Threat Intelligence
SOCRadar is an Extended Threat Intelligence (XTI) tool that is enriched with External Attack Surface Management and Digital Risk Protection.
DSA-2023-283: Security Update for Dell SmartFabric Storage Software Vulnerabilities - A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Dell
DSA-2023-283: Security Update for Dell SmartFabric Storage Software Vulnerabilities | Dell UK
Dell SmartFabric Storage Software remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Global NetScaler Gateway credential harvesting campaign - attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Security Intelligence
X-Force uncovers global NetScaler Gateway credential harvesting campaign
IBM X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials.
LostTrust Ransomware | Latest Multi-Extortion Threat Shares Traits with SFile and Mindware
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
SentinelOne
LostTrust Ransomware | Latest Multi-Extortion Threat Shares Traits with SFile and Mindware
Discover the technical overlaps between LostTrust Ransomware, SFile and Mindware in this in-depth analysis of the latest multi-extortion cyber threats.
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Unit 42
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
We employ static and dynamic analysis to dissect two case studies using obfuscation in Android malware: a Cerberus banking trojan and HiddenAd adware.
LatLoader: PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - icyguider/LatLoader: PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
PoC module to demonstrate automated lateral movement with the Havoc C2 framework. - icyguider/LatLoader