ESET APT Activity Report Q2โQ3 2023
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-q3-2023/
๐@malwr
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-q3-2023/
๐@malwr
Welivesecurity
ESET APT Activity Report Q2โQ3 2023
This issue of the ESET APT Activity Report features an overview of the activities of selected APT groups as analyzed by ESET Research between April and September 2023.
Netsupport Intrusion Results in Domain Compromise
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report โฆ
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
๐@malwr
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report โฆ
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
๐@malwr
The DFIR Report
NetSupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report on a NetSupport RAT intrusion, but malicious use of this tool dates back to at leastโฆ
'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
๐@malwr
Malwarebytes
Malvertising via Dynamic Search Ads delivers malware bonanza
Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating...
From Albania to the Middle East: The Scarred Manticore is Listening
https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/
๐@malwr
https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/
๐@malwr
Check Point Research
From Albania to the Middle East: The Scarred Manticore is Listening - Check Point Research
Key Findings Introduction Check Point Research, in collaboration with Sygniaโs Incident Response Team, has been tracking and responding to the activities of Scarred Manticore, an Iranian nation-state threat actor that primarily targets government and telecommunicationโฆ
NetHunter Hacker X: WPS attacks
https://www.mobile-hacker.com/2023/10/31/nethunter-hacker-x-wps-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-x-wps-attacks
๐@malwr
https://www.mobile-hacker.com/2023/10/31/nethunter-hacker-x-wps-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-x-wps-attacks
๐@malwr
Mobile Hacker
NetHunter Hacker X: WPS attacks Mobile Hacker
Ever wanted to hack your Wi-Fi network, but your internal adapter doesnโt support monitor mode and you donโt have external adapter? Without switching your Wi-Fi adapter in to monitor mode, WPS attacks allows you to perform various attacks on wireless accessโฆ
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
๐@malwr
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
๐@malwr
Cisco Talos Blog
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
https://research.nccgroup.com/2023/10/31/technical-advisory-insufficient-proxyman-helpertool-xpc-validation/
๐@malwr
https://research.nccgroup.com/2023/10/31/technical-advisory-insufficient-proxyman-helpertool-xpc-validation/
๐@malwr
NCC Group Research Blog
Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
Vendor: Proxyman LLC Vendor URL: Versions affected: com.proxyman.NSProxy.HelperTool version 1.4.0 (distributed with Proxyman.app up to and including versions 4.11.0) Systems Affected: macOS Author:โฆ
Unveiling the Dark Side: A Deep Dive into Active Ransomware Families
https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-dive-into-active-ransomware-families/
๐@malwr
https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-dive-into-active-ransomware-families/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
How to Analyze Malicious PDF Files
PDF files are supported in Intezer for both on-demand sandboxing and automated alert triage, as well as all other file types commonly used for delivering malware, like binary files or Microsoft Office formats. Portable Document Format (PDF) files are a cross-platform file format that supports links, images, and fonts. The flexibility of the PDF format makes...
https://intezer.com/blog/incident-response/analyze-malicious-pdf-files/
๐@malwr
PDF files are supported in Intezer for both on-demand sandboxing and automated alert triage, as well as all other file types commonly used for delivering malware, like binary files or Microsoft Office formats. Portable Document Format (PDF) files are a cross-platform file format that supports links, images, and fonts. The flexibility of the PDF format makes...
https://intezer.com/blog/incident-response/analyze-malicious-pdf-files/
๐@malwr
Intezer
How to Analyze Malicious PDF Files
Here's how incident responders can use open-source and free tools to identify, detect, and analyze PDF files that deliver malware.
Popping Blisters for research: An overview of past payloads and exploring recent developments
https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/
๐@malwr
https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/
๐@malwr
NCC Group Research Blog
Popping Blisters for research: An overview of past payloads and exploring recent developments
Summary Blister is a piece of malware that loads a payload embedded inside it. We provide an overview of payloads dropped by the Blister loader based on 137 unpacked samples from the past one and aโฆ
Mobile Malware Analysis Part 3 โ Pegasus
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-3-pegasus
๐@malwr
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-3-pegasus
๐@malwr
8kSec
Mobile Malware Part 3: Pegasus Analysis | 8kSec
In part 3 of mobile malware analysis, we will talk about Pegasus/ Chryasor variant. Uncover sneaky obfuscation techniques, malicious binaries and much more!
2023-10-31 - IcedID (Bokbot) infection
https://www.malware-traffic-analysis.net/2023/10/31/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/10/31/index.html
๐@malwr
Who killed Mozi? Finally putting the IoT zombie botnet in its grave
How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
๐@malwr
How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
๐@malwr
Welivesecurity
Who killed Mozi? Finally putting the IoT zombie botnet in its grave
ESET researchers describe how they found a kill switch that had been used to take down one of the most prolific botnets out there โ Mozi
Unpatched Powerful SSRF in Exchange OWA โ Getting Response Through Attachments
https://www.thezdi.com/blog/2023/11/1/unpatched-powerful-ssrf-in-exchange-owa-getting-response-through-attachments
๐@malwr
https://www.thezdi.com/blog/2023/11/1/unpatched-powerful-ssrf-in-exchange-owa-getting-response-through-attachments
๐@malwr
Zero Day Initiative
Zero Day Initiative โ Unpatched Powerful SSRF in Exchange OWA โ Getting Response Through Attachments
Server Side Request Forgery (SSRF). This vulnerability class triggers a wide range of emotions and reactions, ranging from complete ignorance to panic. Though it is included in the OWASP Top 10 list of web application security risks, at times vendors tendโฆ
Detect Phishing Emails by Inspecting Email Headers, Attachments, and URLs
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around the globe, by both big and small companies across all industries. But emails also have a dark side โ phishing emails that are used by threat actors to gain access to victimsโ systems. ...
https://intezer.com/blog/incident-response/automate-analysis-phishing-email-files/
๐@malwr
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around the globe, by both big and small companies across all industries. But emails also have a dark side โ phishing emails that are used by threat actors to gain access to victimsโ systems. ...
https://intezer.com/blog/incident-response/automate-analysis-phishing-email-files/
๐@malwr
Intezer
How to Analyze Phishing Email Files
Discover the top methods used by threat actors to deliver threats using phishing emails, as well as how to analyze the emails and attachments.
Unmasking AsyncRAT New Infection Chain
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/unmasking-asyncrat-new-infection-chain/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/unmasking-asyncrat-new-infection-chain/
๐@malwr
McAfee Blog
Unmasking AsyncRAT New Infection Chain | McAfee Blog
Authored by Lakshya Mathur & Vignesh Dhatchanamoorthy AsyncRAT, short for "Asynchronous Remote Access Trojan," is a sophisticated piece of malware
2023-11-02 - TA577 Pikabot activity
https://www.malware-traffic-analysis.net/2023/11/02/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/11/02/index.html
๐@malwr
ipsw Walkthrough Part 1 โ The Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research
๐@malwr
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research
๐@malwr
D0nut encrypt me, I have a wife and no backups
https://research.nccgroup.com/2023/11/06/d0nut-encrypt-me-i-have-a-wife-and-no-backups/
๐@malwr
https://research.nccgroup.com/2023/11/06/d0nut-encrypt-me-i-have-a-wife-and-no-backups/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Post-exploiting a compromised etcd โ Full control over the cluster and its nodes
https://research.nccgroup.com/2023/11/07/post-exploiting-a-compromised-etcd-full-control-over-the-cluster-and-its-nodes/
๐@malwr
https://research.nccgroup.com/2023/11/07/post-exploiting-a-compromised-etcd-full-control-over-the-cluster-and-its-nodes/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Charting Chinaโs Climb as a Leading Global Cyber Power
Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.
https://www.recordedfuture.com/charting-chinas-climb-leading-global-cyber-power
๐@malwr
Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.
https://www.recordedfuture.com/charting-chinas-climb-leading-global-cyber-power
๐@malwr