Know your enemies: An approach for CTI teams
https://blog.virustotal.com/2024/03/know-your-enemies-approach-for-cti-teams.html
๐@malwr
https://blog.virustotal.com/2024/03/know-your-enemies-approach-for-cti-teams.html
๐@malwr
Virustotal
Know your enemies: An approach for CTI teams
VirusTotalโs Threat Landscape can be a valuable source of operational and tactical threat intelligence for CTI teams, for instance helping...
FakeBat delivered via several active malvertising campaigns
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/fakebat-delivered-via-several-active-malvertising-campaigns
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/fakebat-delivered-via-several-active-malvertising-campaigns
๐@malwr
ThreatDown by Malwarebytes
FakeBat delivered via several active malvertising campaigns
A number of software brands are being impersonated with malicious ads and fake sites to distribute malware.
.NET Malware 101: Analyzing the .NET Executable File Structure
Welcome to our deep dive into the world of .NET malware reverse engineering. As a security researcher or analyst, youโre likely aware that the .NET framework, famed for its ability to enable rapid and robust application development, is a double-edged sword. The same features that make it attractive to legitimate developers also make it a...
https://intezer.com/blog/incident-response/intro-to-malware-net-executable-file/
๐@malwr
Welcome to our deep dive into the world of .NET malware reverse engineering. As a security researcher or analyst, youโre likely aware that the .NET framework, famed for its ability to enable rapid and robust application development, is a double-edged sword. The same features that make it attractive to legitimate developers also make it a...
https://intezer.com/blog/incident-response/intro-to-malware-net-executable-file/
๐@malwr
Intezer
.NET Malware 101: Analyzing the .NET Executable File Structure
This deep dive aims to guide you through .NET reverse engineering, equipping you with the essential knowledge to analyze .NET malware.
โค1
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html
๐@malwr
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html
๐@malwr
Trend Micro
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
๐1
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
https://blog.talosintelligence.com/threat-actors-leveraging-document-publishing-sites/
๐@malwr
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
https://blog.talosintelligence.com/threat-actors-leveraging-document-publishing-sites/
๐@malwr
Cisco Talos
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
The Development of a Telco Attack Testing Tool
https://research.nccgroup.com/2024/03/13/the-development-of-a-telco-attack-testing-tool/
๐@malwr
https://research.nccgroup.com/2024/03/13/the-development-of-a-telco-attack-testing-tool/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
LTair: The LTE Air Interface Tool
https://research.nccgroup.com/2024/03/14/ltair-the-lte-air-interface-tool/
๐@malwr
https://research.nccgroup.com/2024/03/14/ltair-the-lte-air-interface-tool/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
The Anatomy of an ALPHA SPIDER Ransomware Attack
ALPHA SPIDER is the adversary behind the development and operation of the Alphv ransomware as a service (RaaS). Over the last year, ALPHA SPIDER affiliates have been leveraging a variety of novel techniques as part of their ransomware operations. CrowdStrike Services has observed techniques such as the usage of NTFS Alternate Data Streams for hiding...
https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/
๐@malwr
ALPHA SPIDER is the adversary behind the development and operation of the Alphv ransomware as a service (RaaS). Over the last year, ALPHA SPIDER affiliates have been leveraging a variety of novel techniques as part of their ransomware operations. CrowdStrike Services has observed techniques such as the usage of NTFS Alternate Data Streams for hiding...
https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/
๐@malwr
CrowdStrike.com
The Anatomy of an ALPHA SPIDER Ransomware Attack
Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.
๐2
Android Phishing Scam Using Malware-as-a-Service on the Rise in India
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-phishing-scam-using-malware-as-a-service-on-the-rise-in-india/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-phishing-scam-using-malware-as-a-service-on-the-rise-in-india/
๐@malwr
McAfee Blog
Android Phishing Scam Using Malware-as-a-Service on the Rise in India | McAfee Blog
Authored by ZePeng Chen and Wenfeng Yu McAfee Mobile Research Team has observed an active scam malware campaign targeting Android users in India. This
๐1
2024-03-06: Pikabot infection leads to Meduza Stealer
https://www.malware-traffic-analysis.net/2024/03/06/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2024/03/06/index.html
๐@malwr
2024-03-14: AsyncRAT and XWorm infection
https://www.malware-traffic-analysis.net/2024/03/14/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2024/03/14/index.html
๐@malwr
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.
https://blog.talosintelligence.com/ransomware-affiliate-model/
๐@malwr
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.
https://blog.talosintelligence.com/ransomware-affiliate-model/
๐@malwr
Cisco Talos
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.
๐1
Ransomwareโs appetite for US healthcare sees known attacks double in a year
https://www.malwarebytes.com/blog/ransomware/2024/03/ransomwares-appetite-for-us-healthcare-sees-known-attacks-double-in-a-year
๐@malwr
https://www.malwarebytes.com/blog/ransomware/2024/03/ransomwares-appetite-for-us-healthcare-sees-known-attacks-double-in-a-year
๐@malwr
ThreatDown by Malwarebytes
Ransomwareโs appetite for US healthcare sees known attacks double in a year - ThreatDown by Malwarebytes
The US healthcare industry suffers more ransomware attacks than most countries.
Hello everybody. I'm sorry for inconvenience. To keep our channel up, I have to pay for server and services. For that, we need financial support. If channel members could kindly donate in BTC, I will not post any ads in the channel.
Sincerely,
@SirMalware
๐@malwr
Sincerely,
@SirMalware
๐@malwr
๐7
Healthcare still a prime target for cybercrime gangs โ Week in security with Tony Anscombe
Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023
https://www.welivesecurity.com/en/videos/healthcare-target-cybercrime-week-security-tony-anscombe/
๐@malwr
Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023
https://www.welivesecurity.com/en/videos/healthcare-target-cybercrime-week-security-tony-anscombe/
๐@malwr
Welivesecurity
Healthcare still a prime target for cybercrime gangs โ Week in security with Tony Anscombe
Healthcare organizations remain firmly in attackers' crosshairs, accounting for more than 20 percent of all ransomware attacks that targeted critical infrastructure entities in the US in 2023
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html
๐@malwr
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html
๐@malwr
Trend Micro
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
Ethereumโs CREATE2: A Double-Edged Sword in Blockchain Security
https://research.checkpoint.com/2024/ethereums-create2-a-double-edged-sword-in-blockchain-security/
๐@malwr
https://research.checkpoint.com/2024/ethereums-create2-a-double-edged-sword-in-blockchain-security/
๐@malwr
Check Point Research
Ethereum's CREATE2: A Double-Edged Sword in Blockchain Security - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin Ethereumโs CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. The attack method involvesโฆ
โค1
Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
https://www.trendmicro.com/en_us/research/24/c/cve-2024-23897.html
๐@malwr
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
https://www.trendmicro.com/en_us/research/24/c/cve-2024-23897.html
๐@malwr
Trend Micro
Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
๐1
LockBit Attempts to Stay Afloat With a New Version
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html
๐@malwr
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html
๐@malwr
Trend Micro
LockBit Attempts to Stay Afloat with a New Version
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
Adversarial Intelligence: Red Teaming Malicious Use Cases for AI
Recorded Future tested four malicious use cases for artificial intelligence (AI) to illustrate โthe art of the possibleโ for threat actor use.
https://www.recordedfuture.com/adversarial-intelligence-red-teaming-malicious-use-cases-ai
๐@malwr
Recorded Future tested four malicious use cases for artificial intelligence (AI) to illustrate โthe art of the possibleโ for threat actor use.
https://www.recordedfuture.com/adversarial-intelligence-red-teaming-malicious-use-cases-ai
๐@malwr
๐ฅ2
Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
๐@malwr
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
๐@malwr
Trend Micro
Analyzing AsyncRAT's Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
๐ฅ1