Recherche : [IoCs] - Cyberveille

The Titan Stealer: Notorious Telegram Malware Campaign https://www.uptycs.com/blog/titan-stealer-telegram-malware-campaign

25/01/2023 20:37:26

The Uptycs threat research team discovered a Titan stealer malware campaign, which is marketed and sold by a threat actor (TA) through a Telegram channel.

Shlayer Malware: Continued Use of Flash Updates https://www.crowdstrike.com/blog/shlayer-malvertising-campaigns-still-using-flash-update-disguise/

28/12/2022 02:49:09

Although Flash Player reached end of life for macOS in 2020, this has not stopped Shlayer operators from continuing to abuse it for malvertising campaigns.

L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files https://objective-see.org/blog/blog_0x70.html

28/12/2022 02:46:15

While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy https://blog.cluster25.duskrise.com/2022/12/22/an-infostealer-comes-to-town

23/12/2022 22:35:26

Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spread an InfoStealer malware written in .NET through an infection chain that involves Windows Shortcut (LNK) files and Batch Scripts (BAT). Taking into account the used TTPs and extracted evidence, the attacks seem perpetrated by the same adversary (internally named AUI001).

Aurora: a rising stealer flying under the radar https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/

21/11/2022 20:56:10

Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.

Technical Analysis of the RedLine Stealer https://cloudsek.com/technical-analysis-of-the-redline-stealer/

19/11/2022 23:14:10

RedLine is an information stealer which operates on a MaaS (malware-as-a-service) model. This stealer is available on underground forums, and priced according to users' needs.

AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns https://blog.cyble.com/2022/11/18/axlocker-octocrypt-and-alice-leading-a-new-wave-of-ransomware-campaigns/

19/11/2022 23:12:11

Cyble analyzes a new wave of ransomware attacks being led by AXLocker, Octocrypt, and Alice ransomware and how they target Discord tokens.

New RapperBot Campaign – We Know What You Bruting for this Time https://www.fortinet.com/blog/threat-research/new-rapperbot-campaign-ddos-attacks

16/11/2022 20:24:13

FortiGuard Labs provides an analysis on RapperBot focusing on comparing samples for different campaigns, including one aiming to launch Distributed Denial of Service (DDoS) attacks. Read our blog to learn more about the differences observed in this campaign vs previous RapperBot and similar campaigns in the past.

SafeBreach Uncovers Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/

19/10/2022 08:30:40

See how this tool—created by a sophisticated and seemingly unknown threat actor—uses the unique approach of disguising itself as part of a Windows update.

Technical Analysis of BlueSky Ransomware https://cloudsek.com/technical-analysis-of-bluesky-ransomware/

18/10/2022 10:30:48

BlueSky Ransomware is a modern malware using advanced techniques to evade security defences. It predominantly targets Windows hosts and utilizes the Windows multithreading model for fast encryption.

Chaos is a Go-based Swiss army knife of malware https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/

01/10/2022 01:03:28

Black Lotus Labs, the threat intelligence arm of Lumen Technologies, recently uncovered a multifunctional Go-based malware developed for Windows and Linux

Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html

30/09/2022 09:27:43

Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.

Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage

30/09/2022 09:08:07

Espionage group begins using new backdoor that leverages rarely seen steganography technique.

BumbleBee: Round Two https://thedfirreport.com/2022/09/26/bumblebee-round-two/

28/09/2022 15:29:52

In this intrusion from May 2022, the threat actors used BumbleBee as the initial access vector. BumbleBee has been identified as an initial access vector utilized by several ransomware affiliates. …

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/

26/09/2022 11:08:02

Analysis of APT28/Fancy Bear PowerPoint mouse-over campaign

Iranian State Actors Conduct Cyber Operations Against the Government of Albania https://www.cisa.gov/uscert/ncas/alerts/aa22-264a

22/09/2022 16:43:03

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime https://unit42.paloaltonetworks.com/domain-shadowing/

22/09/2022 15:39:32

Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names.

Azure Cloud Shell Command Injection Stealing User’s Access Tokens https://blog.lightspin.io/azure-cloud-shell-command-injection-stealing-users-access-tokens

21/09/2022 23:44:32

This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals.

The Evolution of the Chromeloader Malware - VMware Security Blog - VMware https://blogs.vmware.com/security/2022/09/the-evolution-of-the-chromeloader-malware.html

21/09/2022 23:39:47

The VMware Carbon Black MDR team goes in depth on the latest variants of the Chromeloader malware and how to detect them.

Malvertising on Microsoft Edge's News Feed pushes tech support scams https://www.malwarebytes.com/blog/threat-intelligence/2022/09/microsoft-edges-news-feed-pushes-tech-support-scam

19/09/2022 23:34:16

We uncovered a campaign on the Microsoft Edge home page where malicious ads are luring victims into tech support scams.

Liens par page

Filtres