Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
3 résultats taggé talosintelligence  ✕
Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns https://blog.talosintelligence.com/2022/08/dark-utilities.html
05/08/2022 14:35:44
QRCode
archive.org
thumbnail
  • Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries.
  • It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems.
  • Payloads provided by the platform support Windows, Linux and
  • Python-based implementations and are hosted within the Interplanetary File System (IPFS), making them resilient to content moderation or law enforcement intervention.
  • Since its initial release, we've observed malware samples in the wild leveraging it to facilitate remote access and cryptocurrency mining.
talosintelligence 2022 dark-utilities DarkUtilities C2
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
03/08/2022 15:35:19
QRCode
archive.org
thumbnail
  • Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.
  • The implants for the new malware family are written in the Rust language for Windows and Linux.
  • A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors.
  • We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints.
  • We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.
talosintelligence EN 2022 manjusaka CobaltStrike framework imitation C2
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups https://blog.talosintelligence.com/2022/03/iranian-supergroup-muddywater.html
10/03/2022 16:30:02
QRCode
archive.org
thumbnail

Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).

talosintelligence Iranian EN 2022 APT research MuddyWater Turkey SloughRAT RAT
493 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio