Search cyberveille.decio.ch

CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive

CVE-2024-23108 Fortinet FortiSIEM Command Injection Deep-Dive and Indicators of Compromise. This blog details a command injection vulnerability which allows an unauthenticated attacker to access the FortiSIEM server as root to execute arbitrary commands.

#horizon3 #EN #2024 #CVE-2024-23108 #FortiSIEM #IoCs #analysis

·horizon3.ai·May 29, 2024

CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive

BRATA is evolving into an Advanced Persistent Threat

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

#cleafy #2022 #EN #malware #BRATA #APT #phishing #analysis #IOCs #banker

·cleafy.com·Jun 20, 2022

BRATA is evolving into an Advanced Persistent Threat

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

#cleafy #2022 #EN #malware #BRATA #APT #phishing #analysis #IOCs #banker

·cleafy.com·Jun 20, 2022

BRATA is evolving into an Advanced Persistent Threat

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

#cleafy #2022 #EN #malware #BRATA #APT #phishing #analysis #IOCs #banker

·cleafy.com·Jun 20, 2022

BRATA is evolving into an Advanced Persistent Threat

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

#cleafy #2022 #EN #malware #BRATA #APT #phishing #analysis #IOCs #banker

·cleafy.com·Jun 20, 2022

BRATA is evolving into an Advanced Persistent Threat

MAR-10478915-1.v1 Citrix Bleed

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document is marked TLP:CLEAR--Recipients may share this information without restriction. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.cisa.gov/tlp.

#cisa #EN #2023 #CitrixBleed #analysis #IoCs

·cisa.gov·Nov 21, 2023

MAR-10478915-1.v1 Citrix Bleed

BRATA is evolving into an Advanced Persistent Threat

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

#cleafy #2022 #EN #malware #BRATA #APT #phishing #analysis #IOCs #banker

·cleafy.com·Jun 20, 2022

BRATA is evolving into an Advanced Persistent Threat

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

#cleafy #2022 #EN #malware #BRATA #APT #phishing #analysis #IOCs #banker

·cleafy.com·Jun 20, 2022

BRATA is evolving into an Advanced Persistent Threat

Malware-Traffic-Analysis.net - 2023-02-03 - DEV-0569 activity: Google ad -- FakeBat Loader -- Redline Stealer & Gozi/ISFB/Ursnif

NOTES: Zip files are password-protected. If you don't know the password, see the "about" page of this website. IOCs are listed on this page below all of the images.

#malware-traffic-analysis #EN #2023 #analysis #googleads #DEV-0569 #CPU-Z #IoCs

·malware-traffic-analysis.net·Feb 5, 2023

Malware-Traffic-Analysis.net - 2023-02-03 - DEV-0569 activity: Google ad -- FakeBat Loader -- Redline Stealer & Gozi/ISFB/Ursnif

The Titan Stealer: Notorious Telegram Malware Campaign

The Uptycs threat research team discovered a Titan stealer malware campaign, which is marketed and sold by a threat actor (TA) through a Telegram channel.

#uptycs #EN #2023 #Titan #Stealer #Campaign #analysis #IoCs

·uptycs.com·Jan 25, 2023

The Titan Stealer: Notorious Telegram Malware Campaign

Shlayer Malware: Continued Use of Flash Updates

Although Flash Player reached end of life for macOS in 2020, this has not stopped Shlayer operators from continuing to abuse it for malvertising campaigns.

#crowdstrike #EN #2021 #Flash #Player #macOS #Shlayer #malvertising #analysis #IoCs

·crowdstrike.com·Dec 28, 2022

Shlayer Malware: Continued Use of Flash Updates

L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files

While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.

#objective-see #2022 #EN #Shlayer #macos #malware #IoCs #analysis

·objective-see.org·Dec 28, 2022

L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy

Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spread an InfoStealer malware written in .NET through an infection chain that involves Windows Shortcut (LNK) files and Batch Scripts (BAT). Taking into account the used TTPs and extracted evidence, the attacks seem perpetrated by the same adversary (internally named AUI001).

#cluster25 #EN #2022 #infostealer #Italy #phishing #Campaigns #analysis #Alibaba2044 #IoCs

·blog.cluster25.duskrise.com·Dec 23, 2022

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy

Aurora: a rising stealer flying under the radar

Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset.

#sekoia #2022 #EN #infostealer #malware #technical #analysis #IoCs #Malware-as-a-Service

·blog.sekoia.io·Nov 21, 2022

Aurora: a rising stealer flying under the radar

Technical Analysis of the RedLine Stealer

RedLine is an information stealer which operates on a MaaS (malware-as-a-service) model. This stealer is available on underground forums, and priced according to users' needs.

#cloudsek #EN #2022 #stealer #RedLine #MaaS #technical #analysis #IoCs

·cloudsek.com·Nov 19, 2022

Technical Analysis of the RedLine Stealer

AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns

Cyble analyzes a new wave of ransomware attacks being led by AXLocker, Octocrypt, and Alice ransomware and how they target Discord tokens.

#cyble #2022 #EN #AXLocker #Octocrypt #Alice #analysis #ransomware #Discord #IoCs

·blog.cyble.com·Nov 19, 2022

AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns

New RapperBot Campaign – We Know What You Bruting for this Time

FortiGuard Labs provides an analysis on RapperBot focusing on comparing samples for different campaigns, including one aiming to launch Distributed Denial of Service (DDoS) attacks. Read our blog to learn more about the differences observed in this campaign vs previous RapperBot and similar campaigns in the past.

#fortinet #EN #2022 #RapperBot #DDoS-attacks #DDoS #analysis #IoCs

·fortinet.com·Nov 16, 2022

New RapperBot Campaign – We Know What You Bruting for this Time

Technical Analysis of BlueSky Ransomware - CloudSEK

BlueSky Ransomware is a modern malware using advanced techniques to evade security defences. It predominantly targets Windows hosts and utilizes the Windows multithreading model for fast encryption.

#cloudsek #EN #2022 #ransomware #IoCs #Analysis #BlueSky

·cloudsek.com·Oct 18, 2022

Technical Analysis of BlueSky Ransomware - CloudSEK

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants

Analysis of APT28/Fancy Bear PowerPoint mouse-over campaign

#cluster25 #2022 #EN #APT28 #IoCs #FancyBear #PowerPoint #campaign #mouse-over #Analysis

·blog.cluster25.duskrise.com·Sep 26, 2022

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names.

#paloaltonetworks #EN #2022 #DNS #hijacking #Domain #shadowing #analysis #IoCs #Domain-shadowing

·unit42.paloaltonetworks.com·Sep 22, 2022

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

Azure Cloud Shell Command Injection Stealing User’s Access Tokens

This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals.

#lightspin #EN #2022 #Azure #Cloud #Shell #injection #terminals #IoCs #Analysis #Tokens #steal

·blog.lightspin.io·Sep 21, 2022

Azure Cloud Shell Command Injection Stealing User’s Access Tokens

The Evolution of the Chromeloader Malware - VMware Security Blog - VMware

The VMware Carbon Black MDR team goes in depth on the latest variants of the Chromeloader malware and how to detect them.

#vmware #EN #2022 #Chromeloader #malware #IoCs #Analysis

·blogs.vmware.com·Sep 21, 2022

The Evolution of the Chromeloader Malware - VMware Security Blog - VMware

Malvertising on Microsoft Edge's News Feed pushes tech support scams

We uncovered a campaign on the Microsoft Edge home page where malicious ads are luring victims into tech support scams.

#malwarebytes #EN #2022 #Microsoft #Edge #Analysis #campaign #scams #IoCs #Feed #News #browser

·malwarebytes.com·Sep 19, 2022

Malvertising on Microsoft Edge's News Feed pushes tech support scams

Dead or Alive? An Emotet Story

In this intrusion from May 2022, we observed a domain-wide compromise that started from a malware ridden Excel document containing the never-dying malware, Emotet. The post-exploitation started ver…

#thedfirreport #EN #2022 #Emotet #Excel #Analysis #IOCs

·thedfirreport.com·Sep 12, 2022

Dead or Alive? An Emotet Story

BRATA is evolving into an Advanced Persistent Threat

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

#cleafy #2022 #EN #malware #BRATA #APT #phishing #analysis #IOCs #banker

·cleafy.com·Jun 20, 2022

BRATA is evolving into an Advanced Persistent Threat

Malware-Traffic-Analysis.net - 2023-02-03 - DEV-0569 activity: Google ad -- FakeBat Loader -- Redline Stealer & Gozi/ISFB/Ursnif

NOTES: Zip files are password-protected. If you don't know the password, see the "about" page of this website. IOCs are listed on this page below all of the images.

#malware-traffic-analysis #EN #2023 #analysis #googleads #DEV-0569 #CPU-Z #IoCs

·malware-traffic-analysis.net·Feb 5, 2023

Malware-Traffic-Analysis.net - 2023-02-03 - DEV-0569 activity: Google ad -- FakeBat Loader -- Redline Stealer & Gozi/ISFB/Ursnif

The Titan Stealer: Notorious Telegram Malware Campaign

The Uptycs threat research team discovered a Titan stealer malware campaign, which is marketed and sold by a threat actor (TA) through a Telegram channel.

#uptycs #EN #2023 #Titan #Stealer #Campaign #analysis #IoCs

·uptycs.com·Jan 25, 2023

The Titan Stealer: Notorious Telegram Malware Campaign

Shlayer Malware: Continued Use of Flash Updates

Although Flash Player reached end of life for macOS in 2020, this has not stopped Shlayer operators from continuing to abuse it for malvertising campaigns.

#crowdstrike #EN #2021 #Flash #Player #macOS #Shlayer #malvertising #analysis #IoCs

·crowdstrike.com·Dec 28, 2022

Shlayer Malware: Continued Use of Flash Updates

L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files

While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.

#objective-see #2022 #EN #Shlayer #macos #malware #IoCs #analysis

·objective-see.org·Dec 28, 2022

L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy

Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spread an InfoStealer malware written in .NET through an infection chain that involves Windows Shortcut (LNK) files and Batch Scripts (BAT). Taking into account the used TTPs and extracted evidence, the attacks seem perpetrated by the same adversary (internally named AUI001).

#cluster25 #EN #2022 #infostealer #Italy #phishing #Campaigns #analysis #Alibaba2044 #IoCs

·blog.cluster25.duskrise.com·Dec 23, 2022

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy