Threat Reports

Threat Reports

99 bookmarks
Custom sorting
The Endless Struggle Against APT10: Insights from LODEINFO v0.6.6 - v0.7.3 Analysis - Researcher Blog - ITOCHU Cyber & Intelligence Inc.
The Endless Struggle Against APT10: Insights from LODEINFO v0.6.6 - v0.7.3 Analysis - Researcher Blog - ITOCHU Cyber & Intelligence Inc.
What is the LODEINFO malware? Analysis of LODEINFO The infection flow Update of the Downloader Shellcode Remote Template Injection Maldoc VBA code embedded in M…
·blog-en.itochuci.co.jp·
The Endless Struggle Against APT10: Insights from LODEINFO v0.6.6 - v0.7.3 Analysis - Researcher Blog - ITOCHU Cyber & Intelligence Inc.
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs | Microsoft Security Blog
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs | Microsoft Security Blog
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, the threat actor used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files.
·microsoft.com·
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs | Microsoft Security Blog
Bert-JanP/Open-Source-Threat-Intel-Feeds: This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
Bert-JanP/Open-Source-Threat-Intel-Feeds: This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash. - GitHub - Bert-JanP/O...
·github.com·
Bert-JanP/Open-Source-Threat-Intel-Feeds: This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report
From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such … Read More
·thedfirreport.com·
From ScreenConnect to Hive Ransomware in 61 hours - The DFIR Report
Alloy taurus
Alloy taurus
·unit42.paloaltonetworks.com·
Alloy taurus
Educated Manticore - Iran Aligned Threat Actor Targeting Israel via Improved Arsenal of Tools - Check Point Research
Educated Manticore - Iran Aligned Threat Actor Targeting Israel via Improved Arsenal of Tools - Check Point Research
Key Findings: Introduction In this report, Check Point research reveals new findings of an activity cluster closely related to Phosphorus. The research presents a new and improved infection chain leading to the deployment of a new version of PowerLess. This implant was attributed to Phosphorus in the past, an Iran-affiliated threat group operating in the Middle East […]
·research.checkpoint.com·
Educated Manticore - Iran Aligned Threat Actor Targeting Israel via Improved Arsenal of Tools - Check Point Research
Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
We detail the intrusion set Earth Yako, attributed to the campaign Operation RestyLink or EneLink. This analysis was presented in full at the JSAC 2023 in January 2023.
·trendmicro.com·
Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
Pupy RAT hiding under WerFault’s cover - K7 Labs
Pupy RAT hiding under WerFault’s cover - K7 Labs
We at K7 Labs recently identified an interesting technique used by threat actors to execute a Remote Admin Tool. We […]
·labs.k7computing.com·
Pupy RAT hiding under WerFault’s cover - K7 Labs
Heads up! Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges
Heads up! Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges
Overview On Oct 21, 2022, 360Netlab's honeypot system captured a suspicious ELF file ee07a74d12c0bb3594965b51d0e45b6f, which propagated via F5 vulnerability with zero VT detection, our system observces that it communicates with IP 45.9.150.144 using SSL with forged Kaspersky certificates, this caught our attention. After further lookup, we confirmed
·blog.netlab.360.com·
Heads up! Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges
ORKL
ORKL
ORKL Threat Intelligence Library
·orkl.eu·
ORKL
Gamaredon group grows its game | WeLiveSecurity
Gamaredon group grows its game | WeLiveSecurity
ESET research discovers several previously undocumented post-compromise tools used by the highly active Gamaredon APT group in various malicious campaigns.
·welivesecurity.com·
Gamaredon group grows its game | WeLiveSecurity