Tag: Nattatorn Chuensangarun

SOC Prime Threat Bounty — August 2022 Results

August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]

Read More
LAUSD Ransomware Attack: Vice Society Claims Compromising the Largest School District in the US

Ransomware operators constantly seek lucrative and feasible extortion opportunities, affecting a wide array of organizations across industries. One of the latest examples of successful breaches is the Vice Society gang’s attack against the Los Angeles Unified School District that happened over the Labor Day weekend. The attack caused widespread disruption, affecting several information management systems. […]

Read More
Novel Moobot
New Mirai Botnet Variant Detection: MooBot Sample Targets D-Link Routers

Security researchers are raising the alarm on a new Mirai botnet variant dubbed MooBot that targets D-Link devices. The novel threat employs multiple exploitation techniques.  MooBot first surfaced in 2019, hijacking LILIN digital video recorders and Hikvision video surveillance products and co-opting them into a family of denial-of-service bots. Detect MooBot  To detect the signature […]

Read More
Agenda Ransomware
Golang-Based Agenda Ransomware Detection: New Strain Began Sweeping Across Asia and Africa

Researchers warn of a new ransomware family: a novel strain called Agenda sails in, targeting healthcare and education entities. Similar to another emerging piece written in Go language (aka Golang) dubbed BianLian, this cross-platform threat is gaining popularity with affiliates for its versatility and easy-to-tweak elements of the campaign, including encryption extension, personalized ransomware note […]

Read More
Manjusaka Offensive Framework
Manjusaka Offensive Framework Detection: New Malware Family Quickly Catapults Into Operation

A novel attack framework called “Manjusaka” is currently making rounds in the wild. The name “Manjusaka,” which means “cow flower,” is far from denoting the high level of offense potential the attack framework bears. Deriving from ample evidence, the campaign operators behind this malware family are believed to be China-based. Developers of Manjusaka have designed […]

Read More
SmokeLoader Detection: Distributes Amadey Bot Malware via Software Cracks

Amadey Bot, a notorious malware strain that first came to the cyber threat arena in 2018, is capable of stealing data and deploying other malicious payloads on the compromised system. It has been actively distributed across hacker forums to engage in offensive operations. Cybersecurity researchers have recently observed the distribution of a new version of […]

Read More
QBot Malware
QakBot Detection: New Trojan Variant Picked Up New Tricks

Security experts have revealed a new variant of an information stealer and banking trojan known under the moniker QBot (aka QakBot, QuackBot, or Pinkslipbot). The trojan was first detected in the late 2000s, mostly used in financially motivated attacks aimed at stealing victims’ passwords. Its operators regularly resurface with new tricks up their sleeves, adopting […]

Read More
XMRIG Cryptominer
XMRig Coin Miner: Adversaries Employ New Approaches to Illegal Crypto Mining

With a mounting number of cyber criminal operations pursuing the illicit installation of crypto mining software on victim devices and systems, increasing awareness of crypto-jacking is paramount. Earlier this Summer, US-CERT released a malware analysis report related to XMRig coin miner, detailing new approaches to hijacking victims’ devices and leveraging them for crypto mining. CISA […]

Read More
MedusaLocker Ransomware
MedusaLocker Ransomware Detection: Federal Authorities Release a Joint CSA

MedusaLocker ransomware first surfaced in September 2019 and has been impacting a wide range of industries and organizations, primarily in healthcare, ever since. Assuming how adversaries divide the ransom money, MedusaLocker appears to be run as a RaaS. Sources claimed that payments for ransomware seem to be divided between the affiliate and the developer, with […]

Read More
PingPull Malware
PingPull Malware Detection: New Stealthy RAT Used by Gallium APT

Researchers report new attacks with an upgraded remote access trojan (RAT) dubbed PingPull launched by Gallium hackers. The Gallium APT has been around since at least 2012 and bears the markings of what is likely a nation-state threat actor, believed to be backed by the Chinese government. Their latest activity is characterized by APT’s strive […]

Read More