In today’s news, we want to warn you about the ongoing campaign by Water Nue targeting the business Office 365 accounts in the US and Canada. Notably, the fraudsters successfully reached a number of high-level managers in companies worldwide and harvested over 800 sets of credentials. Although their phishing toolset is limited, they do not […]
We believe that today we deservedly give the Rule of the Week title to the exclusive Sigma rule developed by Osman Demir to enable detection of VHD ransomware: https://tdm.socprime.com/tdm/info/jxteY8ELY6Yd/BwSPn3MBPeJ4_8xcn22h/?p=1 The first attacks using this ransomware strain began in March 2020, and only recently researchers have linked them to the Lazarus APT. This was facilitated by […]
Last week, researchers reported on the latest notorious Lazarus APT tool, which has been used in the group’s attacks since spring 2018. Their new ‘toy’ was named MATA, it is a modular cross-platform framework with several components including a loader, orchestrator, and multiple plugins that can be used to infect Windows, Linux, and macOS systems. […]
As you know, Malware-as-a-Service (MaaS) is a business that has already become commonplace and runs on the underground forums and black markets offering an array of services. The first attacks using Golden Chickens MaaS began back in 2017, and the Cobalt group was among their first “clients”. The success of this project heavily relies on […]
For never was a story of more woe than this of once again returning Emotet. This time, there were no full-scale campaigns for about seven months, although isolated cases of infection were recorded and researchers found documents distributing this malware. The attacks resumed last Friday, with the botnet sending about 250,000 emails in a matter […]
Today’s post is about fresh versions of Hancitor trojan and a couple of rules released by Threat Bounty Program participants which enables security solutions to detect them. Hancitor Trojan (Evasion Technique) community rule by Emir Erdogan: https://tdm.socprime.com/tdm/info/GwJ4Y7k7tzaz/1rBKXHMBSh4W_EKGF2on/?p=1 Hancitor infection with Ursnif exclusive rule by Osman Demir: https://tdm.socprime.com/tdm/info/DXrFgt0kTBg1/Z9TBUXMBPeJ4_8xc-IFm/ This malware appeared in 2013 and at the […]
In one of our Threat Hunting Content blog posts, we already observed a rule to detect Avaddon ransomware, a new Ransomware-as-a-Service variant that was first spotted in early June. One of the most active distributors of Avaddon ransomware is Phorpiex botnet, which recently recovered from losses incurred earlier this year. Infected systems can send tens […]
The new WastedLocker ransomware was first spotted in May 2020. It was developed by the high-profile Evil Corp group, which previously used the Dridex trojan to deploy BitPaymer ransomware in attacks targeting government organizations and enterprises in the United States and Europe. Last year, part of the attackers left the group and started their own […]
In today’s digest, we want to highlight the content provided by members of the Threat Bounty Program that will help security solutions to detect Saefko RAT, Ursa trojan, and a pack of actively spreading ransomware strains. The Saefko RAT is a relatively fresh remote-access trojan written in .NET that was first spotted in the midst […]
Taurus information-stealing malware is a relatively new tool created by Predator The Thief team that promotes it on hacker forums. The infostealer can steal sensitive data from browsers, cryptocurrency wallets, FTP, email clients, and various apps. The malware is highly evasive and includes techniques to evade sandbox detection. Adversaries developed a dashboard where their customers […]