This month, researchers discovered a multi-stage attack conducted by an undefined APT group. During this attack, adversaries used the Malleable C2 feature in Cobalt Strike to perform C&C communications and deliver the final payload. Researchers note that attackers use advanced evasion techniques. They observed an intentional delay in executing the payload from the malicious Word […]
Last week, security researchers discovered a curious way to hide the malicious payload in plain sight, and this method is actively used in the wild. Adversaries use fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. In the discovered […]
Today is Saturday, which means it’s time for our next Rule Digest, in which we will tell you about interesting content for malware detection released this week. And yes, we again pay particular attention to the rules that participants in the Threat Bounty Program have published. We start with the rule published by Ariel Millahuel, […]
Zoom-themed lures continue to be actively used by cybercriminals, taking pride of place in the top ten most used topics in phishing campaigns. From the very beginning of the lockdown, as the Zoom popularity grew, the number of attacks increased, and even after researchers discovered serious security problems with the service, many organizations did not […]
This week our Rule Digest covers more content than usual. It compiles rules for detecting recent attacks of state-sponsored actors, malware campaigns conducted by cybercriminals, and abusing Windows telemetry. Mustang Panda is the China-based threat group that has demonstrated an ability to rapidly assimilate new tools and tactics into its operations. This APT group […]
Higaisa APT has been known since November 2019, when Tencent researchers first documented its activities. The group was discovered recently, but attackers have been operating for several years and use common tools to complicate the attribution. They mainly use mobile malware and the Gh0st and PlugX trojans. Researchers believe that Higaisa APT is a South […]
Russian state-sponsored cyber espionage unit known for its destructive attacks is actively compromising Exim mail servers via a critical security vulnerability (CVE-2019-10149). At the end of May, the National Security Agency released a Cyber Security Advisory that warned of a campaign linked to Sandworm Group. The group is best known for its BlackEnergy campaign, the […]
Hello everyone, we are back with five fresh rules submitted this week by participants of the Threat Bounty Program. You can check our previous digests here, and if you have any questions, then welcome to the chat. Pykspa worm-like malware can install itself to maintain persistence, listen to incoming port for additional commands, and drop […]
Today’s post is dedicated to the Himera loader malware that adversaries have been using in COVID-19 related phishing campaigns since last month. Cybercriminals continue to exploit the Family and Medical Leave Act requests related to the ongoing COVID19 pandemics as a lure, as this theme have already proven its effectiveness in distributing Trickbot and Kpot […]
Nowadays, during the lockdown, many organizations continue to use Zoom at the corporate level to conduct conference meetings, despite the security issues found in this application. Attackers have been exploiting the increased popularity of this application for several months, and you can partially protect your organization from attacks by hardening Zoom service. But this will […]