Russian state-sponsored cyber espionage unit known for its destructive attacks is actively compromising Exim mail servers via a critical security vulnerability (CVE-2019-10149). At the end of May, the National Security Agency released a Cyber Security Advisory that warned of a campaign linked to Sandworm Group. The group is best known for its BlackEnergy campaign, the […]
Today, under the Threat Hunting Content column, we are heightening your interest in AsyncRAT Detection (Sysmon Behavior) community rule by Emir Erdogan. The rule enables the detection of AsyncRat by using sysmon logs. According to the author of the project on GitHub, AsyncRat is a Remote Access Tool designed to remotely monitor and control other […]
Nowadays, during the lockdown, many organizations continue to use Zoom at the corporate level to conduct conference meetings, despite the security issues found in this application. Attackers have been exploiting the increased popularity of this application for several months, and you can partially protect your organization from attacks by hardening Zoom service. But this will […]
Scarab ransomware was spotted for the first time in June 2017 and had been reappearing with new versions since then. This ransomware is one of the many HiddenTear variants, an open source ransomware Trojan released in 2015. The recently discovered versions of ransomware use an improved RSA encryption method and add various extensions to infected […]
PipeMon is a modular backdoor that is signed with a certificate belonging to a video game company, which was compromised by Winnti group in 2018. Researchers at ESET discovered this backdoor used in attacks on companies in South Korea and Taiwan that develop popular Massively Multiplayer Online games. They named the backdoor PipeMon because the […]
Last week, CISA, FBI, and DoD released malware analysis reports on recently discovered tools of the notorious Lazarus group that perform operations in the interests of the North Korean government. The malware variants, called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, can be used for reconnaissance and deleting confidential information on target systems. TAINTEDSCRIBE malware is used as […]
We start the week with a new rule from Emir Erdogan – HawkEye Multiple Detection (Covid19 Themed Phishing Campaign). This malware is also known as Predator Pain steals a variety of sensitive information from the infected system, including bitcoin wallet information and credentials to browsers and mail clients. The stealer is capable of taking screenshots […]
Remcos RAT was first spotted in 2016. Now it hat purports to be a legitimate remote access tool but it was used in multiple global hacking campaigns. On various sites and forums, cybercriminals advertise, sell, and offer the cracked version of this malware. Since the end of February, security researchers have discovered several campaigns that […]
Most of the rules published on the Threat Detection Marketplace are aimed at detecting attacks on Windows systems. This is not surprising since most of the threats specifically targeted at the Microsoft operating system, as it is the most popular. But there are serious threats for other operating systems, so today we will tell you […]
Bladabindi backdoor has been known since at least 2013, its authors monitor cybersecurity trends and improve backdoor to prevent its detection: they recompile, refresh, and rehash it, so IOCs-based detection content is almost useless. In 2018, the Bladabindi backdoor became fileless and was used as a secondary payload delivered by njRAT / Njw0rm malware. The […]