Tag: Threat Hunting Content

Affiliates vs Hunters: Fighting the DarkSide
Affiliates vs Hunters: Fighting the DarkSide

Introduction On August 2020 a new type of malware, belonging to the Ransomware category, appeared in the cyber threat landscape. Threat actor responsible for its development called it “DarkSide” and, like others piece of malware of this type, is operated in Big Game Hunting (BGH) campaigns. Around more or less the same time, a DLS […]

Read More
SUPERNOVA Backdoor: A Second APT Group Abused SolarWinds Flaw to Deploy Web Shell Malware
SUPERNOVA Backdoor: A Second APT Group Abused SolarWinds Flaw to Deploy Web Shell Malware

New details related to epoch-making SolarWinds supply-chain attack came into light. Research from Microsoft indicates that another stand-alone APT actor might have a hand in SolarWinds Orion compromise. Particularly, cyber-criminals utilized a newly discovered zero-day bug to infect targeted instances with SUPERNOVA backdoor. New ZeroDay Vulnerability in SolarWinds Orion Software (CVE-2020-10148) The vulnerability was disclosed […]

Read More
Sunburst Backdoor Detection: Solarwinds Supply Chain Attack on FireEye and US Agencies
Sunburst Backdoor Detection: Solarwinds Supply Chain Attack on FireEye and US Agencies

Just a few days after the information about the FireEye data breach appeared, the company published the results of its investigation and details of the Sunburst backdoor (including the technical report and countermeasures), through which the APT group penetrated networks of multiple organizations, and now potentially compromised companies can quickly detect this threat. The scale […]

Read More
FireEye Breach: Leaked Red Team Toolkit Detection
FireEye Breach: Leaked Red Team Toolkit Detection

This week the cybersecurity community was struck by the news that one of the top security firms was compromised by an unnamed sophisticated APT group. Adversaries were interested in Red Team tools used by FireEye to test their customers ’security and looked for information related to government customers. An investigation is ongoing and F.B.I. Cyber […]

Read More
Ransomware Detection with Existing Technologies
Ransomware Detection with Existing Technologies

It looks like we are on the verge of another crisis caused by ransomware attacks and the proliferation of Ransomware as a Service model that allows even relatively newbies to get into the big game. Every week, the media are full of headlines that a well-known Enterprise or government organization has become another victim of […]

Read More
Erase of Shadow Copies Detection Rules
Erase of Shadow Copies Detection Rules

Many of our publications lately have been devoted to various ransomware strains, and the rules for detecting Matrix ransomware characteristics will not help to identify Ragnar Locker or Maze. The malware is constantly changing: its authors change not only the IOCs known to security researchers but also the behavior to make threat hunting content useless […]

Read More
FONIX Ransomware as a Service Detection
FONIX Ransomware as a Service Detection

Another Ransomware as a Service platform is preparing to play a high-stakes game with organizations. Researchers at Sentinel Labs discovered the first attacks using the FONIX platform about three months ago. Now, this RaaS platform is still under active development, but their first customers are already trying their capabilities. So far, FONIX is quite inconvenient […]

Read More
AZORult Trojan Used in Targeted Attacks
AZORult Trojan Used in Targeted Attacks

Last week, researchers at Zscaler ThreatLabZ released a report on a massive campaign targeting the supply chain and government sectors in the Middle East. Cybercriminals sent phishing emails pretended to be from Abu Dhabi National Oil Company (ADNOC) employees that infected targets with the AZORult Trojan.  Campaign Targeted at organizations in the Middle East The […]

Read More
Zerologon Attack Detection (CVE-2020-1472)
Zerologon Attack Detection (CVE-2020-1472)

After a very hot July, especially fruitful for critical vulnerabilities (1, 2, 3), Microsoft’s Patch Tuesday in August went relatively quiet. Yes, once again more than a hundred vulnerabilities were patched, yes, 17 flaws were rated as Critical, and Microsoft didn’t point at bugs of the “We All Doomed” level. Although back then security researchers […]

Read More
Smaug Ransomware Detector (Sysmon Behavior)
Smaug Ransomware Detector (Sysmon Behavior)

Today we would like to draw your attention to a relatively recent threat and content for its detection. Smaug Ransomware-as-a-Service appeared on researchers’ radars at the end of April 2020, attackers look for affiliates exclusively on Russian-language Dark Web forums and offer using their platform for a fairly large initial payment and 20% of further […]

Read More