#ParsedReport #CompletenessMedium 06-08-2024 Hijacked: How Cybercriminals Are Turning Anti-Virus Software Against You https://cybersecurity.att.com/blogs/labs-research/hijacked-how-cybercriminals-are-turning-anti-virus-software-against-you Report completeness:…

#ParsedReport #CompletenessMedium 06-08-2024 Hijacked: How Cybercriminals Are Turning Anti-Virus Software Against You https://cybersecurity.att.com/blogs/labs-research/hijacked-how-cybercriminals-are-turning-anti-virus-software-against-you Report completeness:…

#ParsedReport #CompletenessMedium
06-08-2024

Hijacked: How Cybercriminals Are Turning Anti-Virus Software Against You

https://cybersecurity.att.com/blogs/labs-research/hijacked-how-cybercriminals-are-turning-anti-virus-software-against-you

Report completeness: Medium

Threats:
Sbaproxy_tool
Cobalt_strike

TTPs:
Tactics: 5
Technics: 11

IOCs:
Hash: 1
File: 1

Algorithms:
exhibit, xor

Win API:
LoadLibrary, getaddrinfo

Languages:
powershell

AT&T Cybersecurity

Hijacked: How Cybercriminals Are Turning Anti-Virus Software Against You

Executive Summary  LevelBlue Labs has identified a new evolution in the toolset of threat actors. Threat actors are hijacking legitimate anti-virus software to carry out malicious activities undetected. A new tool, named SbaProxy, has been found masquerading…

#ParsedReport #CompletenessLow 06-08-2024 Beware of Fake WinRar Websites: Malware Hosted on GitHub https://blog.sonicwall.com/en-us/2024/08/beware-of-fake-winrar-websites-malware-hosted-on-github Report completeness: Low Threats: Typosquatting_technique…

#ParsedReport #CompletenessLow 06-08-2024 Beware of Fake WinRar Websites: Malware Hosted on GitHub https://blog.sonicwall.com/en-us/2024/08/beware-of-fake-winrar-websites-malware-hosted-on-github Report completeness: Low Threats: Typosquatting_technique…

#ParsedReport #CompletenessLow
06-08-2024

Beware of Fake WinRar Websites: Malware Hosted on GitHub

https://blog.sonicwall.com/en-us/2024/08/beware-of-fake-winrar-websites-malware-hosted-on-github

Report completeness: Low

Threats:
Typosquatting_technique
Hvnc_tool
Kematian_stealer

ChatGPT TTPs:
do not use without manual check
T1071, T1587, T1102, T1566, T1059

IOCs:
File: 1

Soft:
Windows Defender, Telegram

SonicWall

Beware of Fake WinRar Websites: Malware Hosted on GitHub

Overview A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on…

#ParsedReport #CompletenessMedium 06-08-2024 Unmasking Cronus: How Fake PayPal Documents Deliver Fileless Ransomware via PowerShell https://www.seqrite.com/blog/unmasking-cronus-how-fake-paypal-documents-deliver-fileless-ransomware-via-powershell Report…

#ParsedReport #CompletenessMedium 06-08-2024 Unmasking Cronus: How Fake PayPal Documents Deliver Fileless Ransomware via PowerShell https://www.seqrite.com/blog/unmasking-cronus-how-fake-paypal-documents-deliver-fileless-ransomware-via-powershell Report…

#ParsedReport #CompletenessMedium
06-08-2024

Unmasking Cronus: How Fake PayPal Documents Deliver Fileless Ransomware via PowerShell

https://www.seqrite.com/blog/unmasking-cronus-how-fake-paypal-documents-deliver-fileless-ransomware-via-powershell

Report completeness: Medium

Threats:
Cronus
Netwalker
Junk_code_technique
Process_injection_technique
Process_hacker_tool
Runkeys_technique
Revenge_rat
Arrow_rat
Asyncrat
Andromeda
Xworm_rat
Njrat
Spear-phishing_technique
Process_hollowing_technique

Victims:
Individuals

TTPs:
Tactics: 6
Technics: 13

IOCs:
File: 7
Url: 2
Path: 1
Hash: 6

Soft:
thebat, thebat64, onenote, outlook, PccNTMon, wordpad

Crypto:
bitcoin

Algorithms:
lzma, zipx, base64, aes

Win Services:
WebClient, sqlwriter, sqbcoreservice, VirtualBoxVM, sqlagent, sqlbrowser, sqlservr, agntsvc, infopath, synctime, have more...

Languages:
visual_basic, powershell

Links:
https://github.com/SychicBoy/NetReactorSlayer/

Blogs on Information Technology, Network & Cybersecurity | Seqrite

Unmasking Cronus: How Fake PayPal Documents Deliver Fileless Ransomware via PowerShell

<p>Seqrite Labs APT-Team has recently discovered multiple campaigns involving fake PayPal lures. These are targeting individuals around the globe with a new variant of ransomware known as Cronus. In this case, the malware is developed in PowerShell and is…

#ParsedReport #CompletenessLow
05-08-2024

August 6, 2024

https://asec.ahnlab.com/ko/82209

Report completeness: Low

IOCs:
Hash: 3
Url: 3
IP: 3

ASEC

2024년 08월 06일

2024년 08월 06일 Hash 1ace0b015f1fdcb6fa55bf1fc1a447dd4223e6fb86ab07ef86971e5827e7180e2139918a333da1fb78ec259bdf4341bc807 URL 1https[:]//clp[.]newtech[.]lol/webdav/shfiles/cp[.]exe2https[:]//gateway[.…