One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 2672014 |
| Date de publication | 2021-04-20 19:12:00 (vue: 2021-04-20 20:05:39) |
| Titre | Anomali Cyber Watch: Criminals Target Would Be Hackers for Cryptocurrency Theft, A Zero Day Vulnerability in Windows Desktop Manager is in the Wild, US Blames Russia for SolarWinds, and More |
| Texte | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Android Malware, Dependency Confusion, Ransomware, Russia, SaintBot and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
HackBoss Malware Poses as Hacker Tools on Telegram to Steal Digital Coins
(published: April 16, 2021)
The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications. Researchers have named the malware HackBoss and say that its operators likely stole more than $500,000 from wannabe hackers that fell for the trick. The malware is designed to simply check the clipboard for a cryptocurrency wallet and replace it with one belonging to the attacker.
Analyst Comment: Messages that attempt to get a user to click a link should be viewed with scrutiny, especially when they come from individuals with whom you do not typically communicate. Education is the best defense. Users should be educated on the dangers of phishing, specifically, how they can take place in different forms of online communications, and whom to contact if a phishing attempt is identified.
MITRE ATT&CK: [MITRE ATT&CK] Clipboard Data - T1115 | [MITRE ATT&CK] Software Packing - T1045
Tags: Dogecoin, Cryptocurrency, Cryptostealer, Telegram, HackBoss
Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials
(published: April 15, 2021)
The recently discovered and patched Microsoft Exchange vulnerabilities have garnered considerable attention due to their mass exploitation and the severity of impact each exploitation has on the affected organization. On March 6, 2021, an unknown actor exploited vulnerabilities in Microsoft Exchange Server to install a webshell on a server at a financial institution in the EMEA (Europe, the Middle East and Africa) region. The actor then compressed the files associated with the information gathering and credential harvesting.
Analyst Comment: Once a vulnerability has been reported on in open sources, threat actors will likely attempt to incorporate the exploitation of the vulnerability into their malicious operations. Patches should be reviewed and applied as soon as possible to prevent potential malicious activity.
MITRE ATT&CK: [MITRE ATT&CK] Data Compressed - T1002 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] Data Encoding - T1132 | [MITRE ATT&CK] Account Discovery - T1087 | [MITRE ATT&CK] Web Shell - T1100 | [MITRE ATT&CK] PowerShell - T1086 | |
| Envoyé | Oui |
| Condensat | $500 'the “saint ‘allow ‘always ‘ask 000 160 2021 28310 access according account accusing actions activities activity actor actors adapting additional additionally affected africa after again against agencies albert all allow allow’ also always always’ america analysis analyst android anomali app appear appears apple application applications applied apps april archive are asks aspiring associated att&ck att&ck: attached attack attacker attackers attacks attempt attention attributed authors automated automatically avoid avoided aware backdoor backed backups bakker because been begin begun behavioural behind being belonging best between blames blaming block blocked blocks bot bot” brata broad browser browserify business but bypass bypassed bypassing called campaign' campaigns can captcha carrying case caught certain chain challenges changes charts check checked cheese choose chrome claims click client clipboard coins colleagues collection com come comment: communicate communications companies company component compressed compromised confirms confusion connections considerable consistently consists constantly contact contains content continues control coordinating coordination copy copyright cortex could counterparts country credential credentials criminals crucial cryptocurrency cryptostealer customers cve cyber cybercriminals dangers data day defense defenses deliveries deobfuscate/decode dependency designed designer desktop detected detection deterrent developers device devices different digital discourage discovered discovery discuss discussed disrupted disruption distributed distributing documents dogecoin doing download downloaded downloader downloads dropper dropping due dutch each early easily east educated education effective elf email emails emea employees encoding encourage encrypted endpoint enforcement engineering entry environment eop escalating escalation escape especially espionage essential europe evolving examined exchange executable execution expect exploit exploitation exploited exploits facing fake family feeds fell figure file files filters financial firewalls follow following food formally forms foundation free from fulfillment full fund further furthermore future garnered gathering gave georgia get giving glimpse google government granting group growing guise hack hackboss hacker hackers harvesting has have having heavily heijn help hidden hids highlights house how human identified identify illicit illustrator imitates impact importance important incorporate increase individuals infection infections info inform information infringement install instead institution institutions integrity intelligence ioc iocs ironically issue iteration its january javascript keep keeping keeps largest law layer led legitimate lifetime likely limit link links linux local logistics logistiek logs loss lost macos magazine maintain make malicious malware malwarebytes manager managers manger manifest march mass may mcafee measures mention message messages microsoft middle million minimise mitigate mitre mobile more multiple must name named near neatherlands needed netherland's network new news nodejs normal north not now npm obfuscated observed officially often once one online open operating operations operators order organization other out over package packing page part password patch patched patches payment pdf permissions person phishing photographer place play points popular poses posing possible posture potential potentially powershell prefix present prevent preventing prior prioritize private privilege privileges process products profitable properly protection protections protocol provide provided provider public published: question ransom ransoms ransomware rapid reader recently recommended records recovery reformatted regards region registry related release released remain remote replace reported represent request requests require research researchers response restoration restore result reviewed risk run russia russian said saint saintbot sanctions sandbo |
| Tags | Ransomware Malware Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.