One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 4173238 |
| Date de publication | 2022-02-23 18:46:00 (vue: 2022-02-23 19:05:57) |
| Titre | Anomali Cyber Watch: EvilPlayout: Attack Against Iran\'s State Broadcaster, Microsoft Teams Targeted With Takeover Trojans, \'Ice phishing\' on the blockchain and More |
| Texte | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Emotet, Ice Phishing, Iran, Trickbot and Zoho. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
EvilPlayout: Attack Against Iran’s State Broadcaster
(published: February 18, 2022)
Checkpoint Researchers have released an article detailing their findings regarding a wave of cyber attacks directed at Iranian broadcast infrastructure during late January 2022. IRIB, an Iranian state broadcaster, was compromised, with malicious executables and wipers being responsible for the attack. Said malware had multiple functions, including hijacking of several tv stations to play recordings of political opposition leaders demanding the assassination of Iran’s supreme leader. Additional functionality includes custom backdoors, screenshot capability and several bash scripts to download other malicious executables. The malware appears new, with no previous appearances, nor has there been any actor attribution as of the date of publication.
Analyst Comment: Utilize all telemetry and feed it into a SIEM to help identify malicious activity within your network. Anomali Match can collide this telemetry against global intelligence to assist in identifying malicious indicators within your network. A defense in depth approach will also mitigate the damage any compromises can do to your infrastructure.
MITRE ATT&CK: [MITRE ATT&CK] Screen Capture - T1113
Tags: Iran, IRIB, Ava, Telewebion
Microsoft Teams Targeted With Takeover Trojans
(published: February 17, 2022)
Researchers at Avanan have documented a new phishing technique that threat actors are using that abuses the trust users of Microsoft Teams have for the platform to deliver malware. Threat Actors send phishing links to victims which initiate a chat on the platform, after which they will post a link to a dll file within the chat box. When clicked, it will install a trojan of choice on the target machine. With over 279 million users, this presents a new attack vector for threat actors to abuse.
Analyst Comment: Never click on a link or open attachments from untrusted senders when receiving email. Be skeptical of strangers attempting to move conversation to another platform, even if you use that platform. Be wary of links posted in apps that are used for communication, as links that are posted on trusted platforms are not trustworthy themselves.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Trusted Relationship - T1199
Tags: Microsoft Teams, trojan, phishing
Red Cross: State Hackers Breached our Network Using Zoho bug
(published: February 16, 2022)
The International Committee of the Red Cross (ICRC) suffered a data breach during January 2022. The incident led to the exfiltration of over 515,000 individual's PII, linked to their Restoring Family Links pro |
| Notes | |
| Envoyé | Oui |
| Condensat | “golden ‘ice 000 121 20028 2014 2016 2017 2018; 2020 2021 2022 279 300mb 40539 49ers 515 6113 abakan about abuse abuses access account achieved action actions activated active activities activity actor actor’s actors additional additionally address addresses administration adobe adselfservice affiliate after against alfredpetr aliases all allowances allowed allowing allows already also alternative america among amsi analysis analyst andry1976 anomali anonymous another anti antimalware any api app appearances appears application applications applied approach approval approvals apps apt archive are are: arestedbyfbi arrest arrested article assassination assist associated asyncrat att&ck att&ck: attached attachments attack attackers attacks attempt attempting attribution august authentication authority ava available avanan aviation avoid awareness babuk backdoors backup badger bank banking based bash basic because become been before begins being below: best bgh biba99 big binary blackbyte block blockchain blog bokbot boriselcin box breach breached briefing broadcast broadcaster browsers bug bushidotoken but bypass called campaign campaigns can capability capture carefully cazanova cell channel channels charting charts chat check checkpoint choice click clicked clicking cloudflare cmd cobalt code collection collide command commands comment: committee commodity communication communications community companies company compiled compromise compromised compromises concept connecting connects consider contain contains content conti contract contracts conversation correlating country create created creating credential credentials critical cross cross: crypto cryptocurrency current custom customers cve cyber cybercrime cybercriminals damage dao dark darkside data date days december defacement defender defense defenses deliver delivers demanding deobfuscate/decode depth detailed detailing details detected detecting detection developer development diavol directed directly disable discovery discuss discussed distributing dll document documented documenting documents dollars domains donaldo download downloaded downloader downloads drained drive dubbed due during eastern ebanatv2 education email emails embedded emotet employees encrypted encrypting encryption enforce ensure erc european evasive even event evilplayout: excel exe executable executables executed executes execution exfiltrate exfiltrating exfiltration experienced expired exploit exploitation exposed extended facing fact factor fails fake families family fbi fbi: february feed figure file files finance financial financially find findings first flight focused follow followed following football form formally forum forums found founded francisco fraud frequently from fuel full function functionality functions funds furthermore futurama gaining game gang getting giving glimpse global goes google gootkit gotowork granted grim group groups hacker hackers had harvests has have haven heatmap help hide high hijacking however html hunting hyperlinks ice icedid icrc identifiable identified identify identifying impact impair improvements incident include includes including increase increased incredibly indicate indicators individual's industries industry infection information informing infrastructure ingress initially initiate inject injectdll injecting injection injects input inputted install installer instant instructions integrity intelligence interface international internet invest involve ioc iocs iran iran’s iranian irib issued issues it’s iteration its january june key kit known krebsonsecurity large late lateral latest leader leaders leads led level link link” linked links lockbit log logon logs longer lookup low lunar m0sad m1x mac machine macro macros made magazine main maintaining makes malicious malspam malware malwares manageengine management manner many match matching matters; matveev maze ment0s mentioning messages method methods microsoft mikhail million mitigate mitre mixalen modern modifies modular module modules monitor m |
| Tags | Ransomware Data Breach Malware Tool Vulnerability Threat Guideline |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.