Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-09-21 22:55:01 |
Emotet on the rise with heavy spam campaign (lien direct) |
Over the last few days, we've noticed a large increase in malicious spam spreading Emotet, as well as a higher number of detections from our customers. Looks like we're in the middle of an active Emotet campaign.
Categories:
Cybercrime
Malware
Tags: campaignemotetEternalBluemalicious documentsmalicious spamthreat statisticstrickbotWannaCry
(Read more...)
|
Spam
|
Wannacry
|
|
|
2018-06-22 10:58:05 |
Blackmail Campaign Pretending to be WannaCry Is Really Just WannaSpam (lien direct) |
A new spam campaign is underway that pretends to be from a group called the "WannaCry-Hack-Team" that states the infamous WannaCry Ransomware has returned, the recipients computer is infected, and they need to send some bitcoins or their files will be deleted. [...] |
Spam
|
Wannacry
|
|
|
2017-06-02 08:00:00 |
Les acteurs de la menace tirent parti de l'exploit éternel pour livrer des charges utiles non de la wannacry Threat actors leverage EternalBlue exploit to deliver non-WannaCry payloads (lien direct) |
L'exploit «eternalblue» ( MS017-010 ) a d'abord été utilisépar Wannacry Ransomware et Adylkuzz Cryptocurrency Miner.Maintenant, plus d'acteurs de menaces tirent parti de la vulnérabilité à MicrosoftProtocole de bloc de messages du serveur (SMB) & # 8211;Cette fois pour distribuer Backdoor.Nitol et Trojan Gh0st Rat.
Fireeye Dynamic Threat Intelligence (DTI) a historiquement observé des charges utiles similaires livrées via l'exploitation de la vulnérabilité CVE-2014-6332 ainsi que dans certaines campagnes de spam par e-mail en utilisant Commandes de versions .Plus précisément, Backdoor.Nitol a également été lié à des campagnes impliquant une exécution de code distante
The “EternalBlue” exploit (MS017-010) was initially used by WannaCry ransomware and Adylkuzz cryptocurrency miner. Now more threat actors are leveraging the vulnerability in Microsoft Server Message Block (SMB) protocol – this time to distribute Backdoor.Nitol and Trojan Gh0st RAT.
FireEye Dynamic Threat Intelligence (DTI) has historically observed similar payloads delivered via exploitation of CVE-2014-6332 vulnerability as well as in some email spam campaigns using powershell commands. Specifically, Backdoor.Nitol has also been linked to campaigns involving a remote code execution |
Threat
Ransomware
Spam
Vulnerability
|
Wannacry
|
★★★★
|