What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-06-18 22:10:28 | Spear-phishing campaign tricks users to transfer money (TTPs & IOC) (lien direct) | We are publishing the following information in order to help organisations to identify this threat before attackers will perform successful phishing on their employees. Attackers are targeting companies which have foreign trading partners, i.a. in Asia, to perform a wire transfer to a wrong bank account number.We found that domains registered using muhammad.appleseed1@mail.ru e-mail address are actively used in a spear phishing campaign that aims to trick targets to transfer money into bank accounts controller by the attacker using social engineering.Most likely attack scenario looks like following:There is an ongoing e-mail communication between company X and YAn attacker has gained access to an e-mail account of one of the parties | Threat Guideline | APT 15 | |
|
2020-06-12 21:35:46 | Black Kingdom ransomware (TTPs & IOC) (lien direct) | We would like to share with the community the following TTPs and IOC related to Black Kingdom ransomware and threat actors using it.Attackers gained initial access to the infrastructure via Pulse Secure VPN vulnerability [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510].For persistence they use a scheduled task [https://attack.mitre.org/techniques/T1053/]. Task name is GoogleUpdateTaskMachineUSA, which resembles a legitimate task of | Ransomware Vulnerability Threat | ||
|
2020-03-18 17:56:30 | DNS for red team purposes (lien direct) | IntroductionIn the following blog post I would like to demonstrate a proof-of-concept for how red teamers can build DNS command & control (DNS C2, DNS C&C), perform DNS rebinding attack and create fast flux DNS. We will focus only on the DNS server part without building a complete working platform.This approach can also be used by | Malware Threat | ||
|
2019-10-18 13:25:14 | Bypassing LLMNR/NBT-NS honeypot (lien direct) | AbstractMITRE ATT&CK™ [https://attack.mitre.org/] “is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations” which recommends the Conveigh honeypot [https://github.com/Kevin-Robertson/Conveigh] for detection of the LLMNR/NBT-NS Poisoning and Relay | Threat Guideline | Deloitte | ★★ |
|
2019-08-14 21:45:48 | Threat hunting using DNS firewalls and data enrichment (lien direct) | After seeing a few advertisements about DNS firewalls and how expensive they are, I want to share my experience with blue teamers about how DNS firewalls work and how that knowledge can be used for in-house threat hunting solutions and/or building your own DNS firewall (aka do it yourself). These are examples of an approach to detect malicious behaviour, not a tailor made solutions.At the beginning I would like to highlight that it's a good practice to monitor not only logs but also DNS traffic in real time. Such traffic isn't encrypted and if you only check DNS server logs then you can miss direct requests to other DNS servers. Additionally you can also use recently published version of Sysmon [https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon] which supports DNS queries in event ID 22 (DNSEvent).The DNS queries used below that end with | Spam Malware Threat Guideline | APT 18 |
1
We have: 5 articles.
We have: 5 articles.
To see everything:
Our RSS (filtrered)
