This batch of the most recent infosec articles from around the web, includes an evolution analysis of Transparent Tribe. In the last four years, Transparent Tribe has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. Learn more about this batch of InfoSec articles.
For more articles, check out our #onpatrol4malware blog.
Hackers Target Defense Contractors’ Employees By Posing as Recruiters
Source: The Hacker News
The United States CISA has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Read more.
Grandoreiro banking trojan impersonates Spain’s tax agency
Here, we take a look at how the operators of Grandoreiro, an infamous Latin American banking trojan, have been using emails posing as the Agencia Tributaria in order to ensnare new victims. Read more.
Transparent Tribe: Evolution analysis, part 1
Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Their favorite infection vector is malicious documents with an embedded macro. Read more.
A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide
Source: The Hacker News
Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company. Read more.
Transparent Tribe: Evolution analysis, part 2
In the last four years, Transparent Tribe has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. Read more.
Gozi: The Malware with a Thousand Faces
Source: Check Point Research
Today, people know Gozi is a malware heavyweight that boasts an array of complicated features, on which will be elaborated in this article, and a very wide reach. Read more.
FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks
An identified malware and IOCs used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks.” Read more.
MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN
Working with U.S. Government partners, DHS and FBI identified RAT malware variants (identified as BLINDINGCAN) used by the North Korean government. Read more.
NetWalker Ransomware in 1 Hour
Source: The DFIR Report
The threat actor logged in through RDP, ran a Cobalt Strike Beacon, and dumped memory using ProcDump and Mimikatz, RDPed into a DC, used PsExec to run the NetWalker ransomware payload on all Domain joined systems – all took ~1 hour. Read more.
Technical Approaches to Uncovering and Remediating Malicious Activity
The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation. Read more.