This batch of the most recent infosec articles from around the web, includes an evolution analysis of Transparent Tribe. In the last four years, Transparent Tribe has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. Learn more about this batch of InfoSec articles.

For more articles, check out our #onpatrol4malware blog.

Transparent Tribe

Hackers Target Defense Contractors’ Employees By Posing as Recruiters

Source: The Hacker News

The United States CISA has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Read more.

Grandoreiro banking trojan impersonates Spain’s tax agency

Source: WeLiveSecurity

Here, we take a look at how the operators of Grandoreiro, an infamous Latin American banking trojan, have been using emails posing as the Agencia Tributaria in order to ensnare new victims. Read more.

Transparent Tribe

Transparent Tribe: Evolution analysis, part 1

Source: SecureList

Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Their favorite infection vector is malicious documents with an embedded macro. Read more.

A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Source: The Hacker News

Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company. Read more.

Transparent Tribe

Transparent Tribe: Evolution analysis, part 2

Source: SecureList

In the last four years, Transparent Tribe has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. Read more.

Transparent Tribe

Gozi: The Malware with a Thousand Faces

Source: Check Point Research

Today, people know Gozi is a malware heavyweight that boasts an array of complicated features, on which will be elaborated in this article, and a very wide reach. Read more.

FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks

Source: CISA

An identified malware and IOCs used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks.” Read more.

MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN

Source: CISA

Working with U.S. Government partners, DHS and FBI identified RAT malware variants (identified as BLINDINGCAN) used by the North Korean government. Read more.

NetWalker Ransomware in 1 Hour

Source: The DFIR Report

The threat actor logged in through RDP, ran a Cobalt Strike Beacon, and dumped memory using ProcDump and Mimikatz, RDPed into a DC, used PsExec to run the NetWalker ransomware payload on all Domain joined systems – all took ~1 hour. Read more.

Transparent Tribe

Technical Approaches to Uncovering and Remediating Malicious Activity

Source: CISA

The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation. Read more.