SecuriTricks - 2024-05-08

Attack reports

Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation

Juniper Threat Labs has observed attempts to exploit Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities (CVE-2023-46805 and CVE-2024-21887), leading to the delivery of Mirai botnet payloads. This analysis explores the vulnerabilities, exploitation methods, observed …

botnet

Published: May 10, 2024

Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805

Downloadable IOCs: 23

Profiling Trafficers: Cerberus

This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the Commonwealth of Independent States (CIS) region. It provides insights into their operations, tactics, and the evolution o…

dracula stealer (samurai)

2024-05-09

2024-05-10

Published: May 10, 2024

Downloadable IOCs: 24

New Campaigns from Scattered Spider

Scattered Spider, a financially motivated threat actor group, has been conducting aggressive phishing campaigns targeting various industries, particularly the finance and insurance sectors. Their tactics involve creating convincing lookalike domains and login pages to lure victims into revealing cr…

Published: May 10, 2024

Linked vulnerabilities : CVE-2024-22024

Downloadable IOCs: 118

macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge

This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spyware. It describes Cuckoo Stealer's main features, logic, and provides indicators of compromise to assist threat hunters and defenders. The malware employs techniques lik…

Published: May 10, 2024

Downloadable IOCs: 4

Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four

This comprehensive analysis provides a thorough examination of the REMCOS Remote Access Trojan (RAT), a prominent malware threat that gained significant prevalence in 2024. The analysis delves into the malware's configuration structure, command and control capabilities, persistence mechanisms, and …

Published: May 9, 2024

Downloadable IOCs: 34

Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin

A recent surge of malicious JavaScript code has been observed targeting websites using vulnerable versions of the LiteSpeed Cache plugin for WordPress. The malware injects code into critical WordPress files or the database, creating unauthorized admin users like 'wpsupp-user.' It exploits the vulne…

Published: May 9, 2024

Downloadable IOCs: 6

Tracking the Surge in Non-PE Cyber Threats

This intelligence report details a sophisticated infection chain that culminates in the deployment of AsyncRAT, a potent malware designed to breach computer systems and steal confidential data. The meticulous analysis unravels the intricate sequence, commencing with a spam email containing a malici…

Published: May 9, 2024

Downloadable IOCs: 13

APT28 campaign against Polish government institutions

The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which has been targeting Polish government institutions in the past year and is believed to be linked to the GRU.

Published: May 8, 2024

Downloadable IOCs: 74

Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers

Amid the rise of bootkits at the time, a dropper was captured in-the-wild and posted on a malware tracker. The malware was called "Guntior", named after the device object its authors had chosen for it (\Device\Guntior). The name also appears in AV detections.

Published: May 8, 2024

Downloadable IOCs: 6

Code Emulation and Cybercrime Infrastructure Discovery

This report details the analysis of a malspam campaign utilizing the Matanbuchus loader, which involved decrypting strings within the malware through emulation techniques. The investigation pivoted to uncover a Russian bulletproof hosting service, Proton66 OOO, that currently hosts various maliciou…

Published: May 8, 2024

Downloadable IOCs: 76

Stealer Distributed via Crafted Minecraft Source Pack

This report details the operation of the zEus stealer malware, which is distributed through a crafted Minecraft source pack. The malware collects sensitive information from victims' systems, including login credentials, browser data, and cryptocurrency wallets. It employs anti-analysis techniques a…

Published: May 8, 2024

Downloadable IOCs: 23

Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server

This report examines a malware strain distributed to web servers in South Korea that redirects users to an illegal gambling site. The threat actor installed a Meterpreter backdoor, a port forwarding tool, and an IIS module malware on a compromised web server. The IIS module inspects HTTP headers an…

Published: May 8, 2024

Downloadable IOCs: 8

RemcosRAT Distributed Using Steganography

Security researchers have discovered a campaign distributing RemcosRAT through a sophisticated infection chain involving steganography techniques. The attack starts with a malicious Word document exploiting template injection, leading to the download of an RTF file that leverages an equation editor…

Published: May 8, 2024

Downloadable IOCs: 4

Click here to see more Attack Reports

Tag: 2024-05-08

Attack reports

Leveraging DNS Tunneling for Tracking and Scanning

Security Brief: Millions of Messages Distribute LockBit Black Ransomware

GoTo Meeting loads RAT via Shellcode Loader

Romance Scams Urging Investment

StopRansomware: Black Basta

Threat Actors Hack YouTube Channels to Distribute Infostealers

Malware (XMRig, OrcusRAT, etc.) disguised as MS Office crack

Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation

Profiling Trafficers: Cerberus

New Campaigns from Scattered Spider

macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge

Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Four

Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin

Tracking the Surge in Non-PE Cyber Threats

APT28 campaign against Polish government institutions

Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers

Code Emulation and Cybercrime Infrastructure Discovery

Stealer Distributed via Crafted Minecraft Source Pack

Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server

RemcosRAT Distributed Using Steganography

Vulnerabilities

CVE-2024-4393

CVE-2024-32980

CVE-2024-2746

CVE-2024-34347

CVE-2024-31156

CVE-2024-2860

CVE-2024-3507

CVE-2024-1438

CVE-2024-31270

CVE-2024-1929

CVE-2024-4436

CVE-2024-4437

CVE-2024-4438

CVE-2024-21793

CVE-2024-25560

CVE-2024-26026

CVE-2024-33608

CVE-2024-28883

CVE-2024-32049

CVE-2024-22264

CVE-2024-34553

CVE-2024-3951

CVE-2024-33612

CVE-2024-1930

CVE-2024-22266

CVE-2023-41651

CVE-2024-34573

CVE-2024-34571

CVE-2024-34572

CVE-2024-34562

CVE-2024-34563

CVE-2024-34564

CVE-2024-34566

CVE-2024-34569

CVE-2022-40218

CVE-2024-34414

CVE-2024-34547

CVE-2024-34548

CVE-2024-32761

CVE-2024-24908

CVE-2024-3494

CVE-2024-4281

CVE-2024-4653

CVE-2024-4654

CVE-2024-4418

CVE-2024-33604

CVE-2024-34574

CVE-2024-34565

CVE-2024-34568

CVE-2024-34570

CVE-2024-34546

CVE-2024-34558

CVE-2024-34560

CVE-2024-34561

CVE-2024-28889

CVE-2024-4135

CVE-2024-30459