Tag: 2024-05-13

5 Attack Reports | 0 Vulnerabilities

Attack reports

Leveraging DNS Tunneling for Tracking and Scanning

This article presents a case study on new applications of domain name system (DNS) tunneling PaloAlto Unit42 have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes.
exploit
cobalt strike
dns query
trojan
2024-05-08
oilrig
dns tunneling
dns traffic
trkcdn campaign
alliance
attack
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Downloadable IOCs: 63

Security Brief: Millions of Messages Distribute LockBit Black Ransomware

In late April 2024, Proofpoint observed high-volume email campaigns facilitated by the Phorpiex botnet, distributing millions of messages with attachments leading to LockBit Black ransomware infections. The messages appeared to originate from 'Jenny Green' and contained ZIP attachments with executa…
ransomware
lockbit
botnet
2024-05-08
malspam
phorpiex
lockbit black
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Downloadable IOCs: 16

GoTo Meeting loads RAT via Shellcode Loader

A malicious campaign has been discovered that exploits the legitimate GoTo Meeting online conferencing software to deploy the Remcos remote access trojan (RAT). The attack chain involves utilizing lures like porn downloads, software setup files, and tax forms with Russian and English file names. It…
rat
remcos
2024-05-08
dll sideloading
shellcode
rust
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Downloadable IOCs: 17

Romance Scams Urging Investment

The report details an investigation into romance scams that exploit emotional connections to solicit money under the guise of cryptocurrency investments. Perpetrators pose as potential romantic partners or friends to gain trust and eventually introduce victims to fake cryptocurrency exchanges desig…
phishing
social engineering
impersonation
cryptocurrency
2024-05-08
scam
fraud
romance
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Downloadable IOCs: 3

StopRansomware: Black Basta

This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Publ…
phishing
ransomware
exfiltration
encryption
2024-05-08
qakbot
qbot
CVE-2020-1472
quackbot
pinkslipbot
CVE-2024-1709
healthcare
CVE-2021-34527
CVE-2021-42278
CVE-2021-42287
2024-05-09
2024-05-10
2024-05-13
Published: May 13, 2024
Linked vulnerabilities : CVE-2021-42287, CVE-2021-42278, CVE-2024-1709, CVE-2021-34527, CVE-2020-1472
Downloadable IOCs: 174
Click here to see more Attack Reports