OSINT – North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign

Event ID 1232 UUID 0e887f03-5aa2-4a7b-b0f7-66208c6c657b  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex    Date 2022-01-28 Threat Level Medium Analysis Completed Distribution All communities    Published Yes 2022-08-17 17:17:09 #Attributes 102 (11 Objects) First recorded change 2022-01-28 11:08:48 Last change 2022-01-28 11:13:31 Modification map Sightings 0 (0) – … Read more

Scraper: Malicious WhatsApp mod distributed through legitimate apps

Event ID 4526 UUID 86dec5f1-e2e0-4ab9-8511-422855d37b84  Creator org CUDESO Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags misp:tool=”misp-scraper”x osint:source-type=”blog-post”x misp:event-type=”collection”x tlp:whitex workflow:state=”complete”x    Date 2022-10-14 Threat Level Medium Analysis Completed Distribution All communities    Published Yes 2022-11-01 06:56:00 #Attributes 15 (0 Objects) First recorded change 2022-10-14 12:30:12 Last change 2022-10-14 20:54:10 Modification map Sightings 0 (0) – … Read more

Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free

Event ID 4521 UUID 761270e6-3a97-4c18-9a44-a844cb5b562b  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex osint:source-type=”blog-post”x misp-galaxy:mitre-attack-pattern=”Scheduled Task – T1053″x misp-galaxy:mitre-attack-pattern=”Standard Non-Application Layer Protocol – T1095″x misp-galaxy:ransomware=”Lorenz Ransomware”x dnc:malware-type=”Ransomware”x enisa:nefarious-activity-abuse=”ransomware”x ecsirt:malicious-code=”ransomware”x malware_classification:malware-category=”Ransomware”x veris:action:malware:variety=”Ransomware”x Ransomwarex ms-caro-malware:malware-type=”Ransom”x ms-caro-malware-full:malware-type=”Ransom”x    Date 2022-09-12 Threat Level Undefined Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:37 #Attributes 61 (18 Objects) First recorded change 2022-09-15 07:43:15 … Read more

DeftTorero: tactics, techniques and procedures of intrusions revealed

Event ID 4522 UUID 2e7a515f-c380-4915-a505-9568ccc00d22  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags osint:source-type=”technical-report”x cccs:malware_classification=”webshell”x cert-ist:malware_type=”Webshell”x type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex    Date 2022-10-03 Threat Level Undefined Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:43 #Attributes 111 (43 Objects) First recorded change 2022-10-04 12:55:01 Last change 2022-10-06 08:15:44 Modification map Sightings 0 (0) – … Read more

Buzzing in the Background: BumbleBee, a New Modular Backdoor Evolved From BookWorm

Event ID 4519 UUID 758d96ed-9dd4-4009-9270-65f2c3dd30cc  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags misp-galaxy:mitre-attack-pattern=”Bypass User Access Control – T1548.002″x type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex misp-galaxy:tool=”BumbleBee”x ecsirt:intrusions=”backdoor”x veris:action:malware:variety=”Backdoor”x ms-caro-malware:malware-type=”Backdoor”x ms-caro-malware-full:malware-type=”Backdoor”x misp-galaxy:malpedia=”Bookworm”x    Date 2022-09-02 Threat Level Medium Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:31 #Attributes 23 (4 Objects) First recorded change 2022-09-09 07:28:51 Last change 2022-10-24 09:23:30 … Read more