Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134

Event ID 4520 UUID d4766c50-0269-4cda-acea-850ea4fdb198  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex osint:source-type=”blog-post”x misp-galaxy:cryptominers=”Hezb”x misp-galaxy:threat-actor=”Hezb”x misp-galaxy:botnet=”Dark.IoT”x malware_classification:malware-category=”Botnet”x    Date 2022-06-22 Threat Level Undefined Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:33 #Attributes 18 (6 Objects) First recorded change 2022-09-13 11:46:36 Last change 2022-10-24 09:46:38 Modification map Sightings 0 (0) – … Read more

[TLP:WHITE] Joint CSA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

Event ID 4516 UUID 704d14e0-3a68-46a2-9b20-88a781463250  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex misp-galaxy:malpedia=”Maui Ransomware”x target:healthcarex dnc:malware-type=”Ransomware”x enisa:nefarious-activity-abuse=”ransomware”x ecsirt:malicious-code=”ransomware”x malware_classification:malware-category=”Ransomware”x veris:action:malware:variety=”Ransomware”x Ransomwarex ms-caro-malware:malware-type=”Ransom”x ms-caro-malware-full:malware-type=”Ransom”x    Date 2022-07-06 Threat Level High Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:19 #Attributes 27 (6 Objects) First recorded change 2022-07-08 12:10:34 Last change 2022-10-27 08:45:31 Modification map Sightings 0 (0) … Read more

2019-01-28: APT28 XTunnel Backdoor

Event ID 1040 UUID 5c500809-453c-4245-83e1-435c950d210f  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags misp-galaxy:mitre-enterprise-attack-intrusion-set=”APT28″x misp-galaxy:mitre-enterprise-attack-relationship=”APT28 (G0007) uses XTunnel (S0117)”x misp-galaxy:mitre-enterprise-attack-relationship=”APT28 uses XTunnel”x misp-galaxy:mitre-intrusion-set=”APT28″x misp-galaxy:mitre-mobile-attack-intrusion-set=”APT28″x misp-galaxy:mitre-enterprise-attack-malware=”XTunnel”x misp-galaxy:mitre-malware=”XTunnel”x ecsirt:intrusions=”backdoor”x veris:action:malware:variety=”Backdoor”x ms-caro-malware:malware-type=”Backdoor”x ms-caro-malware-full:malware-type=”Backdoor”x type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex osint:source-type=”microblog-post”x    Date 2019-01-29 Threat Level Low Analysis Initial Distribution All communities    Published Yes 2022-08-17 16:57:52 #Attributes 20 (5 Objects) First recorded change 2019-01-29 08:37:40 Last change 2019-01-29 … Read more

“Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers

Event ID 1459 UUID 3ada8ae4-a7bd-4732-ad66-0ff8fc0f80f5  Creator org CUDESO Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags tlp:whitex    Date 2021-02-01 Threat Level Low Analysis Completed Distribution All communities    Published Yes 2022-08-17 17:20:34 #Attributes 31 (0 Objects) First recorded change 2021-02-01 16:57:25 Last change 2021-02-01 17:02:22 Modification map Sightings 0 (0) – … Read more