OSINT – North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign

Event ID 1232 UUID 0e887f03-5aa2-4a7b-b0f7-66208c6c657b  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex    Date 2022-01-28 Threat Level Medium Analysis Completed Distribution All communities    Published Yes 2022-08-17 17:17:09 #Attributes 102 (11 Objects) First recorded change 2022-01-28 11:08:48 Last change 2022-01-28 11:13:31 Modification map Sightings 0 (0) – … Read more

Scraper: Malicious WhatsApp mod distributed through legitimate apps

Event ID 4526 UUID 86dec5f1-e2e0-4ab9-8511-422855d37b84  Creator org CUDESO Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags misp:tool=”misp-scraper”x osint:source-type=”blog-post”x misp:event-type=”collection”x tlp:whitex workflow:state=”complete”x    Date 2022-10-14 Threat Level Medium Analysis Completed Distribution All communities    Published Yes 2022-11-01 06:56:00 #Attributes 15 (0 Objects) First recorded change 2022-10-14 12:30:12 Last change 2022-10-14 20:54:10 Modification map Sightings 0 (0) – … Read more

[TLP:WHITE] Joint CSA: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector

Event ID 4516 UUID 704d14e0-3a68-46a2-9b20-88a781463250  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex misp-galaxy:malpedia=”Maui Ransomware”x target:healthcarex dnc:malware-type=”Ransomware”x enisa:nefarious-activity-abuse=”ransomware”x ecsirt:malicious-code=”ransomware”x malware_classification:malware-category=”Ransomware”x veris:action:malware:variety=”Ransomware”x Ransomwarex ms-caro-malware:malware-type=”Ransom”x ms-caro-malware-full:malware-type=”Ransom”x    Date 2022-07-06 Threat Level High Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:19 #Attributes 27 (6 Objects) First recorded change 2022-07-08 12:10:34 Last change 2022-10-27 08:45:31 Modification map Sightings 0 (0) … Read more

2019-01-28: APT28 XTunnel Backdoor

Event ID 1040 UUID 5c500809-453c-4245-83e1-435c950d210f  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags misp-galaxy:mitre-enterprise-attack-intrusion-set=”APT28″x misp-galaxy:mitre-enterprise-attack-relationship=”APT28 (G0007) uses XTunnel (S0117)”x misp-galaxy:mitre-enterprise-attack-relationship=”APT28 uses XTunnel”x misp-galaxy:mitre-intrusion-set=”APT28″x misp-galaxy:mitre-mobile-attack-intrusion-set=”APT28″x misp-galaxy:mitre-enterprise-attack-malware=”XTunnel”x misp-galaxy:mitre-malware=”XTunnel”x ecsirt:intrusions=”backdoor”x veris:action:malware:variety=”Backdoor”x ms-caro-malware:malware-type=”Backdoor”x ms-caro-malware-full:malware-type=”Backdoor”x type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex osint:source-type=”microblog-post”x    Date 2019-01-29 Threat Level Low Analysis Initial Distribution All communities    Published Yes 2022-08-17 16:57:52 #Attributes 20 (5 Objects) First recorded change 2019-01-29 08:37:40 Last change 2019-01-29 … Read more