DeftTorero: tactics, techniques and procedures of intrusions revealed

Event ID 4522 UUID 2e7a515f-c380-4915-a505-9568ccc00d22  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags osint:source-type=”technical-report”x cccs:malware_classification=”webshell”x cert-ist:malware_type=”Webshell”x type:OSINTx osint:lifetime=”perpetual”x osint:certainty=”50″x tlp:whitex    Date 2022-10-03 Threat Level Undefined Analysis Initial Distribution All communities    Published Yes 2022-11-01 06:55:43 #Attributes 111 (43 Objects) First recorded change 2022-10-04 12:55:01 Last change 2022-10-06 08:15:44 Modification map Sightings 0 (0) – … Read more

Back in Black: Unlocking a LockBit 3.0 Ransomware Attack

Event ID 1525 UUID 095c4227-2a9e-45da-9268-cec186be53b1  Creator org CUDESO Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags tlp:whitex    Date 2022-08-21 Threat Level High Analysis Completed Distribution All communities    Published Yes 2022-08-23 08:13:20 #Attributes 14 (1 Object) First recorded change 2022-08-21 17:55:30 Last change 2022-08-21 18:03:12 Modification map Sightings 0 (0) – … Read more

THREAT ANALYSIS REPORT: Ragnar Locker Ransomware Targeting the Energy Sector

Event ID 1532 UUID 8dbeaaac-a671-4a02-8dab-5eec2a1c935b  Creator org CUDESO Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags misp:tool=”misp-scraper”x osint:source-type=”blog-post”x misp:event-type=”collection”x workflow:state=”complete”x tlp:whitex    Date 2022-09-12 Threat Level Medium Analysis Completed Distribution All communities    Published Yes 2022-09-21 19:38:18 #Attributes 47 (1 Object) First recorded change 2022-09-12 12:14:46 Last change 2022-09-12 14:08:17 Modification map Sightings 0 (0) – … Read more

Dissecting PlugX to Extract Its Crown Jewels APT RAT Malware Backdoor Yara Rules IoCs LEVIATHAN

Leviathan is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry of State Security’s (MSS) Hainan State Security Department and an affiliated front company.[1] Active since at least 2009, Leviathan has targeted the following sectors: academia, aerospace/aviation, biomedical, defense industrial base, government, healthcare, manufacturing, maritime, and transportation across the US, Canada, Europe, the Middle East, … Read more

Hezb cryptomining malware with IoCs Hashes IPs Domain Names

Event ID 1530 UUID 7360197a-48e6-4792-b7c6-5d616d5c79c9  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags maec-malware-behavior:maec-malware-behavior=”mine-for-cryptocurrency”x tlp:whitex misp-galaxy:threat-actor=”Hezb”x estimative-language:confidence-in-analytic-judgment=”high”x estimative-language:likelihood-probability=”almost-certain”x admiralty-scale:information-credibility=”1″x    Date 2022-09-12 Threat Level Medium Analysis Initial Distribution All communities    Published Yes 2022-10-03 17:43:24 #Attributes 615 (65 Objects) First recorded change 2022-09-12 12:43:58 Last change 2022-10-03 17:43:24 Modification map Sightings 0 (0) – … Read more