Powered by Threat Labs

Autonomous Threat Sweeper

Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.

Latest ATS Entries

All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.

2022-07-01
Countering_hack_for_hire_attacker_groups
LOW
+
Intel Source:
Google blog
Intel Name:
Countering_hack_for_hire_attacker_groups
Date of Scan:
2022-07-01
Impact:
LOW
Summary:
Google's Threat Analysis Group (TAG) on Thursday released that they blocked as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. It has been seen hack-for-hire groups target human rights and political activists, journalists, and other high-risk users around the world, putting their privacy, safety and security at risk.
Source: https://blog.google/threat-analysis-group/countering-hack-for-hire-groups/
2022-07-01
PennyWise_Infostealer_leveraging_YouTube_to_infect_users
LOW
+
Intel Source:
Cyble
Intel Name:
PennyWise_Infostealer_leveraging_YouTube_to_infect_users
Date of Scan:
2022-07-01
Impact:
LOW
Summary:
Threat Hunters by exercising they discovered, a new stealer named “PennyWise”.The stealer appears to have been developed recently. The investigation indicated that the stealer is an emerging threat and the researchers witnessed multiple samples of this stealer active in the wild.
Source: https://blog.cyble.com/2022/06/30/infostealer/
2022-06-30
Black_Basta_Ransomware_gang_added_Qakbot_and_PrintNightmare_Exploit_to_their_Arsenal
MEDIUM
+
Intel Source:
Trend Micro
Intel Name:
Black_Basta_Ransomware_gang_added_Qakbot_and_PrintNightmare_Exploit_to_their_Arsenal
Date of Scan:
2022-06-30
Impact:
MEDIUM
Summary:
Researchers at Trend Micro identified Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations.
Source: https://www.trendmicro.com/en_us/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html
2022-06-30
Raccoon_Stealer_v2
LOW
+
Intel Source:
Sekoia
Intel Name:
Raccoon_Stealer_v2
Date of Scan:
2022-06-30
Impact:
LOW
Summary:
It was observed by reserachers this weekthey that cyber criminals using a new and improved version of the productive malware Raccoon Stealer that was barely three months after its authors announced they were quitting.
Source: https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/
2022-06-30
New_ZuoRAT_malware_targets_SOHO_router
LOW
+
Intel Source:
Lumen blog
Intel Name:
New_ZuoRAT_malware_targets_SOHO_router
Date of Scan:
2022-06-30
Impact:
LOW
Summary:
Black Lotus Labs, the threat intelligence arm of Lumen Technologies has identified and tracking the details of a new and sophisticated multistage remote access trojan (RAT) that leveraging infected SOHO routers to target predominantly North American and European networks of interest. This trojan grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold.
Source: https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/ https://github.com/blacklotuslabs/IOCs/blob/main/ZuoRAT_IoCs.txt
2022-06-30
Emotet_still_abusing_Microsoft_Office_Macros
MEDIUM
+
Intel Source:
NetSkope
Intel Name:
Emotet_still_abusing_Microsoft_Office_Macros
Date of Scan:
2022-06-30
Impact:
MEDIUM
Summary:
Researchers at Netskope Threat Labs has analysed campaign where Emotet is still being executed using malicious Mircosoft office documents. Despite the protection Microsoft released in 2022 to prevent the execution of Excel 4.0 (XLM) macros, this attack is still feasible against users who are using outdated versions of Office.
Source: https://www.netskope.com/blog/emotet-still-abusing-microsoft-office-macros https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Emotet/2022-06-24
2022-06-29
Ukraine_targeted_by_Dark_Crystal_RAT_or_DCRat
LOW
+
Intel Source:
Fortinet
Intel Name:
Ukraine_targeted_by_Dark_Crystal_RAT_or_DCRat
Date of Scan:
2022-06-29
Impact:
LOW
Summary:
Researchers at FortiGuard Labs came across another file that was likely used in the attack campaign described by CERT-UA. However, the date of the file submission to VirusTotal, and the location of the submission being Ukraine. The new file however is in Excel (xlsx) format and contains malicious macros instead of the docx format and exploitation of CVE-2022-30190 (Follina).
Source: https://www.fortinet.com/blog/threat-research/ukraine-targeted-by-dark-crystal-rat
2022-06-29
AstraLocker_2.0_Ransomware_distributed_from_Microsoft_Word_files
MEDIUM
+
Intel Source:
ReversingLabs
Intel Name:
AstraLocker_2.0_Ransomware_distributed_from_Microsoft_Word_files
Date of Scan:
2022-06-29
Impact:
MEDIUM
Summary:
Researchers at ReversingLabs has discovered a new version of the AstraLocker ransomware (AstraLocker 2.0) that was being distributed directly from Microsoft Office files used as bait in phishing attacks.
Source: https://blog.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs
2022-06-28
Evilnum_APT_returns_with_new_Threat_and_TTPs
MEDIUM
+
Intel Source:
Zscaler
Intel Name:
Evilnum_APT_returns_with_new_Threat_and_TTPs
Date of Scan:
2022-06-28
Impact:
MEDIUM
Summary:
Researchers from Zscaler have been tracking Evilnum APT group since starting of 2022 and have seen this time with a newer target list and TTPs.The main distribution vector used by this threat group was Windows Shortcut files (LNK) sent inside malicious archive files (ZIP) as email attachments in spear phishing emails to the victims.
Source: https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets
2022-06-28
Software_Cracks_Distributing_Recordbreaker_Stealer
LOW
+
Intel Source:
ASEC
Intel Name:
Software_Cracks_Distributing_Recordbreaker_Stealer
Date of Scan:
2022-06-28
Impact:
LOW
Summary:
ASEC Research Team has analysed
Source: https://asec.ahnlab.com/en/35981/

 

Threat Content

Shared Security Content on Sigma

Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.

Threats from the Wild

Learn key technical insights into the latest MFA bypass attacks carried out by malicious threat actors in the wild

What's New from Threat Labs

  • Blog
    Securonix Threat Labs Initial Coverage Advisory: Detecting Microsoft MSDT “DogWalk” .diagcab 0-Day Using Securonix
    Learn More
  • Video
    The Power of Data Science and TTPs
    Learn More
  • Video
    Security Operations Should Collaborate
    Learn More

Threat Labs Archives

  • Threat Research