Powered by Threat Labs

Autonomous Threat Sweeper

Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.

Latest ATS Entries

All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.

2023-02-01
An_Email_Specific_Phishing_Page
LOW
+
Intel Source:
ASEC
Intel Name:
An_Email_Specific_Phishing_Page
Date of Scan:
2023-02-01
Impact:
LOW
Summary:
ASEC researchers have identified multiple phishing emails that are distributed with a changing icon to reflect the mail account service entered by the user and send a warning that their account will be shut down, prompting them to click the ‘Reactivate Now’ link if they need their account kept active.
Source: https://asec.ahnlab.com/en/46786/
2023-02-01
New_Version_of_Nevada_Ransomware
MEDIUM
+
Intel Source:
Resecurity
Intel Name:
New_Version_of_Nevada_Ransomware
Date of Scan:
2023-02-01
Impact:
MEDIUM
Summary:
Resecurity researchers have identified a new version of Nevada Ransomware which recently emerged on the Dark Web right before the start of 2023. The actors behind this new project have an affiliate platform first introduced on the RAMP underground community, which is known for initial access brokers (IABs) and other cybercriminal actors and ransomware groups.
Source: https://resecurity.com/blog/article/nevada-ransomware-waiting-for-the-next-dark-web-jackpot
2023-02-01
Google_Ads_Targeting_Password_Manager
LOW
+
Intel Source:
Malwarebytes
Intel Name:
Google_Ads_Targeting_Password_Manager
Date of Scan:
2023-02-01
Impact:
LOW
Summary:
Researchers from Malwarebytes have identified a new malvertising campaign that makes use of Google Ads to target users looking for password managers.
Source: https://www.malwarebytes.com/blog/threat-intelligence/2023/01/google-sponsored-ads-malvertising-targets-password-manager
2023-02-01
TZW_Ransomware_Distributing_in_Korea
LOW
+
Intel Source:
ASEC
Intel Name:
TZW_Ransomware_Distributing_in_Korea
Date of Scan:
2023-02-01
Impact:
LOW
Summary:
ASEC researchers have discovered the distribution of the TZW ransomware, which encrypts files before adding the “TZW” file extension to the original extension.
Source: https://asec.ahnlab.com/en/46812/
2023-02-01
Malware_Packer_TrickGate_Using_by_Several_Malware_to_Evade_Detection
LOW
+
Intel Source:
Checkpoint
Intel Name:
Malware_Packer_TrickGate_Using_by_Several_Malware_to_Evade_Detection
Date of Scan:
2023-02-01
Impact:
LOW
Summary:
Researchers from Checkpoint have identified a shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years.
Source: https://research.checkpoint.com/2023/following-the-scent-of-trickgate-6-year-old-packer-used-to-deploy-the-most-wanted-malware/
2023-02-01
An_ongoing_phishing_campaign_that_impersonates_Southwest_Airlines
LOW
+
Intel Source:
Inky
Intel Name:
An_ongoing_phishing_campaign_that_impersonates_Southwest_Airlines
Date of Scan:
2023-02-01
Impact:
LOW
Summary:
Last December, INKY observed and detected an ongoing phishing campaign that impersonates Southwest Airlines. Phishing emails are being sent from newly created domains, set up explicitly for these attacks.
Source: https://www.inky.com/en/blog/fresh-phish-southwests-flying-phish-takes-off-with-your-credentials
2023-02-01
The_Analysis_of_Cryptojacks_System_to_Mine_for_Monero_Crypto
LOW
+
Intel Source:
Fortinet
Intel Name:
The_Analysis_of_Cryptojacks_System_to_Mine_for_Monero_Crypto
Date of Scan:
2023-02-01
Impact:
LOW
Summary:
Fortinet researchers have analyzed the crypto miner software that is delivering via the Excel document and executing it on the victim device.
Source: https://www.fortinet.com/blog/threat-research/malicious-code-cryptojacks-device-to-mine-for-monero-crypto?&web_view=true
2023-02-01
NikoWiper_Malware_Targeting_Ukraine_Energy_Sector
LOW
+
Intel Source:
Welivesecurity
Intel Name:
NikoWiper_Malware_Targeting_Ukraine_Energy_Sector
Date of Scan:
2023-02-01
Impact:
LOW
Summary:
ESET researchers have analyzed the activities of selected APT groups and identified the Russia-affiliated Sandworm using another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine.
Source: https://www.welivesecurity.com/wp-content/uploads/2023/01/eset_apt_activity_report_t32022.pdf
2023-02-01
The_Similarities_Between_Abraham_s_Ax_and_Moses_Staff_Group
LOW
+
Intel Source:
Secureworks
Intel Name:
The_Similarities_Between_Abraham_s_Ax_and_Moses_Staff_Group
Date of Scan:
2023-02-01
Impact:
LOW
Summary:
Researchers from SecureWorks have analyzed the similarities between the Moses Staff hacktivist group persona that emerged in September 2021 and the Abraham's Ax persona that emerged in November 2022.
Source: https://www.secureworks.com/blog/abrahams-ax-likely-linked-to-moses-staff
2023-02-01
Phishing_Emails_Circulating_With_Requests_for_Product_Quotation
LOW
+
Intel Source:
ASEC
Intel Name:
Phishing_Emails_Circulating_With_Requests_for_Product_Quotation
Date of Scan:
2023-02-01
Impact:
LOW
Summary:
Researchers from ASEC have identified phishing emails with content related to requests for product quotations. These phishing emails are all disguised to seem as if they were sent by a manager with a high position, such as the team leader or department director of production companies or foundries, and were also .html and .htm attachments.
Source: https://asec.ahnlab.com/en/46199/

 

Threat Content

Shared Security Content on Sigma

Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.

Why Security Content Matters

Learn how Securonix is paving the way to make precise, and actionable security content a reality for our customers.

What's New from Threat Labs

  • Blog
    Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection
    Learn More
  • Blog
    Detecting Python-Based PY#RATION Attack Campaign with Securonix
    Learn More
  • Blog
    Securonix 2022 Threat Report, Part 3: Detecting Ransomware
    Learn More

Threat Labs Archives

  • Threat Research