Powered by Threat Labs

Autonomous Threat Sweeper

Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.

Latest ATS Entries

All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.

2022-09-30
LockBit_3_0_aka_LockBit_Black
MEDIUM
+
Intel Source:
Multiple
Intel Name:
LockBit_3_0_aka_LockBit_Black
Date of Scan:
2022-09-30
Impact:
MEDIUM
Summary:
Researchers have analyzed the LockBit and identified it is back with LockBit 3.0
Source: https://docs.google.com/spreadsheets/d/1Now95XPSkvEiCJy5H5iqgTDKi_ATZeBY_PhnxSUhWl8/edit#gid=0
2022-09-30
Hackers_using_Quantum_Builder_to_deliver_Agent_Tesla_RAT
LOW
+
Intel Source:
Zscaler
Intel Name:
Hackers_using_Quantum_Builder_to_deliver_Agent_Tesla_RAT
Date of Scan:
2022-09-30
Impact:
LOW
Summary:
Zscaler ThreatLabz researchers have observed a campaign that delivers Agent Tesla, a .NET-based keylogger and remote access trojan (RAT), using a builder named “Quantum Builder” sold on the dark web.
Source: https://www.zscaler.com/blogs/security-research/agent-tesla-rat-delivered-quantum-builder-new-ttps
2022-09-30
Polyglot_File_Delivering_IcedID
LOW
+
Intel Source:
Palo Alto
Intel Name:
Polyglot_File_Delivering_IcedID
Date of Scan:
2022-09-30
Impact:
LOW
Summary:
PaloAlto researchers have observed a polyglot Microsoft Compiled HTML Help file being employed in the infection process used by the information stealer IcedID.
Source: https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload/
2022-09-30
New_Malware_Variants_Deliver_Fake_Cloudflare_DDoS_Captcha
LOW
+
Intel Source:
Sucuri
Intel Name:
New_Malware_Variants_Deliver_Fake_Cloudflare_DDoS_Captcha
Date of Scan:
2022-09-30
Impact:
LOW
Summary:
Researchers from Sucuri have identified the user is prompted with a bogus Cloudflare DDoS protection screen, but in this new wave, they observed a fake CAPTCHA dialog masquerading as the popular Cloudflare service.
Source: https://blog.sucuri.net/2022/09/new-malware-variants-serve-bogus-cloudflare-ddos-captcha.html
2022-09-30
Finding_APTs_using_Unsigned_DLLs_Loader
MEDIUM
+
Intel Source:
Palo Alto
Intel Name:
Finding_APTs_using_Unsigned_DLLs_Loader
Date of Scan:
2022-09-30
Impact:
MEDIUM
Summary:
PaloAlto researchers have observed a method called "unsigned DLL loading" which is the technique to evade detection and execute more sophisticated attacks.
Source: https://unit42.paloaltonetworks.com/unsigned-dlls/
2022-09-30
The_examination_of_Wiper_Malware_Part_3
LOW
+
Intel Source:
Crowdstrike
Intel Name:
The_examination_of_Wiper_Malware_Part_3
Date of Scan:
2022-09-30
Impact:
LOW
Summary:
Researchers from CrowdStrike have covered various input/output controls (IOCTLs) in more detail and how they are used to achieve different goals — including acquiring information about infected machines and locking/unlocking disk volumes, among others.
Source: https://www.crowdstrike.com/blog/the-anatomy-of-wiper-malware-part-3/
2022-09-30
A_new_Cobalt_Strike_payload_campaign
MEDIUM
+
Intel Source:
Cisco Talos
Intel Name:
A_new_Cobalt_Strike_payload_campaign
Date of Scan:
2022-09-30
Impact:
MEDIUM
Summary:
Researchers from Cisco have discovered a campaign that is delivering Cobalt Strike beacons that could be used in later, follow-on attacks.
Source: https://blog.talosintelligence.com/2022/09/new-campaign-uses-government-union.html
2022-09-30
Detecting_and_Removing_Malicious_Software_Masquerading_as_Doenerium_Stealer
LOW
+
Intel Source:
Cyble
Intel Name:
Detecting_and_Removing_Malicious_Software_Masquerading_as_Doenerium_Stealer
Date of Scan:
2022-09-30
Impact:
LOW
Summary:
A spear phishing email campaign targeting Office365 users hve observed by Cyble researchers. The same domain has also been onserved hosting several other malware variants, such as Doenerium stealer.
Source: https://blog.cyble.com/2022/09/28/new-information-stealer-targeting-crypto-wallets/
2022-09-29
Void_Balaur_hack_for_hire_campaigns
MEDIUM
+
Intel Source:
SentinelOne
Intel Name:
Void_Balaur_hack_for_hire_campaigns
Date of Scan:
2022-09-29
Impact:
MEDIUM
Summary:
SentinelOne researchers have observed the cyber mercenary group known as Void Balaur continues to expand its hack-for-hire campaigns and targeting of a wide variety of individuals and organizations across the globe.
Source: https://www.sentinelone.com/labs/the-sprawling-infrastructure-of-a-careless-mercenary/
2022-09-29
LockBit_3_0_Ransomware_Spreading_via_Word_Documents
LOW
+
Intel Source:
ASEC
Intel Name:
LockBit_3_0_Ransomware_Spreading_via_Word_Documents
Date of Scan:
2022-09-29
Impact:
LOW
Summary:
ASEC researchers have identified that LockBit 3.0 ransomware distributed while disguised as job application emails in NSIS format is also being distributed in Word document format.
Source: https://asec.ahnlab.com/en/39242/ https://asec.ahnlab.com/en/39259/

 

Threat Content

Shared Security Content on Sigma

Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.

Why Security Content Matters

Learn how Securonix is paving the way to make precise, and actionable security content a reality for our customers.

What's New from Threat Labs

  • Blog
    Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
    Learn More
  • Video
    Behind the Scenes with Securonix Threat Labs
    Learn More
  • Blog
    Securonix Threat Labs Monthly Intelligence Insights – August
    Learn More

Threat Labs Archives

  • Threat Research