Powered by Threat Labs

Autonomous Threat Sweeper

Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.

Latest ATS Entries

All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.

2022-05-23
Emotet getting distributed through Link Files
Low
+
Intel Source:
ASEC
Intel Name:
Emotet getting distributed through Link Files
Date of Scan:
2022-05-23
Impact:
Low
Summary:
ASEC researchers recently discovered Emotet getting distributed through various files including Link Files.
Source: https://asec.ahnlab.com/en/34556/
2022-05-23
XorDdos_targeting_Linux_devices
Medium
+
Intel Source:
Microsoft
Intel Name:
XorDdos_targeting_Linux_devices
Date of Scan:
2022-05-23
Impact:
Medium
Summary:
Microsoft researchers saw and 254% increase in activity of a stealthy and modular malware which is used to hack into Linux devices and build a DDoS botnet. The malware is called XorDDoS.
Source: https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
2022-05-23
Vidar_Malware_distributed_through_fake_Windows11_downloads
Low
+
Intel Source:
Zscaler
Intel Name:
Vidar_Malware_distributed_through_fake_Windows11_downloads
Date of Scan:
2022-05-23
Impact:
Low
Summary:
Researchers from Zscalers came across fraudulent domains masquerading as Microsoft's Windows 11 download portal which are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware.
Source: https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing
2022-05-23
Supply_Chain_Attack_targets_GitLab_CI_Pipelines
Medium
+
Intel Source:
SentinelOne
Intel Name:
Supply_Chain_Attack_targets_GitLab_CI_Pipelines
Date of Scan:
2022-05-23
Impact:
Medium
Summary:
Researchers from SentinelLabs identified a software chain supply attack targeting Rust developers with malware aimed directly at infecting GitLab Continuous Integration (CI) pipelines. The campaign has been dubbed as CrateDepression.
Source: https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/
2022-05-20
All_about_ITG23_Crypters
Medium
+
Intel Source:
Security Intelligence
Intel Name:
All_about_ITG23_Crypters
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
IBM X-Force researchers analyzed thirteen crypters that have all been used with malware built or operated by ITG23 internal teams or third-party distributors — including Trickbot, BazarLoader, Conti, and Colibri.
Source: https://securityintelligence.com/posts/itg23-crypters-cooperation-between-cybercriminal-groups/
2022-05-20
BumbleBee_Malware_getting_delivered_via_TransferXL_Urls
Low
+
Intel Source:
ISC.SANS
Intel Name:
BumbleBee_Malware_getting_delivered_via_TransferXL_Urls
Date of Scan:
2022-05-20
Impact:
Low
Summary:
Researchers at ISC.SANS were able to relate Bumblebee malware with EXOTIC LILY threat actor, as they saw usage of active TransferXL URLs delivering ISO files for Bumblebee malware.
Source: https://isc.sans.edu/diary/rss/28664
2022-05-20
Chinese_Threat_group_Space_Pirates_targets_Russian_Aerospace_Firms
Medium
+
Intel Source:
PtSecurity
Intel Name:
Chinese_Threat_group_Space_Pirates_targets_Russian_Aerospace_Firms
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
Analysts at Positive Technologies came across a previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems. They have dubbed the threat actor Space Pirates.
Source: https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/#id5-2
2022-05-20
Threat_Actors_exploiting_VMware_vulnerability
Medium
+
Intel Source:
CISA
Intel Name:
Threat_Actors_exploiting_VMware_vulnerability
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
CISA released an advisory to warn organizations about threat actors exploiting unpatched VMware vulnerabilities. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-138b
2022-05-20
Lazarus_Group_Exploiting_Log4Shell_Vulnerability
Medium
+
Intel Source:
Asec
Intel Name:
Lazarus_Group_Exploiting_Log4Shell_Vulnerability
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
Researchers from ASEC discovered Lazarus group distributing NukeSped by exploiting Log4Shell vulnerability. The threat actor used the log4j vulnerability on VMware Horizon products that were not applied with the security patch.
Source: https://asec.ahnlab.com/en/34461/
2022-05-20
Latest_APT_C_24_SideWinder_Rattlesnake_attack_activity
Medium
+
Intel Source:
WeiXin
Intel Name:
Latest_APT_C_24_SideWinder_Rattlesnake_attack_activity
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
Researchers from 360 Threat Intelligence Center came across an attack activity launched by APT-C-24/Sidewinder in which the threat actor has come up with New TTP.
Source: https://mp-weixin-qq-com.translate.goog/s/qsGxZIiTsuI7o-_XmiHLHg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en

 

Threat Content

Shared Security Content on Sigma

Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.

Threats from the Wild

Learn key technical insights into the latest MFA bypass attacks carried out by malicious threat actors in the wild

What's New from Securonix Blog

  • Blog
    Securonix Threat Labs Initial Coverage Advisory: BPFDoor Global Surveillance Tool Detection and Analysis
    Learn More
  • Blog
    Securonix Threat Labs Initial Coverage Advisory: F5 BIG-IP Vulnerability (CVE-2022-1388) Detection Using Security Analytics
    Learn More
  • Blog
    Securonix Threat Labs Monthly Intelligence Insights – April
    Learn More

Threat Labs Archives

  • Threat Research