4-Prong Approach to Security
Securonix Threat Labs helps your team fend off rising threats by bringing the industry’s brightest minds together to equip you with the latest countermeasures and best practices.
Powered by Threat Labs
Autonomous Threat Sweeper
Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.
Latest ATS Entries
All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.
Threat_Actors_exploiting_VMware_vulnerability
Medium
+
—
- Intel Source:
- CISA
- Intel Name:
- Threat_Actors_exploiting_VMware_vulnerability
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- CISA released an advisory to warn organizations about threat actors exploiting unpatched VMware vulnerabilities. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
All_about_ITG23_Crypters
Medium
+
—
- Intel Source:
- Security Intelligence
- Intel Name:
- All_about_ITG23_Crypters
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- IBM X-Force researchers analyzed thirteen crypters that have all been used with malware built or operated by ITG23 internal teams or third-party distributors — including Trickbot, BazarLoader, Conti, and Colibri.
BumbleBee_Malware_getting_delivered_via_TransferXL_Urls
Low
+
—
- Intel Source:
- ISC.SANS
- Intel Name:
- BumbleBee_Malware_getting_delivered_via_TransferXL_Urls
- Date of Scan:
- 2022-05-20
- Impact:
- Low
- Summary:
- Researchers at ISC.SANS were able to relate Bumblebee malware with EXOTIC LILY threat actor, as they saw usage of active TransferXL URLs delivering ISO files for Bumblebee malware.
Chinese_Threat_group_Space_Pirates_targets_Russian_Aerospace_Firms
Medium
+
—
- Intel Source:
- PtSecurity
- Intel Name:
- Chinese_Threat_group_Space_Pirates_targets_Russian_Aerospace_Firms
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- Analysts at Positive Technologies came across a previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems. They have dubbed the threat actor Space Pirates.
Latest_APT_C_24_SideWinder_Rattlesnake_attack_activity
Medium
+
—
- Intel Source:
- WeiXin
- Intel Name:
- Latest_APT_C_24_SideWinder_Rattlesnake_attack_activity
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- Researchers from 360 Threat Intelligence Center came across an attack activity launched by APT-C-24/Sidewinder in which the threat actor has come up with New TTP.
Lazarus_Group_Exploiting_Log4Shell_Vulnerability
Medium
+
—
- Intel Source:
- Asec
- Intel Name:
- Lazarus_Group_Exploiting_Log4Shell_Vulnerability
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- Researchers from ASEC discovered Lazarus group distributing NukeSped by exploiting Log4Shell vulnerability. The threat actor used the log4j vulnerability on VMware Horizon products that were not applied with the security patch.
VMware_Bugs_Abused_to_Deliver_Mirai
Medium
+
—
- Intel Source:
- Barracuda
- Intel Name:
- VMware_Bugs_Abused_to_Deliver_Mirai
- Date of Scan:
- 2022-05-19
- Impact:
- Medium
- Summary:
- Researchers from Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and CVE-2022-22960. Mirai was getting delivered by abusing the VMware Bug.
Threat Actors targets US Business Online Checkout Page
Medium
+
—
- Intel Source:
- Palo Alto
- Intel Name:
- Threat Actors targets US Business Online Checkout Page
- Date of Scan:
- 2022-05-19
- Impact:
- Medium
- Summary:
- Researchers from Palo Alto Networks documented the background on Emotet, its activity since november 2021 and ending with January 2022.
Emotet_The_journey
Medium
+
—
- Intel Source:
- Palo Alto
- Intel Name:
- Emotet_The_journey
- Date of Scan:
- 2022-05-19
- Impact:
- Medium
- Summary:
- Researchers from Palo Alto Networks documented the background on Emotet, its activity since november 2021 and ending with January 2022.
Uncovering_Kingminer_Botnet_Attack
Low
+
—
- Intel Source:
- Trend Micro
- Intel Name:
- Uncovering_Kingminer_Botnet_Attack
- Date of Scan:
- 2022-05-18
- Impact:
- Low
- Summary:
- Researchers from Trend Micro details about the TTPs of the Kinginer Botnet. In 2020 threat actors deployed Kingminer to target SQL servers for cryptocurrency mining.
Threat Content
Shared Security Content on Sigma
Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.
What's New from Securonix Blog
-
BlogSecuronix Threat Labs Initial Coverage Advisory: BPFDoor Global Surveillance Tool Detection and AnalysisLearn More
-
BlogSecuronix Threat Labs Initial Coverage Advisory: F5 BIG-IP Vulnerability (CVE-2022-1388) Detection Using Security AnalyticsLearn More