
Powered by Threat Labs
Autonomous Threat Sweeper
Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.
Latest ATS Entries
All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.
Countering_hack_for_hire_attacker_groups
LOW
+
—
- Intel Source:
- Google blog
- Intel Name:
- Countering_hack_for_hire_attacker_groups
- Date of Scan:
- 2022-07-01
- Impact:
- LOW
- Summary:
- Google's Threat Analysis Group (TAG) on Thursday released that they blocked as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. It has been seen hack-for-hire groups target human rights and political activists, journalists, and other high-risk users around the world, putting their privacy, safety and security at risk.
PennyWise_Infostealer_leveraging_YouTube_to_infect_users
LOW
+
—
- Intel Source:
- Cyble
- Intel Name:
- PennyWise_Infostealer_leveraging_YouTube_to_infect_users
- Date of Scan:
- 2022-07-01
- Impact:
- LOW
- Summary:
- Threat Hunters by exercising they discovered, a new stealer named “PennyWise”.The stealer appears to have been developed recently. The investigation indicated that the stealer is an emerging threat and the researchers witnessed multiple samples of this stealer active in the wild.
Black_Basta_Ransomware_gang_added_Qakbot_and_PrintNightmare_Exploit_to_their_Arsenal
MEDIUM
+
—
- Intel Source:
- Trend Micro
- Intel Name:
- Black_Basta_Ransomware_gang_added_Qakbot_and_PrintNightmare_Exploit_to_their_Arsenal
- Date of Scan:
- 2022-06-30
- Impact:
- MEDIUM
- Summary:
- Researchers at Trend Micro identified Black Basta ransomware ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations.
Raccoon_Stealer_v2
LOW
+
—
- Intel Source:
- Sekoia
- Intel Name:
- Raccoon_Stealer_v2
- Date of Scan:
- 2022-06-30
- Impact:
- LOW
- Summary:
- It was observed by reserachers this weekthey that cyber criminals using a new and improved version of the productive malware Raccoon Stealer that was barely three months after its authors announced they were quitting.
New_ZuoRAT_malware_targets_SOHO_router
LOW
+
—
- Intel Source:
- Lumen blog
- Intel Name:
- New_ZuoRAT_malware_targets_SOHO_router
- Date of Scan:
- 2022-06-30
- Impact:
- LOW
- Summary:
- Black Lotus Labs, the threat intelligence arm of Lumen Technologies has identified and tracking the details of a new and sophisticated multistage remote access trojan (RAT) that leveraging infected SOHO routers to target predominantly North American and European networks of interest. This trojan grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold.
Emotet_still_abusing_Microsoft_Office_Macros
MEDIUM
+
—
- Intel Source:
- NetSkope
- Intel Name:
- Emotet_still_abusing_Microsoft_Office_Macros
- Date of Scan:
- 2022-06-30
- Impact:
- MEDIUM
- Summary:
- Researchers at Netskope Threat Labs has analysed campaign where Emotet is still being executed using malicious Mircosoft office documents. Despite the protection Microsoft released in 2022 to prevent the execution of Excel 4.0 (XLM) macros, this attack is still feasible against users who are using outdated versions of Office.
Ukraine_targeted_by_Dark_Crystal_RAT_or_DCRat
LOW
+
—
- Intel Source:
- Fortinet
- Intel Name:
- Ukraine_targeted_by_Dark_Crystal_RAT_or_DCRat
- Date of Scan:
- 2022-06-29
- Impact:
- LOW
- Summary:
- Researchers at FortiGuard Labs came across another file that was likely used in the attack campaign described by CERT-UA. However, the date of the file submission to VirusTotal, and the location of the submission being Ukraine. The new file however is in Excel (xlsx) format and contains malicious macros instead of the docx format and exploitation of CVE-2022-30190 (Follina).
AstraLocker_2.0_Ransomware_distributed_from_Microsoft_Word_files
MEDIUM
+
—
- Intel Source:
- ReversingLabs
- Intel Name:
- AstraLocker_2.0_Ransomware_distributed_from_Microsoft_Word_files
- Date of Scan:
- 2022-06-29
- Impact:
- MEDIUM
- Summary:
- Researchers at ReversingLabs has discovered a new version of the AstraLocker ransomware (AstraLocker 2.0) that was being distributed directly from Microsoft Office files used as bait in phishing attacks.
Evilnum_APT_returns_with_new_Threat_and_TTPs
MEDIUM
+
—
- Intel Source:
- Zscaler
- Intel Name:
- Evilnum_APT_returns_with_new_Threat_and_TTPs
- Date of Scan:
- 2022-06-28
- Impact:
- MEDIUM
- Summary:
- Researchers from Zscaler have been tracking Evilnum APT group since starting of 2022 and have seen this time with a newer target list and TTPs.The main distribution vector used by this threat group was Windows Shortcut files (LNK) sent inside malicious archive files (ZIP) as email attachments in spear phishing emails to the victims.
Software_Cracks_Distributing_Recordbreaker_Stealer
LOW
+
—
- Intel Source:
- ASEC
- Intel Name:
- Software_Cracks_Distributing_Recordbreaker_Stealer
- Date of Scan:
- 2022-06-28
- Impact:
- LOW
- Summary:
- ASEC Research Team has analysed
Threat Content
Shared Security Content on Sigma
Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.
What's New from Threat Labs
-
Securonix Threat Labs Initial Coverage Advisory: Detecting Microsoft MSDT “DogWalk” .diagcab 0-Day Using SecuronixLearn More