Uncover the threats of tomorrow, today.
Securonix Threat Labs helps your team fend off rising threats by bringing the industry’s brightest minds together to equip you with the latest countermeasures and best practices.
Powered by Threat Labs
Autonomous Threat Sweeper
Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.
Latest ATS Entries
All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.
An_Email_Specific_Phishing_Page
LOW
+
—
- Intel Source:
- ASEC
- Intel Name:
- An_Email_Specific_Phishing_Page
- Date of Scan:
- 2023-02-01
- Impact:
- LOW
- Summary:
- ASEC researchers have identified multiple phishing emails that are distributed with a changing icon to reflect the mail account service entered by the user and send a warning that their account will be shut down, prompting them to click the ‘Reactivate Now’ link if they need their account kept active.
New_Version_of_Nevada_Ransomware
MEDIUM
+
—
- Intel Source:
- Resecurity
- Intel Name:
- New_Version_of_Nevada_Ransomware
- Date of Scan:
- 2023-02-01
- Impact:
- MEDIUM
- Summary:
- Resecurity researchers have identified a new version of Nevada Ransomware which recently emerged on the Dark Web right before the start of 2023. The actors behind this new project have an affiliate platform first introduced on the RAMP underground community, which is known for initial access brokers (IABs) and other cybercriminal actors and ransomware groups.
Google_Ads_Targeting_Password_Manager
LOW
+
—
- Intel Source:
- Malwarebytes
- Intel Name:
- Google_Ads_Targeting_Password_Manager
- Date of Scan:
- 2023-02-01
- Impact:
- LOW
- Summary:
- Researchers from Malwarebytes have identified a new malvertising campaign that makes use of Google Ads to target users looking for password managers.
TZW_Ransomware_Distributing_in_Korea
LOW
+
—
- Intel Source:
- ASEC
- Intel Name:
- TZW_Ransomware_Distributing_in_Korea
- Date of Scan:
- 2023-02-01
- Impact:
- LOW
- Summary:
- ASEC researchers have discovered the distribution of the TZW ransomware, which encrypts files before adding the “TZW” file extension to the original extension.
Malware_Packer_TrickGate_Using_by_Several_Malware_to_Evade_Detection
LOW
+
—
- Intel Source:
- Checkpoint
- Intel Name:
- Malware_Packer_TrickGate_Using_by_Several_Malware_to_Evade_Detection
- Date of Scan:
- 2023-02-01
- Impact:
- LOW
- Summary:
- Researchers from Checkpoint have identified a shellcode-based packer dubbed TrickGate has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years.
An_ongoing_phishing_campaign_that_impersonates_Southwest_Airlines
LOW
+
—
- Intel Source:
- Inky
- Intel Name:
- An_ongoing_phishing_campaign_that_impersonates_Southwest_Airlines
- Date of Scan:
- 2023-02-01
- Impact:
- LOW
- Summary:
- Last December, INKY observed and detected an ongoing phishing campaign that impersonates Southwest Airlines. Phishing emails are being sent from newly created domains, set up explicitly for these attacks.
The_Analysis_of_Cryptojacks_System_to_Mine_for_Monero_Crypto
LOW
+
—
- Intel Source:
- Fortinet
- Intel Name:
- The_Analysis_of_Cryptojacks_System_to_Mine_for_Monero_Crypto
- Date of Scan:
- 2023-02-01
- Impact:
- LOW
- Summary:
- Fortinet researchers have analyzed the crypto miner software that is delivering via the Excel document and executing it on the victim device.
NikoWiper_Malware_Targeting_Ukraine_Energy_Sector
LOW
+
—
- Intel Source:
- Welivesecurity
- Intel Name:
- NikoWiper_Malware_Targeting_Ukraine_Energy_Sector
- Date of Scan:
- 2023-02-01
- Impact:
- LOW
- Summary:
- ESET researchers have analyzed the activities of selected APT groups and identified the Russia-affiliated Sandworm using another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine.
The_Similarities_Between_Abraham_s_Ax_and_Moses_Staff_Group
LOW
+
—
- Intel Source:
- Secureworks
- Intel Name:
- The_Similarities_Between_Abraham_s_Ax_and_Moses_Staff_Group
- Date of Scan:
- 2023-02-01
- Impact:
- LOW
- Summary:
- Researchers from SecureWorks have analyzed the similarities between the Moses Staff hacktivist group persona that emerged in September 2021 and the Abraham's Ax persona that emerged in November 2022.
Phishing_Emails_Circulating_With_Requests_for_Product_Quotation
LOW
+
—
- Intel Source:
- ASEC
- Intel Name:
- Phishing_Emails_Circulating_With_Requests_for_Product_Quotation
- Date of Scan:
- 2023-02-01
- Impact:
- LOW
- Summary:
- Researchers from ASEC have identified phishing emails with content related to requests for product quotations. These phishing emails are all disguised to seem as if they were sent by a manager with a high position, such as the team leader or department director of production companies or foundries, and were also .html and .htm attachments.
Threat Content
Shared Security Content on Sigma
Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.
What's New from Threat Labs
-
BlogSecuronix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid DetectionLearn More