Securonix Threat Labs

Intel Source:

Security Joes

Intel Name:

Hackers_Exploiting_MinIO_Storage_System

Date of Scan:

2023-09-05

Impact:

LOW

Summary:

Infected Microsoft SQL Server (MSSQL) databases were being used to deliver Cobalt Strike and ransomware payloads, according to Securonix Threat Lab research. Using MSSQL as a beachhead, the attackers deploy a variety of payloads, including remote-access Trojans (RATs) and a fresh Mimic ransomware variant named FreeWorld, after first infiltrating the target machine.

Source:
https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services

Intel Name:

Cyberattack_by_APT28_Using_msedge_as_a_Bootloader

Date of Scan:

2023-09-05

Impact:

LOW

Summary:

Researchers from CERT-UA have observed a deliberate cyber attack against a crucial Ukrainian energy infrastructure site. An email message with a phony sender address and a link to an archive, like “photo.zip,” is being distributed to carry out the malicious scheme.

Source:
https://cert.gov.ua/article/5702579

Intel Source:

Okta

Intel Name:

Okta_Warns_of_Social_Engineering_Attacks

Date of Scan:

2023-09-04

Impact:

LOW

Summary:

Recent weeks have seen an increase in social engineering attacks against IT service desk staff, according to several U.S.-based Okta customers. The caller’s tactic was to persuade the service desk staff to reset all multi-factor authentication (MFA) factors enrolled by highly privileged users.

Source:
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection

Intel Source:

ASEC

Intel Name:

Following_the_Spread_of_Fileless_Malware_Through_Spam_Emails

Date of Scan:

2023-09-04

Impact:

LOW

Summary:

A phishing campaign that spreads via spam emails and runs a PE file (EXE) without placing the file on the user’s computer has been uncovered by ASEC researchers. The malware strains AgentTesla, Remcos, and LimeRAT are finally executed by the malware attachment in the hta extension.

Source:
https://asec.ahnlab.com/en/56512/

Intel Source:

Seqrite

Intel Name:

ZeroDay_Vulnerabilities_Detected_on_WinRAR

Date of Scan:

2023-09-04

Impact:

MEDIUM

Summary:

In the widely used WinRAR software, the zero-day vulnerabilities CVE-2023-38831 and CVE-2023-40477 have been discovered. The possibility of remote code execution presented by these vulnerabilities raises serious security concerns. With half a billion users globally, it is a well-liked compression tool that is essential to numerous digital processes.

Source:
https://www.seqrite.com/blog/threat-advisory-zero-day-vulnerabilities-detected-on-winrar/

Intel Source:

Securonix Threat Labs

Intel Name:

FreeWorld_Ransomware_Attacks_on_MSSQL_Databases

Date of Scan:

2023-09-04

Impact:

MEDIUM

Summary:

Infected Microsoft SQL Server (MSSQL) databases were being used to deliver Cobalt Strike and ransomware payloads, according to Securonix Threat Lab research. Using MSSQL as a beachhead, the attackers deploy a variety of payloads, including remote-access Trojans (RATs) and a fresh Mimic ransomware variant named FreeWorld, after first infiltrating the target machine.

Source:
https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/

Intel Source:

Interlab

Intel Name:

A_new_campaign_of_novel_RAT

Date of Scan:

2023-09-02

Impact:

LOW

Summary:

On 8/28/2023, Interlab got some a sample which was sent to a journalist with highly targeted content luring the recipient to open the document. After checking it, Interlab discovered that after initial compromise, the execution of an AutoIT script that was used to perform process injection using a process hollowing technique. The injected process contained a novel RAT, which was named “SuperBear” due to naming conventions in the code.

Source:
https://interlab.or.kr/archives/19416

Intel Source:

Talos

Intel Name:

Analyses_on_new_open_source_infostealer

Date of Scan:

2023-09-02

Impact:

LOW

Summary:

This week’s edition of the Threat Source newsletter. Talos is seeing more and more bad guys take advantage of the availability of tools that have been added to public malware sites, such as the infostealer “SaphireStealer” which was analyzed by Talos reserachers and shared in their blog.

Source:
https://blog.talosintelligence.com/new-open-source-infostealer-and-reflections-on-2023-so-far/

Intel Source:

Rapid7

Intel Name:

New_IDAT_Loader_executes_StealC_and_Lumma_Infostealers

Date of Scan:

2023-09-02

Impact:

LOW

Summary:

Recently, Rapid7 discoverd the Fake Browser Update tricking users into executing malicious binaries. While analyzing the dropped binaries, Rapid7 determined a new loader is utilized in order to execute infostealers on compromised systems including StealC and Lumma.

Source:
https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/

Intel Source:

Talos

Intel Name:

An_Open_Source_Info_Stealer_Named_SapphireStealer

Date of Scan:

2023-09-01

Impact:

LOW

Summary:

In December 2022, SapphireStealer was first published by the open-source community as an information stealing malware. Since then, it’s been observed across a number of public malware repositories with increasing frequency. The researchers have moderate confidence that multiple entities are using SapphireStealer. They have separately improved and modified the original code base, extending it to support additional data exfiltration mechanisms.

Source:
https://blog.talosintelligence.com/sapphirestealer-goes-open-source/