4-Prong Approach to Security
Securonix Threat Labs helps your team fend off rising threats by bringing the industry’s brightest minds together to equip you with the latest countermeasures and best practices.
Powered by Threat Labs
Autonomous Threat Sweeper
Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.
Latest ATS Entries
All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.
Emotet getting distributed through Link Files
Low
+
—
- Intel Source:
- ASEC
- Intel Name:
- Emotet getting distributed through Link Files
- Date of Scan:
- 2022-05-23
- Impact:
- Low
- Summary:
- ASEC researchers recently discovered Emotet getting distributed through various files including Link Files.
XorDdos_targeting_Linux_devices
Medium
+
—
- Intel Source:
- Microsoft
- Intel Name:
- XorDdos_targeting_Linux_devices
- Date of Scan:
- 2022-05-23
- Impact:
- Medium
- Summary:
- Microsoft researchers saw and 254% increase in activity of a stealthy and modular malware which is used to hack into Linux devices and build a DDoS botnet. The malware is called XorDDoS.
Vidar_Malware_distributed_through_fake_Windows11_downloads
Low
+
—
- Intel Source:
- Zscaler
- Intel Name:
- Vidar_Malware_distributed_through_fake_Windows11_downloads
- Date of Scan:
- 2022-05-23
- Impact:
- Low
- Summary:
- Researchers from Zscalers came across fraudulent domains masquerading as Microsoft's Windows 11 download portal which are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware.
Supply_Chain_Attack_targets_GitLab_CI_Pipelines
Medium
+
—
- Intel Source:
- SentinelOne
- Intel Name:
- Supply_Chain_Attack_targets_GitLab_CI_Pipelines
- Date of Scan:
- 2022-05-23
- Impact:
- Medium
- Summary:
- Researchers from SentinelLabs identified a software chain supply attack targeting Rust developers with malware aimed directly at infecting GitLab Continuous Integration (CI) pipelines. The campaign has been dubbed as CrateDepression.
All_about_ITG23_Crypters
Medium
+
—
- Intel Source:
- Security Intelligence
- Intel Name:
- All_about_ITG23_Crypters
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- IBM X-Force researchers analyzed thirteen crypters that have all been used with malware built or operated by ITG23 internal teams or third-party distributors — including Trickbot, BazarLoader, Conti, and Colibri.
BumbleBee_Malware_getting_delivered_via_TransferXL_Urls
Low
+
—
- Intel Source:
- ISC.SANS
- Intel Name:
- BumbleBee_Malware_getting_delivered_via_TransferXL_Urls
- Date of Scan:
- 2022-05-20
- Impact:
- Low
- Summary:
- Researchers at ISC.SANS were able to relate Bumblebee malware with EXOTIC LILY threat actor, as they saw usage of active TransferXL URLs delivering ISO files for Bumblebee malware.
Chinese_Threat_group_Space_Pirates_targets_Russian_Aerospace_Firms
Medium
+
—
- Intel Source:
- PtSecurity
- Intel Name:
- Chinese_Threat_group_Space_Pirates_targets_Russian_Aerospace_Firms
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- Analysts at Positive Technologies came across a previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems. They have dubbed the threat actor Space Pirates.
Threat_Actors_exploiting_VMware_vulnerability
Medium
+
—
- Intel Source:
- CISA
- Intel Name:
- Threat_Actors_exploiting_VMware_vulnerability
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- CISA released an advisory to warn organizations about threat actors exploiting unpatched VMware vulnerabilities. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
Lazarus_Group_Exploiting_Log4Shell_Vulnerability
Medium
+
—
- Intel Source:
- Asec
- Intel Name:
- Lazarus_Group_Exploiting_Log4Shell_Vulnerability
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- Researchers from ASEC discovered Lazarus group distributing NukeSped by exploiting Log4Shell vulnerability. The threat actor used the log4j vulnerability on VMware Horizon products that were not applied with the security patch.
Latest_APT_C_24_SideWinder_Rattlesnake_attack_activity
Medium
+
—
- Intel Source:
- WeiXin
- Intel Name:
- Latest_APT_C_24_SideWinder_Rattlesnake_attack_activity
- Date of Scan:
- 2022-05-20
- Impact:
- Medium
- Summary:
- Researchers from 360 Threat Intelligence Center came across an attack activity launched by APT-C-24/Sidewinder in which the threat actor has come up with New TTP.
Threat Content
Shared Security Content on Sigma
Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.
What's New from Securonix Blog
-
BlogSecuronix Threat Labs Initial Coverage Advisory: BPFDoor Global Surveillance Tool Detection and AnalysisLearn More
-
BlogSecuronix Threat Labs Initial Coverage Advisory: F5 BIG-IP Vulnerability (CVE-2022-1388) Detection Using Security AnalyticsLearn More