Powered by Threat Labs

Autonomous Threat Sweeper

Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging threats based on the latest threat intelligence from our Threat Labs Team.

Latest ATS Entries

All indicators of compromise (IOC) and Spotter queries are available on our GitHub repository.

2022-05-20
Threat_Actors_exploiting_VMware_vulnerability
Medium
+
Intel Source:
CISA
Intel Name:
Threat_Actors_exploiting_VMware_vulnerability
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
CISA released an advisory to warn organizations about threat actors exploiting unpatched VMware vulnerabilities. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-138b
2022-05-20
All_about_ITG23_Crypters
Medium
+
Intel Source:
Security Intelligence
Intel Name:
All_about_ITG23_Crypters
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
IBM X-Force researchers analyzed thirteen crypters that have all been used with malware built or operated by ITG23 internal teams or third-party distributors — including Trickbot, BazarLoader, Conti, and Colibri.
Source: https://securityintelligence.com/posts/itg23-crypters-cooperation-between-cybercriminal-groups/
2022-05-20
BumbleBee_Malware_getting_delivered_via_TransferXL_Urls
Low
+
Intel Source:
ISC.SANS
Intel Name:
BumbleBee_Malware_getting_delivered_via_TransferXL_Urls
Date of Scan:
2022-05-20
Impact:
Low
Summary:
Researchers at ISC.SANS were able to relate Bumblebee malware with EXOTIC LILY threat actor, as they saw usage of active TransferXL URLs delivering ISO files for Bumblebee malware.
Source: https://isc.sans.edu/diary/rss/28664
2022-05-20
Chinese_Threat_group_Space_Pirates_targets_Russian_Aerospace_Firms
Medium
+
Intel Source:
PtSecurity
Intel Name:
Chinese_Threat_group_Space_Pirates_targets_Russian_Aerospace_Firms
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
Analysts at Positive Technologies came across a previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems. They have dubbed the threat actor Space Pirates.
Source: https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/space-pirates-tools-and-connections/#id5-2
2022-05-20
Latest_APT_C_24_SideWinder_Rattlesnake_attack_activity
Medium
+
Intel Source:
WeiXin
Intel Name:
Latest_APT_C_24_SideWinder_Rattlesnake_attack_activity
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
Researchers from 360 Threat Intelligence Center came across an attack activity launched by APT-C-24/Sidewinder in which the threat actor has come up with New TTP.
Source: https://mp-weixin-qq-com.translate.goog/s/qsGxZIiTsuI7o-_XmiHLHg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
2022-05-20
Lazarus_Group_Exploiting_Log4Shell_Vulnerability
Medium
+
Intel Source:
Asec
Intel Name:
Lazarus_Group_Exploiting_Log4Shell_Vulnerability
Date of Scan:
2022-05-20
Impact:
Medium
Summary:
Researchers from ASEC discovered Lazarus group distributing NukeSped by exploiting Log4Shell vulnerability. The threat actor used the log4j vulnerability on VMware Horizon products that were not applied with the security patch.
Source: https://asec.ahnlab.com/en/34461/
2022-05-19
VMware_Bugs_Abused_to_Deliver_Mirai
Medium
+
Intel Source:
Barracuda
Intel Name:
VMware_Bugs_Abused_to_Deliver_Mirai
Date of Scan:
2022-05-19
Impact:
Medium
Summary:
Researchers from Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and CVE-2022-22960. Mirai was getting delivered by abusing the VMware Bug.
Source: https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/
2022-05-19
Threat Actors targets US Business Online Checkout Page
Medium
+
Intel Source:
Palo Alto
Intel Name:
Threat Actors targets US Business Online Checkout Page
Date of Scan:
2022-05-19
Impact:
Medium
Summary:
Researchers from Palo Alto Networks documented the background on Emotet, its activity since november 2021 and ending with January 2022.
Source: https://www.ic3.gov/Media/News/2022/220516.pdf
2022-05-19
Emotet_The_journey
Medium
+
Intel Source:
Palo Alto
Intel Name:
Emotet_The_journey
Date of Scan:
2022-05-19
Impact:
Medium
Summary:
Researchers from Palo Alto Networks documented the background on Emotet, its activity since november 2021 and ending with January 2022.
Source: https://unit42.paloaltonetworks.com/emotet-malware-summary-epoch-4-5/
2022-05-18
Uncovering_Kingminer_Botnet_Attack
Low
+
Intel Source:
Trend Micro
Intel Name:
Uncovering_Kingminer_Botnet_Attack
Date of Scan:
2022-05-18
Impact:
Low
Summary:
Researchers from Trend Micro details about the TTPs of the Kinginer Botnet. In 2020 threat actors deployed Kingminer to target SQL servers for cryptocurrency mining.
Source: https://www.trendmicro.com/en_us/research/22/e/uncovering-a-kingminer-botnet-attack-using-trend-micro-managed-x.html

 

Threat Content

Shared Security Content on Sigma

Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on Sigma, allowing you to tap into a vast community of collective defense and stay ahead of emerging threat research.

Threats from the Wild

Learn key technical insights into the latest MFA bypass attacks carried out by malicious threat actors in the wild

What's New from Securonix Blog

  • Blog
    Securonix Threat Labs Initial Coverage Advisory: BPFDoor Global Surveillance Tool Detection and Analysis
    Learn More
  • Blog
    Securonix Threat Labs Initial Coverage Advisory: F5 BIG-IP Vulnerability (CVE-2022-1388) Detection Using Security Analytics
    Learn More
  • Blog
    Securonix Threat Labs Monthly Intelligence Insights – April
    Learn More

Threat Labs Archives

  • Threat Research