Posts

Showing posts from August, 2020

Lemon_Duck cryptominer targets cloud apps & Linux

Image
  Lemon_Duck cryptominer targets cloud apps & Linux The Lemon Duck cryptominer is one of the more advanced types of cryptojacker payloads. Its creators continuously update the code with new threat vectors and obfuscation techniques to evade detection, and the miner itself is “fileless,” meaning it remains memory resident and leaves no trace of itself on the victim’s filesystem.  Indicator Of Compromise(IOC) Domain: d.ackng.com     lplp.ackng.com     t.amynx.com     t.jdjdcjq.top     t.zer9g.com     t.zz3r0.com lplp.ackng.com:444     p.b69kq.com:443     p.k3qh4.com:443 IP: 167.71.87.85 Port: 65529 URLs: hxxp://167.71.87.85/20.dat?$params hxxp://d.ackng.com/if_mail.bin?$params hxxp://d.ackng.com/kr.bin?$params hxxp://d.ackng.com/ln/xr.zip hxxp://d.ackng.com/m6.bin?$params hxxp://d.ackng.com/m6g.bin?$params hxxp://d.ackng.com/nvd.zip hxxp://d.ackng.com/ode.bin?$params hxx...
Post a Comment
Read more

LinkedIn Job Seeker Phishing Campaign Spreads Agent Tesla

Image
    LinkedIn Job Seeker Phishing Campaign Spreads Agent Tesla   A malicious site that used LinkedIn, a popular professional networking and job search site, as the lure for a social engineering scheme designed to steal a user’s credentials and spread malicious binaries. In addition to the Agent Tesla malware, it also used a custom payload that we have not seen before. The following attributes of the threat actor's infrastructure indicate the focus is LinkedIn users Indicator Of Compromise  Email Ids chanmaestrswiss@yandex.com mmyoffice@yandex.com linkedinjob@yandex.com linkedin.office@yandex.com m.off1ce@yandex.ru linkedin.office@yandex.com File Hashes f89b4dff6e126e9a5f0a64d590f7b42e 73ee4b60893b0ccc20079882aae66e2f 39648125d1ea711fee091b5ee58eb533 072462810ba6e5a7161b35b8535b55bd 940db8fcba320925e423b44a22e703f1 78d029254cb2350260967feb983d487f a29a4aea13be816b7929bf103136887d 830bbf1855da3a145831ec55d1c37d17 8cb05c44406adbe13690d816759658da f4755749ad038edc33...
Post a Comment
Read more

Hundreds of URLs Inside Microsoft Excel Spreads New Dridex Trojan Variant

Image
Hundreds of URLs Inside Microsoft Excel Spreads                                   New Dridex Trojan Variant   Dridex is an evolution of the Cridex malware, which itself is based on the ZeuS Trojan Horse malware. According to a security firm analyst, the Dridex banking malware initially spread in late 2014 via a spam campaign that generate upwards of 15,000 emails each day. It mainly targets customers of financial/banking institutions. The Dridex hackers seemed to particularly focus on small- and medium-sized organizations, rather than individuals Dridex is an online banking malware used by hackers to steal personal data. Using this malware, hackers steal financial data and other identifiers for users. Dridex malware, also known as Bugat and Cridex.   Indicator Of Compromise File Hash 519312A969094294202A2EBE197BB4C563BA506FFFBD45000F0...
Post a Comment
Read more