Trellix Advanced Research Center: Digest #8
OneDrive Pastejacking: The Crafty Phishing and Downloader Campaign by Rafael Pena
Over the past few weeks, the Trellix Advanced Research Center has observed a sophisticated Phishing/downloader campaign targeting Microsoft OneDrive users. This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems.
Managing Risk During the CrowdStrike Global Tech Outage by Mo Cashman and Trellix Advanced Research Center
A defective content update provided by cybersecurity firm CrowdStrike caused Microsoft Windows systems to crash, disrupting airline travel, healthcare, government services and many other critical industries and organizations globally. This blog is focused on what to do now and how Trellix can keep you safe during this crisis.
#TeamTrellix continues to work around the clock to stay ahead of threats stemming from the CrowdStrike outage -- Head of Threat Intelligence, John Fokker and Malware Analyst, Max Kersten explain the latest trends.
Handala's Wiper Targets Israel by Max Kersten, Tomer Shloman and Mathanraj TK
CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickly latch on to gain an edge over defenders. One such actor is the self proclaimed Handala Hacking Team, which has sent lure emails which contained malware to Israeli targets. The malware is a wiper which has a single purpose: to destroy files on the machine its runs on. This blog will focus on the threat actor’s background and previous actions, the attack chain, and the wiper’s internals and reused code.
领英推荐
Cactus Ransomware: New Strain in the Market by Aishwarya Gentyal
Ransomware malware has been around for many years now and it continues to dominate the headlines. It's an attacker's top choice for cyber extortion and is one of the most active and profound threats facing organizations today across all industries and sizes. You can call it a digital kidnapper that locks away your files and demands a ransom for their release. It preys on vulnerabilities in software and human error like clicking on phishing emails, reminding us of the constant need for robust cybersecurity measures.
The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution by Mathanraj TK and Sijo Jacob
In the dynamic landscape of cyber threats, ViperSoftX has emerged as a highly sophisticated malware, adept at infiltrating systems and exfiltrating sensitive information. Since its initial detection in 2020, ViperSoftX has undergone several iterations, with each version demonstrating increased complexity and advanced capabilities. Initially, it spread mainly through cracked software, luring users with pirated applications that secretly installed the malware. ViperSoftX was also distributed via torrent sites earlier, but now we have observed it being distributed specifically as eBooks over torrents.
Cracking Cobalt Strike: Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence by John Fokker, Leandro Velasco and Jo?o Marques
In a significant global effort to combat cybercrime, law enforcement agencies from around the world have joined forces to dismantle parts of the infrastructure running Cobalt Strike, a powerful post-exploitation framework often exploited by cybercriminals and nation-states. This tool has been central to numerous cyberattacks, facilitating malicious activities through its advanced capabilities.