解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 29 – 2024 - THREAT INTELLIGENCE/HUNTING

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

THREAT INTELLIGENCE/HUNTING

Anton Chuvakin

Any.Run

July 17, 2024 Add comment 359 views 4 min read HomeCybersecurity LifehacksWhat Are the 3 Types of Threat Intelligence Data Recent posts What Are the 3 Types of Threat Intelligence Data 359 0 Expert Q&A: Aaron Fillmore on his Cybersec Nonprofit — Cyber Info 302 0 Malware Trends Report: Q2, 2024 1809 0 HomeCybersecurity LifehacksWhat Are the 3 Types of Threat Intelligence Data Cyber Threat Intelligence is a powerful tool that helps organizations make sense of the vast amounts of data generated by ...

Ayelen Torello at AttackIQ

Avertium

Botnets to Watch - CatDDoS and Zergeca July 18, 2024 executive summary In February 2024, multiple U.S. and international government agencies released an advisory on Volt Typhoon botnet attacks. Previously, Avertium's Cyber Threat Intelligence team reported on Volt Typhoon's creation of a botnet using hundreds of SOHO routers across the U.S., using a "living off the land" technique to blend with normal device activity. The fallout from Volt Typhoon’s botnet impacted several U.S government entitie...

CERT Ukraine

CERT-AGID

Campagne di phishing ai danni del Ministero degli Affari Esteri e della Cooperazione Internazionale 18/07/2024 MAECI Questa settimana il CERT-AGID ha avuto evidenza di due campagne di phishing, condotte attraverso domini creati appositamente, con l’obiettivo di rubare le credenziali sia degli utenti che richiedono il visto per l’Italia sia del personale interno che utilizza la VPN. Per entrambe le campagne, le Istituzioni interessate sono già state tempestivamente avvisate ed il processo di rimo...

Problemi informatici globali in corso 19/07/2024 BSoD CrowdStrike Microsoft L’articolo verrà aggiornato progressivamente con ulteriori dettagli risolutivi o informazioni sulle nuove minacce. Le prime analisi suggeriscono che l’origine del problema sia un malfunzionamento del software EDR dell’azienda CrowdStrike, conosciuto come Falcon Sensor, che pare abbia compromesso il funzionamento delle applicazioni in cloud dell’ecosistema Microsoft 365 con il suo sistema operativo. Un aggiornamento difet...

Sintesi riepilogativa delle campagne malevole nella settimana del 13 – 19 luglio 2024 19/07/2024 riepilogo In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 36 campagne malevole, di cui 23 con obiettivi italiani e 13 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 393 indicatori di compromissione (IOC) individuati. Riportiamo a seguire il dettaglio delle tipologie...

Chainalysis

July 18, 2024 | by Chainalysis Team Share Approval phishing is an increasingly popular tactic used by criminals to steal funds through different scamming techniques such as fake crypto apps and romance scams (also known as pig butchering). With the approval phishing technique, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer’s address approval to spend specific tokens inside the victim’s wallet, allowing the scammer to then drain the victim’s add...

Check Point

Yehuda Gelb at Checkmarx Security

Allen Marin at Corelight

Understanding the Latest Threat Landscape: Insights from Mandiant M-Trends July 18, 2024 by Allen Marin In the constantly evolving world of cybersecurity, staying ahead of emerging threats requires continuous vigilance and adaptation. Fortunately for those of us in the industry, we’ve been able to count on highly respected digital forensics and incident response specialists like Mandiant to publish annual research on the latest security trends seen first-hand by their global teams. Their latest ...

Cyble

Malware July 15, 2024 Investigating the New Jellyfish Loader CRIL identifies and analyzes JellyfishLoader, a new sophisticated shellcode loader capable of collecting system information and establishing secure C&C communication. Key Takeaways Cyble Research and Intelligence Labs (CRIL) has come across a new .NET-based ShellCode loader named Jellyfish Loader. Jellyfish Loader uses asynchronous task method builders to execute code. The loader utilizes Fody and Costura to embed dependencies as resou...

Hacktivism July 15, 2024 Hacktivist Groups “People’s Cyber Army” And “HackNeT” Launch Trial DDoS Attacks on French Websites; prior to the Onslaught during Paris Olympics Cyble Investigates Hacktivist groups collaborating in "trial" DDoS attacks on French websites in preparation for a larger attack during the Paris Olympics. Executive Summary On June 23, 2024, Cyble Research & Intelligence Labs (CRIL) researchers noted that a Russian hacktivist group with a wide audience called “People​’s​ Cyber ...

Malware July 17, 2024 New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users Threat actors spotted creating a reverse connection to target cryptocurrency users by leveraging RDPWrapper and Tailscale. Key Takeaways Cyble Research and Intelligence Labs (CRIL) has uncovered a multi-stage cyberattack campaign with a Zip file containing a malicious shortcut (.lnk) file. When the shortcut is executed, it downloads a PowerShell script, initiating a chain of events that ult...

Report an Incident Talk to Sales We are Hiring! LoginLogin ProductsMenu Toggle For Enterprises(B2B) and GovernmentsMenu Toggle Cyble VisionSee Cyble in ActionAward-winning cyber threat intelligence platform, designed to provide enhanced security through real-time intelligence and threat detection. Cyble HawkProtects sensitive information and assets from cyber threats with its specialized threat detection and intelligence capabilities built for federal bodies. For Enterprises(B2B) and Individuals...

Cyfirma

Cyfirma

Published On : 2024-07-18 Share : Ransomware of the Week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization. Type: Ransomware Target Technologies: MS Windows Target Countries: Australia, Canada, Colombia, Curacao, France, Germany, Ireland, Italy, Malaysia, New Zealand, Palau, Portorico, South Africa, Spain, ...

Cyjax

By Cymon / July 19, 2024 Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition covers the discovery of the Jellyfish loader malware, the US ban on Kaspersky antivirus software, and Peloton’s alleged misuse of customer data to train AI models 1. Analysis of Jellyfish loader Full report available for CYMON users here. Key Takeaways: Researchers identified a new malware loader, tracked as Jellyfish loa...

Esentire

Get Started What We Do How We Do It Resources Company Partners Get Started What we do How we do it Resources Company Partners Get Started Back What We Do ESENTIRE SERVICES Managed Detection and Response Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation. MDR for Microsoft Maximize your Microsoft investment with 24/7 Managed Detection and Response. MDR for GenAI Metric-driven, visibility into your ...

g0njxa

Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, and Jonathan Lepore at Google Cloud Threat Intelligence

July 19, 2024Mandiant Written by: Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore Executive Summary In collaboration with Google’s Threat Analysis Group (TAG), Mandiant has observed a sustained campaign by the advanced persistent threat group APT41 targeting and successfully compromising multiple organizations operating within the global shipping and logistics, media and entertainment, technology, and automotive sectors. The majority of or...

Konstantin Lazarev at GreyNoise Labs

The purpose of this article is simple: to make it slightly easier for the complete beginners to pivot around the topic. c2 101 cybersecurity Author Konstantin Lazarev Published July 18, 2024 What is C2? In cybersecurity, Command and Control (or simply C2) term refers to the infrastructure - computer systems and communication methods - used by attackers to maintain connection with compromised machines after the initial exploitation in order to orchestrate and perform malicious activities such as ...

HackTheBox

The MITRE ATT&CK framework is a knowledge base of cyber attacks based on real-world attack scenarios. Learn how to apply this to your cybersecurity strategy in our guide. Howard Poston, Jul 17 2024 Table of Contents What is the MITRE ATT&CK framework? MITRE ATT&CK Tactics and Techniques 6 reasons to map your security strategy to MITRE ATT&CK Practical MITRE ATT&CK framework use cases Security gap and risk assessment Security analyst training/incident detection Targeted security testing Understan...

Haircutfish

Human Security

By Satori Threat Intelligence and Research Team Jul 16, 2024 Ad Fraud, Research & Detection, Threat Intelligence Researchers: João Santos, Vikas Parthasarathy, Marion Habiby, Gabi Cirlig, Lindsay Kaye, Joao Marques, Adam Sell, Inna Vasilyeva, Maor Elizen IVT Taxonomy: Automated Browsing, False Representation, Misleading User Interface HUMAN’s Satori Threat Intelligence Team recently uncovered a massive ad fraud operation we’ve named Konfety, loosely referencing CaramelAds, the mobile advertising...

InQuest

Intel471

Jul 18, 2024 The execution of cybercrime depends on the flow of data, tools and services supplied by cybercriminals to other cybercriminals. These cybercrime-as-a-service offerings enable malicious threat actors to source the tools they need and focus on their illegal speciality or interest such as fraud, scams or attacks. These resources are sourced in illegal markets hosted on clear web forums, Tor hidden services, Telegram channels and through private chats. BreachForums is one such cybercrim...

Yuma Masubuchi, Kota Kino, and Shusei Tomonaga at JPCERT/CC

朝長 秀誠 (Shusei Tomonaga) July 16, 2024 MirrorFace Attack against Japanese Organisations Python APT LODEINFO Email JPCERT/CC has been observing attack activities by MirrorFace LODEINFO and NOOPDOOR malware (since 2022). The actor’s targets were initially media, political organisations, think tanks and universities, but it has shifted to manufacturers and research institutions since 2023. As for the TTPs, they used to send spear phishing emails to infiltrate the target’s network, but now they also ...

Justin Ibarra

The REx project is a collection and breakdown of several of the most popular open security detection rules for analysis and exploration, enabled by the powerful search and visualization capabilities of the Elastic stack! The docs can be found at rulexplorer.io .The Detection Engineering Threat Report (DETR) is the visual component of the REx project, where the data speaks for itself, with minimal interpretive narration.What is the purpose of the REx project?This project provides a mechanism for ...

Kaido Järvemets

How Many Domain Admins Do You Really Have? Kaido Järvemets July 16, 2024 IntroductionIn today’s complex IT environments, the question of who has domain admin-level access is far more complicated than it seems. Many companies are implementing Defender for Endpoint, Azure Arc for Servers, and using various cloud management solutions alongside Configuration Manager. Let’s dive into these three tools and uncover their hidden impact on domain admin access.The Hidden Admins in Configuration ManagerIma...

Stay Ahead with Azure Arc: Automate Expiry Alerts for Service Principal Kaido Järvemets July 20, 2024 IntroductionKeeping track of your Azure Arc Service Principal expiration isn’t just good practice—it’s a necessity for smooth operations. An expired service principal can halt your entire Azure Arc onboarding process, preventing new server additions and disrupting your hybrid management setup.Many IT teams have relied on Office 365 connectors in Microsoft Teams to monitor these critical expirati...

Brian Krebs at Krebs on Security

July 15, 2024 11 Comments At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain. Until this past weekend, Squarespace’s web...

July 19, 2024 72 Comments A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike’s solution needs to be applied manually on a per-machine basis. A photo taken at San Jose International Airpor...

Suneel Sundar at MITRE-Engenuity

Brad LaPorte at Morphisec

Posted by Brad LaPorte on July 15, 2024 Find me on: LinkedIn Twitter Tweet The many factors that influence the threat landscape make predicting its path nearly impossible. But as security professionals, observing attack trends can help us anticipate shifts and respond from a position of strength. As a community we tend to take stock of trends and observations at the end of the calendar year, yet as the landscape is ever evolving, a mid-year assessment seems appropriate. What’s old is new again W...

Natto Thoughts

nattothoughts.substack.comCopy linkFacebookEmailNoteOtherRansom-War Part 4b: Ransomware Diplomacy Short-lived US-Russian “cyber-détente” of 2021-2022: less an effort to cooperate against cybercrime than an effort to use cybercriminals as a bargaining chip for strategic goalsNatto TeamJul 17, 2024Share this postRansom-War Part 4b: Ransomware Diplomacy nattothoughts.substack.comCopy linkFacebookEmailNoteOtherShareDedicated to the memory of John J. Foarde III, a diplomat devoted to his country, a l...

Nextron Systems

by Florian RothJul 17, 2024 We’ve updated our Antivirus Event Analysis Cheat Sheet to version 1.13.0. It includes updates in several sections New signatures various shell code detections New extensions: .MSC, .VBE, .WLL, .XLL You can download the new version here. Tip: to always find the newest version of the cheat sheet, use this search query. About the author:Florian RothFlorian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000,...

Yosef Yaakov and Bar Ben-Michael at Palo Alto Networks

18 min read Related ProductsCode to Cloud PlatformCortexCortex XSIAMPrisma Cloud By:Yosef YaakovBar Ben-Michael Published:18 July, 2024 at 3:00 AM PDT Categories:Cloud Cybersecurity ResearchThreat Research Tags:Cloud infrastructureContainerContainer escapeContainer securityDockerKubernetes Share This post is also available in: 日本語 (Japanese)Executive Summary This article reviews container escape techniques, assesses their possible impact and reveals how to detect these escapes from the perspecti...

AJ Hammond at Praetorian

Raj Samani at Rapid7

Jul 16, 2024 2 min read Raj Samani Last updated at Wed, 17 Jul 2024 14:33:54 GMT The “evolving threat landscape” is a term we often hear within webinars and presentations taking place across the cybersecurity industry. Such a catch-all term is intended to capture the litany of threat groups and their evolving tactics, but in many ways it fails to truly acknowledge the growth in their capabilities. This is particularly true of APT groups who have for years demonstrated a remarkable increase in th...

Recorded Future

Posted: 16th July 2024By: Insikt Group®Research (Insikt)TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental BodiesPosted: 16th July 2024By: Insikt Group® Summary Recorded Future’s Insikt Group identified a suspected cyber-espionage campaign by TAG-100, targeting global government and private sector organizations. TAG-100 exploited internet-facing devices and used open-source tools like the Go backdoor Pantegana. The campaign comp...

Posted: 18th July 2024By: Insikt Group®Research (Insikt)Security Challenges Rise as QR Code and AI-Generated Phishing ProliferatePosted: 18th July 2024By: Insikt Group® Summary Between Q4 2023 and Q1 2024, cybercriminals increasingly used QR codes and AI-generated phishing tactics to target executives, exploiting AWS SNS for malicious SMS and VAST tags for malvertising. These sophisticated methods enable threat actors to bypass security measures, capture multi-factor authentication (MFA) tokens,...

ReliaQuest

SANS

Will Thomas Defending Against SCATTERED SPIDER and The Com with Cybercrime Intelligence Due to the notoriety SCATTERED SPIDER and The Com have attracted as prolific cybercriminal threats, law enforcement has been tracking them closely. July 15, 2024 In this blog, the authors of SANS FOR589: Cybercrime Intelligence highlight how it was possible to identify, track, profile, and defend against a prolific cybercriminal threat group known as SCATTERED SPIDER, which is part of a broader community of c...

SANS Internet Storm Center

Wireshark 4.2.6 Released Published: 2024-07-14 Last Updated: 2024-07-14 11:07:48 UTC by Didier Stevens (Version: 1) 0 comment(s) Wireshark release 4.2.6 fixes 1 vulnerability (SPRT parser crash) and 10 bugs. Didier Stevens Senior handler blog.DidierStevens.com Keywords: 0 comment(s) previousnext Comments Login here to join the discussion. Top of page × Diary Archives Homepage Diaries Podcasts Jobs Data TCP/UDP Port Activity Port Trends SSH/Telnet Scanning Activity Weblogs Threat Feeds Activity T...

Protected OOXML Spreadsheets Published: 2024-07-15 Last Updated: 2024-07-15 04:54:57 UTC by Didier Stevens (Version: 1) 0 comment(s) I was asked a question about the protection of an .xlsm spreadsheet. I've written before on the protection of .xls spreadsheets, for example in diary entries "Unprotecting Malicious Documents For Inspection" and "16-bit Hash Collisions in .xls Spreadsheets"; and blog post "Quickpost: oledump.py plugin_biff.py: Remove Sheet Protection From Spreadsheets". .xlsm sprea...

Internet Storm Center Sign In Sign Up Handler on Duty: Guy Bruneau Threat Level: green previousnext "Reply-chain phishing" with a twist Published: 2024-07-16 Last Updated: 2024-07-16 12:45:28 UTC by Jan Kopriva (Version: 1) 0 comment(s) Few weeks ago, I was asked by a customer to take a look at a phishing message which contained a link that one of their employees clicked on. The concern was whether the linked-to site was only a generic credential stealing web page or something targeted/potential...

Who You Gonna Call? AndroxGh0st Busters! [Guest Diary] Published: 2024-07-16 Last Updated: 2024-07-17 00:33:04 UTC by Guy Bruneau (Version: 1) 0 comment(s) [This is a Guest Diary by Michael Gallant, an ISC intern as part of the SANS.edu BACS program] Image generated by DALL-E [8] Introduction During my internship at the SANS Internet Storm Center, I was tasked with setting up a honeypot, an internet device intentionally vulnerable, to observe and analyze attack vectors. Among the numerous attack...

Widespread Windows Crashes Due to Crowdstrike Updates Published: 2024-07-19 Last Updated: 2024-07-19 16:59:59 UTC by Johannes Ullrich (Version: 1) 0 comment(s) Last night, endpoint security company Crowdstrike released an update that is causing widespread "blue screens of death" (BSOD) on Windows systems. Crowdstrike released an advisory, which is only available after logging into the Crowdstrike support platform. A brief public statement can be found here. Crowdstrike now also published a detai...

Security Joes

top of pageGet A QuoteSolutionsAboutBlogCareersConferencesUNDER ATTACK? Log InAll PostsNewsThreat IntelligenceSecurity Joes5 days ago14 min readSecurity's Achilles' Heel: Vulnerable Drivers on the ProwlA notable trend in cyber threats nowadays is the exploitation of vulnerabilities in drivers through the Bring Your Own Vulnerable Driver (BYOVD) technique. BYOVD poses a significant risk as it allows attackers to bypass security measures and gain unrestricted access to targeted systems. This metho...

SentinelOne

Jim Walter / July 16, 2024 Executive Summary SentinelLabs has identified a new cybercriminal threat group, NullBulge, which targets AI- and gaming-focused entities In July 2024, the group released data allegedly stolen from Disney’s internal Slack communications. NullBulge targets the software supply chain by weaponizing code in publicly available repositories on GitHub and Hugging Face, leading victims to import malicious libraries, or through mod packs used by gaming and modeling software. The...

Antonio Cocomazzi / July 17, 2024 Executive Summary New evidence shows FIN7 is using multiple pseudonyms to mask the group’s true identity and sustain its criminal operations in the underground market FIN7’s campaigns demonstrate the group’s adoption of automated SQL injection attacks for exploiting public-facing applications AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multipl...

Simone Kraus

SOCRadar

Explore the Most Active Threat Actors Through the 2024 Global Ransomware Report Easily Access Ransomware Intelligence Home Resources Blog Jul 17, 2024 3 Mins Read SOCRadar’s Global Ransomware Report 2024: Gain Insights Into Worldwide Ransomware Trends As 2024 passes by, ransomware remains a major concern for organizations across the globe. In order to see the threat landscape and take the necessary measures, we are publishing our Global Ransomware Report where we covered several aspects of this ...

What Was the Initial Fallout? How Are Cybercriminals Exploiting This? Cybersecurity Concerns and Recommendations What Are Indicators of Compromise (IoCs)? See, Analyze, Secure: Navigating the Complex Cybersecurity Landscape of Over 50 Million Companies Home Resources Blog Jul 20, 2024 4 Mins Read Suspicious Domains Exploiting the Recent CrowdStrike Outage! On Friday, a routine software update by CrowdStrike inadvertently triggered a critical disruption across various infrastructures and organiza...

Puja Mahendru at Sophos

275 IT/cybersecurity leaders from the energy, oil/gas and utilities sector share their ransomware experiences, providing new insights into the business impact of ransomware. Written by Puja Mahendru July 17, 2024 Products & Services Ransomware Solutions The State of Ransomware The latest annual Sophos study of the real-world ransomware experiences of energy, oil/gas and utilities sector – a core element of the critical infrastructure supporting businesses – explores the full victim journey, from...

Splunk

By Ronald Beiboer Share on X Share on Facebook Share on LinkedIn Do you know what is positive about ransomware? It gets noticed. This might seem obvious, but consider its significant role in maturing companies' cybersecurity strategies. It’s fair to say that ransomware has awakened many to the importance of cybersecurity, but has it also blinded us to the more invisible attacks?Over the last five to ten years cybersecurity has become a boardroom subject in the majority of enterprises. This would...

By Splunk Threat Research Team , Teoderick Contreras Share on X Share on Facebook Share on LinkedIn A supply chain attack is a prominent "Initial Access" tactic employed by malware authors and Advanced Persistent Threat (APT) groups to gain a foothold on their targeted hosts or systems. This method involves compromising a third-party service or software that is trusted by the target, thereby injecting malicious code into legitimate software updates or distributions.This incident underscores the ...

Taz Wake

Linux Security - Forwarding the Journal logs Report this article Taz Wake Taz Wake Cyber security incident response | Threat hunting | Digital forensics | Certified SANS instructor & course author | I am not looking for any new certification training... Published Jul 17, 2024 + Follow Recently I wrote an article about how to analyse the Systemd Journal during incident response. There was a follow-up discussion about how to make sure this data was moved to a log centralisation platform/SIEM. Now,...

Trend Micro

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched. By: Peter Girnus, Aliakbar Zahravi July 15, 2024 Read time: ( words) Save to Folio Subscribe Report Highlights: In May, ZDI threat hunters under Trend Micro’s Zero Day Initiative discovered a vulnerability that the...

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. By: Cj Arsley Mateo, Darrel Tristan Virtusio, Sarah Pearl Camiling, Andrei Alimboyao, Nathaniel Morales, Jacob Santos, Earl John Bareng July 19, 2024 Read time: ( words) Save to Folio Subscribe Summary: The Play ransomware group, known for its double-extortion tactic, now has a Linux variant targeting ESXi environments. Most...

John Dwyer, Kevin Haubris and Eric Gonzalez at TrustedSec

July 16, 2024 Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks Written by John Dwyer, Kevin Haubris and Eric Gonzalez Malware Analysis Table of contentsKey TakeawaysCVE-2024-1853Defense EvasionImpair DefensesPersistenceIndicator RemovalAdditional CapabilitiesIngress Tool TransferNative API ExecutionVirtualization / Sandbox EvasionDetection OpportunitiesThis post was written by John Dwyer, Director of Security Research at Binary Defense, and made possible thro...

Trustwave SpiderLabs

July 15, 2024 1 minute read The Trustwave SpiderLabs Threat Intelligence team's ongoing study into how threat actors use Facebook for malicious activity has uncovered a new version of the SYS01 stealer. This stealer is designed to take over Facebook accounts, steal credential information from affected users' browsers, and then leverage legitimate accounts to further the spread of the malware. Trustwave SpiderLabs' new report, Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01...