{"id":106,"date":"2022-08-05T19:32:09","date_gmt":"2022-08-05T19:32:09","guid":{"rendered":"https:\/\/gcsecurity.us\/?p=106"},"modified":"2023-01-27T19:58:02","modified_gmt":"2023-01-27T19:58:02","slug":"threat-intelligence-bulletin-decentralized-phishing-infrastructure-top-threat-iocs-and-c2-as-a-service","status":"publish","type":"post","link":"https:\/\/gcsecurity.us\/?p=106","title":{"rendered":"Threat Intelligence Bulletin &#8211; Decentralized Phishing Infrastructure, Top Threat IOCs, and C2-as-a-Service"},"content":{"rendered":"\n<p>Most impersonated software according to VirusTotal includes Skype, Adobe Reader, 7-Zip and more<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/08\/virustotal-reveals-most-impersonated.html\">https:\/\/thehackernews.com\/2022\/08\/virustotal-reveals-most-impersonated.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>DrayTek routers affected by RCE vulnerability<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.darkreading.com\/endpoint\/critical-rce-bug-draytek-routers-smbs-zero-click-attacks\">https:\/\/www.darkreading.com\/endpoint\/critical-rce-bug-draytek-routers-smbs-zero-click-attacks<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Phishing attacks increasingly using IPFS network for hosting sites<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/07\/researchers-warns-of-increase-in.html\">https:\/\/thehackernews.com\/2022\/07\/researchers-warns-of-increase-in.html<\/a><\/li><li><a href=\"https:\/\/cyware.com\/news\/rising-number-of-phishing-emails-with-ipfs-urls-327d3f25\">https:\/\/cyware.com\/news\/rising-number-of-phishing-emails-with-ipfs-urls-327d3f25<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>VMware command-line utility for Windows Defender used to drop Cobalt Strike<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/08\/lockbit-ransomware-abuses-windows.html\">https:\/\/thehackernews.com\/2022\/08\/lockbit-ransomware-abuses-windows.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Credential harvesting attack observed utilizing ticking countdown to pressure recipients<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/cyware.com\/news\/a-phishing-attack-and-a-countdown-timer-bae0c56a\">https:\/\/cyware.com\/news\/a-phishing-attack-and-a-countdown-timer-bae0c56a<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Breakdown of most common initial access methods (phishing) and exploited vulnerabilities (ProxyShell)<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/unit42.paloaltonetworks.com\/incident-response-report\/\">https:\/\/unit42.paloaltonetworks.com\/incident-response-report\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Most prevalent threats in past week according to Cisco Talos. Shiz RAT, Tofsee malware, and TeslaCrypt ransomware take top spots (link also contains their IOCs)<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/blog.talosintelligence.com\/2022\/07\/threat-roundup-for-july-22-29.html\">https:\/\/blog.talosintelligence.com\/2022\/07\/threat-roundup-for-july-22-29.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>87% of ransomware found on dark web delivered via macros<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.helpnetsecurity.com\/2022\/08\/03\/ransomware-malicious-macros\/\">https:\/\/www.helpnetsecurity.com\/2022\/08\/03\/ransomware-malicious-macros\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Currently active botnet \u201cRapperBot\u201d focuses on brute-forcing Linux SSH servers configured to accept password authentication<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-linux-malware-brute-forces-ssh-servers-to-breach-networks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-linux-malware-brute-forces-ssh-servers-to-breach-networks\/<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>VMware bug has potential for threat actor with UI access to obtain administrative privileges without authenticating<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0021.html\">https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0021.html<\/a><\/li><\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Robust new C2-as-a-Service program, Dark Utilities, gaining prevalence<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/thehackernews.com\/2022\/08\/a-growing-number-of-malware-attacks.html\">https:\/\/thehackernews.com\/2022\/08\/a-growing-number-of-malware-attacks.html<\/a><\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Most impersonated software according to VirusTotal includes Skype, Adobe Reader, 7-Zip and more https:\/\/thehackernews.com\/2022\/08\/virustotal-reveals-most-impersonated.html DrayTek routers affected by RCE vulnerability https:\/\/www.darkreading.com\/endpoint\/critical-rce-bug-draytek-routers-smbs-zero-click-attacks Phishing attacks increasingly using IPFS network for hosting sites https:\/\/thehackernews.com\/2022\/07\/researchers-warns-of-increase-in.html https:\/\/cyware.com\/news\/rising-number-of-phishing-emails-with-ipfs-urls-327d3f25 VMware command-line utility for Windows Defender used to drop Cobalt Strike https:\/\/thehackernews.com\/2022\/08\/lockbit-ransomware-abuses-windows.html Credential harvesting attack observed utilizing ticking countdown to pressure recipients https:\/\/cyware.com\/news\/a-phishing-attack-and-a-countdown-timer-bae0c56a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[15,14],"class_list":["post-106","post","type-post","status-publish","format-standard","hentry","category-news","tag-cybersecurity","tag-news"],"_links":{"self":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=106"}],"version-history":[{"count":1,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/106\/revisions"}],"predecessor-version":[{"id":107,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=\/wp\/v2\/posts\/106\/revisions\/107"}],"wp:attachment":[{"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcsecurity.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}