Cyber Intel Brief: July 28 – Aug 03, 2022

Malware

Qbot Reappears, Now Leveraging DLL Side Loading Technique To Bypass Detection Mechanisms

Impacted Industries: All

What You Need To Know:

An information stealer attack chain has undergone a few alterations, according to the Uptycs Threat Research team. The malware now uses the DLL side-loading technique to run its code and evade security measures.


Malware

Raccoon Stealer v2: The Latest Generation of the Raccoon Family

Impacted Industries: All

What You Need To Know:

A recent Zscaler ThreatLabz report identified notable changes from earlier versions of a Malware-as-a-Service family. Moreover, the developers also disclosed that further variants, including DLLs and PE files laced with other malware, are available.


Malware

Manjusaka: A Chinese Sibling of Sliver and Cobalt Strike

Impacted Industries: Unknown

What You Need To Know:

Cisco Talos observed threat actors using a new attack framework that is said to emulate the Cobalt Strike framework. Furthermore, this framework is available publicly on GitHub; any threat actor can access a fully functional version of the C2 with the ability to generate custom configured payloads.


Ransomware

Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool

Impacted Industries:  All

What You Need To Know:

According to a recent report from SentinelOne, a ransomware affiliate exploited a vulnerability in a VMWare Horizon Server, ultimately abusing a legitimate Windows Defender command-line tool to decrypt and side-load a Cobalt Strike payload DLL.


Techniques

Cookie O’Clock

Impacted Industries: All

What You Need To Know:

Cyberint recently detailed the threat that cookies stored in browsers pose to organizations. Threat actors can employ numerous techniques to harvest cookies that can allow access to sensitive data.


Threat Actors

Initial Access Brokers Are Key to Rise in Ransomware Attacks

Impacted Industries: All

What You Need To Know:

The latest report from Recorded Future provides a high-level overview of the TTPs threat actors employ on the dark web to install infostealer malware and acquire legitimate credentials.


Exploited Vulnerabilities

CISA Adds CVE-2022-26138 to its Known Exploited Vulnerabilities Catalog

Impacted Industries: All

What You Need To Know:

CISA has added CVE-2022-26138, a vulnerability in the Questions for Confluence app based on evidence of active exploitation.


What We Mean When We Say

Estimates of Likelihood

We use probabilistic language to reflect the Intel Team’s estimates of the likelihood of developments or events because analytical judgments are not certain. Terms like “probably,” “likely,” “very likely,” and “almost certainly” denote a higher than even chance. The terms unlikely and remote imply that an event has a lower than even chance of occurring; they do not imply that it will not. Terms like might and might reflect situations where we are unable to assess the likelihood, usually due to a lack of relevant information, which is sketchy or fragmented. Terms like “we can’t dismiss,” “we can’t rule out,” and “we can’t discount” refer to an unlikely, improbable, or distant event with significant consequences.

Confidence in Assessments

Our assessments and projections are based on data that varies in scope, quality, and source. As a result, we assign our assessments high, moderate, or low levels of confidence, as follows:

  • High confidence indicates that our decisions are based on reliable information and/or that the nature of the problem allows us to make a sound decision. However, a “high confidence” judgment is not a fact or a guarantee, and it still carries the risk of being incorrect.
  • Moderate confidence denotes that the information is credible and plausible, but not of high enough quality or sufficiently corroborated to warrant a higher level of assurance.
  • Low confidence indicates that the information’s credibility and/or plausibility are in doubt, that the information is too fragmented or poorly corroborated to make solid analytic inferences, or that we have serious concerns or problems with the sources.

Share

LinkedIn Twitter YouTube

Subscribe to the Deepwatch Insights Blog