The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: 0-Day, Data breach, NetSupport Manager RAT, Roaming Mantis, Sea Turtle, and Trickbot. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
According to researchers at Morphisec, the threat actors behind Trickbot have started to misuse a new functionality added to Windows 10 to execute malicious macros. The method has the potential of both bypassing static and dynamic analysis. The phishing document includes an ActiveX control for the "MsRdpClient10NotSafeForSripting" class that is only available on Windows 10. The object does not include a server address, which causes it to fail with a DNS resolution error. If this error is returned, it triggers the malicious macro code to be executed. Usually, malicious macros are triggered to be executed when the document is either opened or closed, this method used may not be considered by static analysis tools. Also if the document is opened in a dynamic analysis tool and a fake DNS response is returned, the malicious code is not executed either.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] DLL Side-Loading - T1073
Roaming Mantis has improved their techniques to make it harder for researchers to track them according to researchers at Kaspersky Labs. The new technique appears to be tested against Korean targets and requires the victim ..
Support the originator by clicking the read the rest link below.
