The intelligence in this week’s iteration discuss the following threats: APT33, BankBot, CryusOne, Dridex, Magecart, Python, PyXie, OceanLotus, REvil, StrangHogg, The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Threats
Clever Microsoft Phishing Scam Creates A Local Login Form (December 7, 2019)A phishing campaign has been identified by ISC Handler, Jan Kopriva. The campaign contains the landing page inside a Hypertext Text Markup Language (HTML) attachment, as opposed to typically redirecting the user to another site. The HTML file is sent in a phishing email as an attachment, with the file containing a large amount of obfuscated Javascript. Once opened, a login form is opened in the user’s browser for a number of email providers including AOL, Gmail, Hotmail, Office 365, and Yahoo. These credentials are then sent to a remote site. With the login form being generated locally, the threat actor is able to go undetected, and do not need to register domains.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] Scripting - T1064 | [MITRE ATT&CK] Credential Dumping - T1003 | [MITRE ATT&CK] Spearphishing Attachment - T1193
BMW Hacked By Hackers (December 6, 2019)Malicious actors have ..
Support the originator by clicking the read the rest link below.
