The intelligence in this week’s iteration discuss the following threats: APT, Data breach, Malware, Ransomware, Spearphishing, Targeted attacks, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Cloud Atlas Threat Group Updates Weaponry with Polymorphic Malware (August 12, 2019)Cloud Atlas, an Advanced Persistent Threat (APT) group also known as Inception, has updated its attack techniques with new tools that allow it to avoid detection through standard indicators of compromise. Kaspersky researchers have seen Cloud Atlas targeting the international economics and aerospace industries as well as governmental and religious organizations in Russia, as well as Portugal, Romania, Turkey, Ukraine, and other countries. Cloud Atlas is distributed through spearphishing emails and, upon successful infiltration, it will collect system information and log passwords, and then exfiltrate recent files to a command and control server. This application collects initial information about the attacked computer, and executes malicious module “VBShower,” which erases evidence of the presence of malware. The main differentiator in the new infection chain is the fact that a malicious HTML application and the VBShower module are polymorphic, meaning the code in both modules will be new and unique in each case of infection.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] Spearphishing Attachment - T1193 | [MITRE ATT&CK] File Deletion - T1107 | [MITRE ATT&CK] Data Obfuscation - T1001
weekly threat briefing cloud atlas threat group updates weaponry polymorphic malware
