The intelligence in this week’s iteration discuss the following threats: BEC, Botnet malware, Data breach, Data leak, Pre-installed threats, and Vulnerabilities. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Trending Threats
Uncovering a MyKings Variant with Bootloader Persistence via Managed Detection and Response (August 19, 2019)Trend Micro researchers were on-site with an unnamed electronics company in the Asia-Pacific when they identified malicious activity taking place within the company’s network. That activity appeared to be related to the “EternalBlue,” exploit that is notoriously known for being utilized for the global WannaCry ransomware attack that took place in May 2017. Additional investigation revealed that one of the company’s machines was communicating with a Command and Control (C2) server that contained the word “mykings,” which is related to a botnet found in August 2017. Further analysis revealed registry changes on the machine that indicated that it had been infected with malware and remained undetected since 2017. MyKings is a botnet malware that is also capable of downloading a payload, likely a cryptominer since the botnet mined currency worth approximately $2.3 million USD as of 2018.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] Scripting - T1064 | [MITRE ATT&CK] Registry Run Keys / Start Folder (T1060) | [MITRE ATT&CK] Windows Management Instrumentation - T1047
ECB Shuts Down Compromised BIRD Website (August 15, 2019)U ..
Support the originator by clicking the read the rest link below.
