The intelligence in this week’s iteration discuss the following threats: LokiBot, Magecart, Nemty, NetWire, Purple Fox, Ryuk Ransomware, and WiryJMPer. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Trending Threats
Database Leaks Data On Most of Ecuador's Citizens, Including 6.7 Million Children (September 16, 2019)A database of approximately 20.8 million citizen records has been exposed via a misconfigured database, in one of the largest leaks in the country’s history. The database, held on an ElasticSearch server was discovered by researchers Noam Rotem and Ran Locar. The data contained included Dates of birth, Cedulas (national ID numbers), Education levels, Employment information, Home addresses, Marital status, Names, and Phone numbers. Information on families was also exposed including family relationships and 6.7 million records about children under the age of 18 that include addresses, cedulas, gender, names, and places of birth. After a week of being exposed, the database was finally secured after vpnMentor contacted the Ecuador Computer Emergency Response Team, who acted as an intermediary.Click here for Anomali recommendation MITRE ATT&CK: [MITRE PRE-ATT&CK] Identify sensitive personnel information (PRE-T1051)
New WiryJMPer Droppers Hides Netwire RAT Payloads in Plain Sight (September 12, 2019)Avast researchers have identified a new malware dropper that infects systems with Netwire malware. Netwire is a Remote Access Trojan (RAT) that allows actors to remotely control their victims’ computers. The discovery was first made as researchers noticed a cryptocu ..
Support the originator by clicking the read the rest link below.
