The intelligence in this week’s iteration discuss the following threats: Black Friday, Data breach, Emotet, Monero, Remote Access Trojan, RevengeHotels, Ryuk, Scam, Spearphishing, and XMRIG. The IOCs related to these stories are attached to the Community Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Mixcloud Breach Affects 21 Million Accounts (December 2, 2019)The streaming service MixCloud has suffered a data breach after a threat actor called “A_W_S”, distributed personal data of MixCloud users to various media companies including outlets Vice and ZDNet. The data leaked includes email and IP addresses, hashed passwords, registration dates, and last login dates and users’ country of origin. The data has since been placed for sale on Dark Web marketplaces for sale in range from $2,000-$3,700. This is not the first time A_W_S has published personal data for sale on underground marketplaces. They released the data of Canva, a graphic design tool website, Chegg which is an education platform and StockX, an online clothing marketplace.Click here for Anomali recommendationMITRE ATT&CK: [MITRE ATT&CK] Credential Dumping - T1003 | [MITRE PRE-ATT&CK] Identify sensitive personnel information (PRE-T1051)
Millions of Americans at Risk After Huge Data and SMS Leak (December 2, 2019)The private text messages of hundreds of millions of users have been found unprotected and in cleartext ..