Emotet: A Small Change in Tactics Leads to a Spike in Attacks Menlo Security share recent observations from Emotet samples: https://www.menlosecurity.com/blog/emotet-a-small-change-in-tactics-leads-to-a-spike-in-attacks
OceanLotus’ new Downloader, KerrDown OceanLotus, also commonly referred to as APT32 is one of the most sophisticated threat actors originating out of south east Asia. PaloAlto Networks’ Unit42 have been tracking its use of a new downloader. Unit42 says: “While OceanLotus’ targets are global, their operations are mostly active within the APAC region which encompasses targeting private sectors …
A weaponized excel spreadsheet named “Kuwait oil Company Business Profile.xlsx” using “CVE-2016-7262” vulnerability has been identified by MalCrawler. Identified indicators are shown below: FileHash-MD5 7734b4f3fab4cb3c9edf5e185bebeacd 2FileHash-SHA256 b3e260db478ed2512ee7012054da262bc50df68f96f0e8156826bb87c354c12b 2FileHash-SHA1 bd9321fbf0e2e4e327b2a1d36566de96c6d0fa35 3CVE CVE-2016-7262 3FileHash-MD5 f1a3483db13c90412590765829441aa5 3FileHash-SHA256 fc0eb025d2c4ad4eb9a67cd43d82729d413f2b03234c301a9e0ae1cabad725da 3URL hxxp://220.127.116.11/~kockw/uploads/file1.xn--ps1\-jb7a 1URL hxxp://18.104.22.168/~kockw/uploads/mcafee1.exe 1domain kockw.us 1hostname pdpaso.omnirat.cf Read the full article here.