MITRE ATT&CK: Logon Scripts - T1037 | Account Manipulation - T1098 | Obfuscated Files or Information - T1027 | Deobfuscate/Decode Files or Information - T1140 | Hide Artifacts - T1564 | Masquerading - T1036 | Rootkit - T1014 | Indicator Removal on Host - T1070 | File and Directory Discovery - T1083 | Network Service Scanning - T1046 | Network Sniffing - T1040 | System Information Discovery - T1082 | Data Encoding - T1132 | Standard Non-Application Layer Protocol - T1095 | Proxy - T1090 | Exfiltration Over C2 Channel - T1041 Tags: Lightning Framework, Linux, Lightning.Downloader, Lightning.Core, Typosquatting, Masquerading, Timestomping, Port:33229 Google Ads Lead to Major Malvertising Campaign (published: July 20, 2022) Malwarebytes researchers discovered a malvertising campaign abusing Google Search advertisements for popular keywords such as “amazon,” “facebook,” “walmart,” “youtube,” and other world top brands. Monitor for file creation based on the Lightning naming convention. Analyst Comment: Defenders should block known Lightning indicators. Lightning is a newly discovered threat, and there is no information about its use in the wild and the actors behind it. Lightning has passive and active capabilities for communication with the threat actor, including opening up SSH service via an OpenSSH daemon, and a polymorphic command and control (C2) configuration. It is a modular framework able to install multiple types of rootkits and to run various plugins. Trending Cyber News and Threat Intelligence Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware (published: July 21, 2022) Intezer researchers discovered a new Linux malware called Lightning Framework (Lightning). These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Bots, China, Linux, Malspam, Mobil, Russia, and Spearhishing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |