Happy #MalwareMonday, this time brought to you by the researchers Imano Shunichi and James Slaughter at Fortinet!

The Akira #ransomware which affects both #Microsoft and #Linux systems. According to the team, the adversary likes to target "VPN services that don't have multi-factor authentication (MFA) configured". It has an extension and directory exclusion list built in and provides the adversary some command-line options which includes the option to choose the path, file, and folder for encryption, which path to share the file on, and how fast they want the encryption process to take. There are also some "minor variants" of the ransomware that they observed as well!

Ransomware Roundup - Akira
https://www.fortinet.com/blog/threat-research/ransomware-roundup-akira

Some MITRE ATT&CK TTPs:
TA0002 - Execution
T1059.001 - Command and Scripting Interpreter: PowerShell

TA0040 - Impact
T1486 - Data Encrypted for Impact
T1490 - Inhibit System Recovery

Happy #MalwareMonday everyone!

The Kaspersky #Securelist researchers provide details on not one, not two, but THREE pieces of malware! They cover the #ASMCrypt (a crypto/loader), #Lumma (a stealer), and #Zanubis (an Android banking trojan) and provide insight on their TTPs and behaviors. Plus, you get the links to the reports they produced! Enjoy and Happy Hunting!

A cryptor, a stealer and a banking trojan
https://securelist.com/crimeware-report-asmcrypt-loader-lumma-stealer-zanubis-banker/110512/

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

We got a PACKED #MalwareMonday this time!

The Palo Alto Networks Unit 42 researchers provide a comprehensive look at the apt known as #Turla (aka Pensive Ursa, Uroburos, Snake), their TTPs, and the malware they use! Enjoy and Happy Hunting!

Threat Group Assessment: Turla (aka Pensive Ursa)
https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

I hope everyone is refreshed from the weekend and ready to go!

This #MalwareMonday is brought to you by Truesec whose research team took a look at the #DarkGate malware that was distributed using #Microsoft teams. It started when an external sender shared a malicious link that led to a zip file being downloaded which contained a LNK file (shortcut) that was disguised as a PDF that when clicked would execute a VBScript which ultimately leads to the DarkGateLoader being dropped. Happy Hunting!

DarkGate Loader Malware Delivered via Microsoft Teams
https://www.truesec.com/hub/blog/darkgate-loader-delivered-via-teams

MITRE ATT&CK
TA0001 - Initial Access
T1566.002 - Phishing: Spearphishing Link

TA0002 - Execution
T1204.002 - User Execution: Malicious File
T1059.005 - Command and Scripting Interpreter: Visual Basic

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday