Thomas Keepout
TechHelpKB.com 📚#Cybersecurity agencies have warned about the emergence of new variants of the #TrueBot #malware. This enhanced #threat is now targeting companies in the U.S. and Canada. https://tchlp.com/46AwBmt
Just Another Blue Teamer#HappyMonday everyone and it's always a good start when the new The DFIR Report drops! This one includes #Truebot, #CobaltStrike, and ends in data exfiltration and the deployment of the #MBRKiller. Enjoy and Happy Hunting!
Link in the comments!
***I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so, leave your thoughts in the comments OR send me a DM!***
TA0001 - Initial Access
T1566.002 - Phishing: Spearphishing Link
TA0002 - Execution
T1053.005 - Scheduled Task/Job: Scheduled Task
T1204.002 - User Execution: Malicious File
TA0003 - Persistence
T1053.005 - Scheduled Task/Job: Scheduled Task
T1078.003 - Valid Accounts: Local Accounts
TA0008 - Lateral Movement
[Here is your chance to fill in the blanks! Enjoy!]
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
securityaffairsExperts warn of a surge of #TrueBot activity in May 2023
https://securityaffairs.com/147082/cyber-crime/truebot-spike-may-2023.html
#securityaffairs #hacking #malware
https://securityaffairs.com/147082/cyber-crime/truebot-spike-may-2023.html
#securityaffairs #hacking #malware
Experts warn of a surge of TrueBot activity in May 2023
VMware’s Carbon Black Managed Detection and Response (MDR) team observed a surge of TrueBot activity in May 2023. Researchers at VMware’s Carbon Black Managed Detection and Response (MDR) team warn of a surge of TrueBot activity in May 2023. Truebot has been active since 2017 and some researchers linked it to the Silence Group, while a […]
Sophos X-OpsSome of the final payloads overlap with previously-reported threats, such as #Truebot (#downloader, often linked to Cl0p #ransomware), #Buhti (ransomware), #MoneroOcean (a #coinminer, discussed here: https://news.sophos.com/en-us/2021/12/02/two-flavors-of-tor2mine-miner-dig-deep-into-networks-with-powershell-vbscript/), and #Mirai (a #botnet #worm).
One such example of a #miner, shown in the screenshot below, details the commands to terminate the processes and services used by other, competing malicious miners before launching their own #Monero (#XMR) mining software. This cynical form of 'capture the flag' is commonplace behavior among the threat actor groups who deploy and maintain hostile miners.
5/6
Colin CowieCritical RCE in PaperCut (printing software) - already exploited in the wild 🚨
🔗 https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
Yesterday Sophos detected and responded to this activity, here's some threat hunting guidance:
- Review process execution from PaperCut (pc-app.exe)
- Check for PowerShell network connection to windowservicecemter[.]com
- Review for malicious Dual-Use Agent Installations (Atera RMM)
The C2 Server hosting the post-compromise tools was also hosting #TrueBot malware a few days. TrueBot has previously been observed prior to #CLOP ransomware 🤔
Joe SłowikSome analysis from my team and the Huntress Threat ops folks on recent exploitation of #GoanywhereMFT software, with a link to #Truebot malware and potential #ransomware deployment:
https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits
https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits
Security Affairs#TrueBot infections were observed in #Clop #ransomware attacks
https://securityaffairs.co/wordpress/139527/malware/truebot-infections-clop-ransomware-attacks.html
#securityaffairs #hacking #malware
https://securityaffairs.co/wordpress/139527/malware/truebot-infections-clop-ransomware-attacks.html
#securityaffairs #hacking #malware
TrueBot infections were observed in Clop ransomware attacks
Researchers reported an increase in TrueBot infections, attackers have shifted from using malicious emails as their primary delivery method to other techniques. Cisco Talos researchers reported an increase in TrueBot infections, threat actors have shifted from using malicious emails as their primary attack vector to other techniques. Truebot has been active since 2017 and some researchers linked it to […]
#TrueBot infections were observed in #Clop #ransomware attacks
https://securityaffairs.co/wordpress/139527/malware/truebot-infections-clop-ransomware-attacks.html
#securityaffairs #hacking #malware
https://securityaffairs.co/wordpress/139527/malware/truebot-infections-clop-ransomware-attacks.html
#securityaffairs #hacking #malware
TrueBot infections were observed in Clop ransomware attacks
Researchers reported an increase in TrueBot infections, attackers have shifted from using malicious emails as their primary delivery method to other techniques. Cisco Talos researchers reported an increase in TrueBot infections, threat actors have shifted from using malicious emails as their primary attack vector to other techniques. Truebot has been active since 2017 and some researchers linked it to […]
ITSEC NewsBreaking the silence - Recent Truebot activity - Since August 2022, we have seen an increase in infections of Truebot (aka Silence.... https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/ #cve-2022-31199 #raspberryrobin #truebot #botnet #grace #ta505
Breaking the silence - Recent Truebot activity
Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several countries around the world.