Threat Round Up for Feb 2 - Feb 9

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 2 and February 9. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of date of publication. Detection and coverage for the following threats is subject to updates pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

The most prevalent threats highlighted in this round up are:

  • Img.Dropper.PhishingLure-6443153-0
    Office Macro Dropper
    These Emotet distributing droppers use images to present instructions to the user to enable dynamic content.
     
  • Win.Adware.InstallMonster-6443601-0
    Adware
    InstallMonster is a software bundler that may install unwanted applications on the system as well as display unwanted advertisements to the user.
     
  • Win.Downloader.Adload-6418193-1
    Downloader
    Adload is persistent adware that repeatedly opens popups and fake error messages. These popups direct the user to advertisements, or download and install additional unwanted applications.
     
  • Win.Downloader.DownloaderGuide-6443792-0
    Downloader
    This cluster involves XmasFred installers that downloads and executes other binaries.
     
  • Win.Trojan.Emotet-6444504-0
    Trojan
    This malware cluster covers Emotet and Tinba samples. The malware is dropped by obfuscated VisualBasic executable files.
     
  • Win.Trojan.GenInjector
    Trojan
    This family is highly malicious and injects code in the address space of another process. Moreover, it uses process hollowing to hinder the analysis as well as long sleeps. For persistence, it sets autostart registry keys.
     
  • Win.Trojan.Zusy-6443152-0
    Trojan
    This .NET trojan contains a module called God.exe that creates a fake svchost.exe process in AppData and adds an entry to the list of authorized applications in the Windows Firewall.
     

Threats

Img.Dropper.PhishingLure-6443153-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • MC8D2645C
  • MD57D8F73
  • Global\I98B68E3C
  • Global\M98B68E3C
IP Addresses
  • 176[.]223[.]209[.]113
  • 212[.]5[.]159[.]61
Domain Names
  • www[.]manuelaponomarenco[.]ro
Files and or directories created
  • %WinDir%\SysWOW64\specsystem.exe
File Hashes
  • 182cad030170c3ebb1b5ec28a2174b572845403f0731363291ccf0d16350f891
  • 1aa7436383c71ed5bc878e1e52bf66a017cb6b82b4ee6fbe23b67b11403efadc
  • 1d869439f6a5b2e51a92b579924395478263b897822bd76124639a0d78fe361b
  • 281ae4e896a0fe96ab28bab6a1da4d9a9d36f2b4d4ff88167df990e50735d0f5
  • 290dc3abf2bdb619f6c8d2abf79d12483dc8b0ae420ab5ccfca178baeece5089
  • 2f82036da229db4a9600179aad8e967edb06d1c0bfa2ea8f857bcc781ed30e08
  • 35de4cf3ed429504e8b8695b33f386d2ca84017373af99b76f41d5df69f5f84c
  • 3927f8d5492927df58b6ea3a97197592cb9ce4ef9fc98f5e93952805d6ebbdab
  • 43089883a4e0d5dcb286f4b7bc585bc418a4641a0e3d1c0919215a2112378630
  • 43e7bcef39f88ca7d3b9b67d09f9264c4946e0e12a337c23e043bb8e9f634c2e
  • 46acbdf64873613dceff0d9d5af2169ef6af5b71576a312d3cd2320bc2ca4f34
  • 4c6203f2c7d3590948d783ce0dbf181927a3645b82167fefbad5d34a203112d2
  • 4d31f25c4da2b05fbacc21035e0a2284be60e10ef103d3a1d412234717706550
  • 4e9624a45f3419c398f9fc9c7e8ec2e8472b432382c11c984aeb7860e1297903
  • 54144d97c81096fb6cd6464b12cd1b6c48e5f2b0ce0d8b1f16e34af0153a98cb
  • 5602ba9c52386806f8d723f63265fe94d15303d3112a2c0b6bd7b6319626c32f
  • 66ae2270fff3a22c0e1a65fc4952f735b42b4d03445d5729b3a4e74d9ffe5d49
  • 6755c2d4855a8b5ec2eb9dd9ab20edc55230c9cd12c372080bae52997899cf2e
  • 6cf585b16de1edb9dc313886ddb4b32d617290eef1c9ce1a2ef6160336c1eaad
  • 6e2460dab20fcca216798641dfa821e73b5bccf510df487839f542a198740778
  • 6e4a276dd2d745f57faa6e18ba90e255836ef4976c65cdfd831412b8ae4ab91c
  • 6f9034646e6fcead5342f708031412e3c2efdb4fb0f37bba43133a471d1cb0e0
  • 72d16e5244d6e31f29a0ce765df09b6e9f8cc096a4266458001ce1cff345a398
  • 74b66767a723949e5b0837eb281bad34b6f6132d9b4aef0b3d36651193edd3d7
  • 76c7d0440bee5b4f885592bc4714e5ed3c1ba6677f95702d83cb44a52907437a
  • 7c344293212b1de4798beb0cf70c9bec493460d5befba2eef1ce26a83c04ad2f
  • 853ce320b07e88db313df40a05307921594d83f568ec7cb5981e180d24a7e510
  • 865e660b5d65cfea1cf8d595c281363bd399c0a47b0270dac8bb9b8e7dd9fcf1
  • 86b774067ba5911413c1125626056f32d4e076c0c15aa38e78c606573b3f730e
  • 87dc2f7b36c4423f641516068c94feb3c9a634fbaa9196244cbf03bed8f2c85a
  • 9f84428908f16511529c2589a917e7f53b3568cd7a7832d966cf06333bb26bcb
  • a317da8fffca78122bc24c3c39d4c6af965aa9e1bae00a0705c7cee8c231dc79
  • a77e40b03e814c6f554929a939839416d80f73228a123ab953be37a1f25780b5
  • a8c75f9b1e601c4c77b67ddd1bdb28bf9164c4f507b9530fa31861f2c72fb2d7
  • b62230042f02ecdff4a53e7d3cb77023c1d4bdde332d568cfc2c1001500c314d
  • b6600f389bf52796db5fcba03ef991df5a395a1a70b0f4096445469f9553ecde
  • c412ad121682d33210402955ad330fbd182c5c57155bab2db659c7557d4a417b
  • c462b00bfbd8e3bd79fe54c2bd74850b3a4a6d67b36cf3dc088462910b593b81
  • cb7ce3342987424ea1303adb8172f0172f4bbead7a348263f67bd84630b01059
  • d007c2ec4483fcd4dbf67233956b194d3a3a46426f700282ea7b01785a10fc50

Coverage


Screenshots of Detection

AMP


ThreatGrid


Umbrella


Screenshot





Win.Adware.InstallMonster-6443601-0


Indicators of Compromise


Registry Keys
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP
    • Value: ProxyBypass
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP
    • Value: IntranetName
  • <HKCU>\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2
  • <HKCU>\Software\Microsoft\Internet Explorer\Main
  • <HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Mutexes
  • N/A
IP Addresses
  • 200[.]7[.]96[.]22
Domain Names
  • sciencemiracle[.]top
Files and or directories created
  • %Public%\Desktop\Download Corel Painter ...lnk
File Hashes
  • 05827d9b842370ad0172bbc21189956edf6a3aeacabe455c3386fb294c91cbac
  • 02fe9351831a92fc038f546703d9d76a84474cef38c93bdf2fe2f76d3409e932
  • 049fc0a7cece52d6f40d34a5ec7f1e55e1a00b15d78fc831397f050785a92e5a
  • 0b20d5bc9b5f22fde1fd769392a8df02722cb30f12954a18fad2570f6c2fcedf
  • 0d10201d5be9135b7bb1676c30452fac1d82019debcf3170655a0719ba3e0d59
  • 13353b13d483f3096a3c4cc98bbbecdf5f67c86e13d1af3627b9f61b8a37c058
  • 16ee6d3da75a3527ce741fbcbd8424b52826fcd89510a1206d9e30df1e441ff6
  • 16f734eac6b1360142b4f4602aa7543b0af21440e0c6d06f635f6f685b6d951b
  • 1901b7872887beca319f88ded466061762dcce27b82964e0771bdc239d70a04a
  • 1e1f00584ddd324467fd0e2b9f06d1320efdec7253f63833d19d960acc598975
  • 22903e84c8be9c4cef7ec3a7280fa359cced7bb9ee71de74f815a38f07c1fcc4
  • 25750ae1857c77a233d43bad1ca56b7287efb31d568c8788cddfd56e8f161f22

Coverage


Screenshots of Detection

AMP


ThreatGrid


Umbrella





Win.Downloader.Adload-6418193-1


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • Global\AmInst__Runing_1
IP Addresses
  • 198[.]54[.]117[.]200
Domain Names
  • www[.]quaintspokenracketiest[.]site
Files and or directories created
  • N/A
File Hashes
  • 1f910886460d291aa28ce33dff560b291ee3a9040c1ffe125134d01cb8673bd3
  • 1f9c34ceeb4600837359be13415e95783f4e5f7ea8d3def87ce3b06ec6a047dd
  • 1d5c26af77f30dab347de49c91146a6d2d3b95df5ccd532fc1d8aee0ae63eda8
  • 1474c9ed8ea883047a1f069ad93cfa3516d3a337fbbf93ae9248c17f6646c3ba
  • 10b8bbff557792a03e71fb766b075cc6281976e05694b11bfac31a375863d6d6
  • 0dc1235368b24fed46e7f744c6b9f9c486d3b36a3e6fa1a20d7ec869ac656310
  • 0bbff365a4284eb3ab0932cb80f5d3d35880ec2a0c473daa7a75ac46c091bb3c
  • 150a103d11bbc8638116a30427620db833d926e6bd74fcda12ec90d6e89dfe3d
  • 0b2c3b28e73b96ab473d6e5f4c24c8c427e9639d7efe203faededaf09480c2e6
  • 051826260a52420903d9c17d973a0cc78dc5706140df1af05cdafd9321d2764f
  • 0473d1632bda43d83bc8fdb65d095479a5ef49ad816725b84aa9a7bf75356d42
  • 25b2aeddfe481e574ee14ead95537de4d94b18d3654c8d0866dbe42631aab64c
  • 1eea07045426f602a8ec956cbe99556c8b54c1d51610fe7a6806941a79deed84
  • 19d41761096fdb20dc412af13a00c6ec752ca7bbb8444aa9c546aa0fb5385782
  • 1978e7025d0cff47a798ce59da8e3f5dafe6b9ec39aa46ca1882fdef2a0b61c2
  • 0c00f2e323696cc3f39832b7da538701850d28998610711d8d70594314436399
  • f854f72ac2f61de681be53b78c6c5050580c19c589104c3efdedc8a4838e6932
  • ce37d2dc789a535be7af9a44827ebce419f8637a09bb7e352696d474e07786a6
  • cf5249a37d8c7526cd7daabb01e8df29eaacf7cf93759ac09b48e08db8b26c2a
  • b99011d4fcafe5ed1e022534e5dcc18835fae5a86c873039a1a56617414689ec

Coverage


Screenshots of Detection

AMP


ThreatGrid


Umbrella






Win.Downloader.DownloaderGuide-6443792-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • DlgCpp
IP Addresses
  • N/A
Domain Names
  • dlg-messages[.]buzzrin[.]de
  • dlg-configs[.]buzzrin[.]de
Files and or directories created
  • %WinDir%\SoftwareDistribution\DataStore\DataStore.edb
  • %WinDir%\WindowsUpdate.log
File Hashes
  • 2713963eb9b15eba3254444d86bdf9fc50c0a44709eb8ee154c476786e9d99c1
  • 3529872d962530a50f47e947ea5c4a367fb7bbc8d6084dde1d8089e3b48b3893
  • 93974e363e38dfa5d11fd227e0de730d62b0967fd640b31e7382903b6ba5f739
  • 59c68020dee3bbb7e0c071db202fff734b858aef4aa0f708054bfeee08577cdb
  • bc0015c6ab7cab17c34b96111a165591b4db5fee01eed778a9ab6d285e51485f
  • 902f1150f83800ac4fc2c28a3e83253f7892c297ca4998955fc66f78336fa69b
  • 466fff17d182237602a6ed4897a0122a61d1b4e4bed73481b41a10fc7d5355da
  • 103ee228b018a8e1e689a03c610fad4ab9d0c4d644facbba745b1b63f5ed40ec
  • ad75bfc96fd6e336be402b250001620706ba1ff4b54f7ddad92a6ec4e760c320
  • 70e6eaccfd29763b4bf117067e0ef378b3720616fc82406a1d8e546d51919fb4
  • 1ae3646b98b09736443aa3d26e5396d7feb510a14d6275a98d010903c660e8e1
  • 3c14d644d76bc09c3243305a01221246e4c30d58b5498a42c6a7248b28f29645
  • 85961d3953f9830946af4fe46e6639dd57e56df6be26689c497a93bbec0543e9
  • 319cbac9d24298431ce6b4451ca1751d05787a39ab298dbbb516c6351bc7e500
  • f1ea59a7312d82b48c43292466b44b5533dee92b0dd50d618454fe695bfcde05
  • e0c3b75a1fd23310c6310a96c2a9c1f1d6aafe6a89833aa5eb68f307e1c8a074
  • 9731e93d38a6cd040102243cd9918f9ab63f23c063e51284700b4784325f7a00
  • 8deeb09519b1a398409fcf5e375a6c68f8712a168a98fb41721d1fb3ea8dd8b9
  • d3c318d3bbf3186e879a6dd125e0828eb480120b231df33e34156d2b9a32aff2
  • 8fef976a246e440dba1e3f45671588253e1f8c46acc10fe5d1873098b9f2bd3a
  • 9c8ea37c3c17728b11477936e0723de25c74ef38d66d5b17832dfca7b1788d76
  • 85739ff86a8c4465f0abe5eb0dd9100f453a15dfe5c1756de34ab40247273d03
  • 14d5afb6e3867b3016925a53c294b87fe2122fbf8650f468c9f5e3e1ca115b16
  • 5cf9b749006d7404e09190d54d76a7f0af758471948ed6d924736dec784689e4
  • 1bf58f0bfb9ae73d0735519717731e2aaf159b975b7ed6442565fdbbb496cd23

Coverage


Screenshots of Detection

AMP


ThreatGrid


Umbrella


Screenshot





Win.Trojan.Emotet-6444504-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • FAFEB955
IP Addresses
  • N/A
Domain Names
  • N/A
Files and or directories created
  • %WinDir%\setupact.log
  • %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  • %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  • \Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V01.chk
  • %WinDir%\Tasks\SCHEDLGU.TXT
  • %System32%\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2580483871-590521980-3826313501-500_UserData.bin
  • %AppData%\Microsoft\Protect\S-1-5-21-2580483871-590521980-3826313501-500\638784ff-73cd-4f1c-a5cf-845c7e3f97ce
  • %System32%\config\TxR\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
  • %AppData%\Microsoft\Protect\S-1-5-21-2580483871-590521980-3826313501-500\Preferred
File Hashes
  • 151b8a37101a060bb97a12c6d076923bbc4706da2763fc0bde43fb2ae5b38e3c
  • 912c1c5303e782d4ef43f65146b80d0efe2d79e5a0f43e06c8cd146125a9e0a6
  • de3b898b771d6e1abfbd5c4cacf7db4b806ab8048e021eb18d8885108839fe77
  • c37aaa5702f75169e2ce9de7a9fe109727efb3558d582352c2b97a3cca3564d8
  • 32f60f4ff601a89d6ccfce6cd6af4b19cd606d2d2278b23903e049c429c8e056
  • 53eccf073cb85d00623d1c708cc13fff995ec504fe89dfab59c56a782c18c409
  • 08f3c988473aea98d4ca8ab627cd5e10f075455b5f6a538a13dc53871d29a04c
  • 75430b8cd13f3974be5950f0a84bcf23b31d4199c17e729e804d9dddffbc8b3a
  • 2d21f1034be1e02955c906251b147ec28974e1afff7982a956ac77e951c69642
  • e45c52c8115e6d396504667f7dfda58c55760eced8847ad4938c77e6128323f8
  • 70580a49df3be66fdb1a0a369f478660ea55bfb16800b1f2976731c4cb9549d8
  • 57ed7d6ee9ae8b07783bd1df207521cf0f3e1365951c29ac04f1afc1d4f3c048
  • bb2cac71f9c861e2554933876b45fdb7d143aa20ff78a2bb73565ff014d29fd5
  • 01012f164c2570e656ea7c4b99b2b5a7845a77cefcab66b9d65e02da73821894

Coverage


Screenshots of Detection

AMP


ThreatGrid






Win.Trojan.GenInjector


Indicators of Compromise


Registry Keys
  • <HKU>\S-1-5-21-2580483871-590521980-3826313501-500_CLASSES\LOCAL SETTINGS\MUICACHE\3A\52C64B7E
    • Value: LanguageList
  • <HKU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  • <HKLM>\SYSTEM\CONTROLSET001\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9EB90D23-C5F9-4104-85A8-47DD7F6C4070}\CONNECTION
    • Value: PnpInstanceID
  • <HKLM>\������Њ�������ќ�э�����������э�В���������Г���Й��я��
  • <HKLM>\System\CurrentControlSet\Services\Tcpip\Parameters
Mutexes
  • 3749282D282E1E80C56CAE5A
IP Addresses
  • 31[.]31[.]196[.]236
Domain Names
  • u0417398[.]cp[.]regruhosting[.]ru
Files and or directories created
  • %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\284_appcompat.txt
  • \TEMP\SOA October IN274348.exe
  • %WinDir%\SoftwareDistribution\DataStore\DataStore.edb
  • \EVENTLOG
  • %WinDir%\WindowsUpdate.log
  • %WinDir%\SoftwareDistribution\DataStore\Logs\tmp.edb
  • %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\10B26.dmp
File Hashes
  • fb237b7fc75cec8180f4d853c44911dc0dbdb705be39c3e6f1f2a523b79ff9d5
  • d90dc3f22cc7bd92f22bafa9d77b0e373849386eae57606b42239f915357084a
  • e128f7ad54a882d2d269733a956f49e5b1bf2b182781f24f98f058f2d8f48787
  • 021492b2cc3c242851207e402e9ba284ed32350379deac649f38426130b2c01f
  • 2cd6fc2a4572f4b1a39371a8df8c664eabe119608908d441257e72eb203737f4

Coverage


Screenshots of Detection

AMP


ThreatGrid


Umbrella






Win.Trojan.Zusy-6443152-0


Indicators of Compromise


Registry Keys
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value: svchost
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5E197F8B-DAA2-BABD-EDBF-DEFDFDFEBEEB}
    • Value: StubPath
  • <HKU>\S-1-5-21-2580483871-590521980-3826313501-500\SOFTWARE\VB AND VBA PROGRAM SETTINGS\INSTALL\DATE
    • Value: HFGW2HEVRP
  • <HKLM>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN
    • Value: svchost
  • <HKU>\S-1-5-21-2580483871-590521980-3826313501-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value: svchost
  • <HKU>\S-1-5-21-2580483871-590521980-3826313501-500\SOFTWARE\VB AND VBA PROGRAM SETTINGS\SRVID\ID
    • Value: HFGW2HEVRP
  • <HKU>\S-1-5-21-2580483871-590521980-3826313501-500\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5E197F8B-DAA2-BABD-EDBF-DEFDFDFEBEEB}
    • Value: StubPath
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST
    • Value: C:\Users\Administrator\AppData\Roaming\svchost.exe
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE
    • Value: DoNotAllowExceptions
  • <HKU>\S-1-5-21-2580483871-590521980-3826313501-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value: internat.exe
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE
    • Value: DoNotAllowExceptions
Mutexes
  • N/A
IP Addresses
  • N/A
Domain Names
  • runeo[.]no-ip[.]info
Files and or directories created
  • %AppData%\mirc
  • %AppData%\svchost.exe
File Hashes
  • 742d600c5e784c8dd2d54a9a6b74e3b67a20da1a6f9355511ff0c05ba48121c2
  • 0328c4576287299e56877f254ea46a78f902c46fefef26c4bef7f2e9914ab378
  • 07927ef357ebb94200b9ec784db1337f2a2012a9591bcdf2f27387e7992983ac
  • 0e40b1eaf8bb90fbc2401ff200edbf7930957235af98d5c58ae7f1562d3a3d93
  • 191281b087c742f6a99e05356bf0d8fd6e30340754c7b8ead6ae4051a595744e
  • 217fd7e2bb21f0f0023f1c557bf29bd7578ea92159232e20d2d9cf34b6dfe976
  • 219c813aa7aefc3db6d7de37898dfc9cb31a915f0c97d9ffd204b03df6598145
  • 2d928287f5966bd08e8fba8e5682b6f0200ae92c560fd9f5b07eaf3301110417
  • 3d9b06a7e27337026085feb880489db6fdf9d92eff63412385a784977825e165
  • 4a6003e3c1930cd82f5be9f73b6b4554777ab453dd7783fb21cfd94478787ab1
  • 4f318f15e17c6839069c53c5cc9594f50cc805867aa9d04df688daa10c55a28c
  • 6e9516009a6da7c3247f058783b6515d66c11c440bd60394452112a28a815272
  • 961af12739f5f34051d10edeefb90ba81d7509135de72c16fc8afefc28febdaf
  • a45471269d4a0c4e4a2f207b1e69827a075ad171b30c7812e65ba1af15839d1d
  • a7af202e3d506f9f52a3cec09238bc8aa8096611206807e2c3f2b17d7976db96
  • ad47218986739e0072c91932f1d07a9f5f0ea7c98264978f57d0041f6100551e
  • b067ecbfb6d02654c42fca66e4cf6dffe14a171a42807fd354f9cb7e7cba775b
  • b8dbab7f7429309272e6608b9bae6bdc6ff75f95c130b93c78bb8a9b619a5cb6
  • b9c2b5cc1df590e197d3df80584a8c077c2d68ef9aaea4888af8598541aec0f2
  • bc61b85b359f344f7a00eae0d4015889fca2cdb623569fd25133400db2f2015a
  • bdc949c5324235de7179b823d967220b3e92dcaaa21ee98ff452a3c80cd1c2c1
  • be31db615f5a4aa48517252c57022a2fc9582f7740801e00bd8d7858d89b2bcb
  • d4ff1da63afb7b0008d655bc2387f5f00452e920d6e253f23792f928ff6ac875
  • e445e0d7f1a46b98400693a28c9ec427450abc8f29df4c145c1d860205dffa57
  • e88b52ba0a0047a297855ce56115eacc07ea8b34a06900eef9890a577482ea7c

Coverage


Screenshots of Detection

AMP


ThreatGrid


Tags: ,,,,
Share: Email, ReBlog, Twitter, Facebook, Pinterest, Google+
Newer Post: Newer Post
Older Post: Older Post
Date:
Edit this post

Discussion

Powered by Manual Template
Name

.NET 0-day 0day ACDSee Adobe advisory adwind AMP Android Antenna House antivirus apple APT arbitrary code execution Attribution Automation Bahamut BASS beers with talos bitcoin Bitvote Black Hat botnet Brazil BRKSEC-2010 CASC chrome cisco Cisco Live Cisco Security Clam AV ClamAV Cobalt group code injection command injection conferences Coverage cryptocurrency cryptomining CSV CTA CVE-2016-8610 CVE-2017-0199 cve-2017-11882 CVE-2017-5638 CVE-2018-3857 CVE-2018-3858 CVE-2018-3859 CVE-2018-3860 CVE-2018-3870 CVE-2018-3871 CVE-2018-8506 cybercrime dark cloud DDE Decryptor Def Con detection dispute DOC DoS Excel Exploit exploit kits RTF fast flux Flash formbook Foscam Foxit Fuzzing gandcrab google GoScanSSH gozi gplayed GravityRAT Group123 Hangul healthcare HWP Hyland IcedID ICS IDA Pro IMAP incident response India inesap infostealer intel iOS IoT iot malware iPhone IR isfb jRAT JScript kernel mode KevDroid Korea Linux macros MalDoc Malware Malware Analysis Malware Research MDM meltdown meraki Microsoft Microsoft Patch Tuesday Middle East miners mining mobile device management monero Moxa ms tuesday natus NavRAT new router malware NordVPN North Korea nvidia Office office router attack Olympic Destoryer Olympic Destroyer Olympics opsec password stealer patch tuesday PDF phishing PhotoLine PLC podcast pony Powershell privilege escalation ProntoVPN PTEX PubNub PubNubRAT py2exe Pyeongchang pyrebox python Qatar ransomware RAT remcos remote access tool remote code execution research research spotlight reven ReversingLabs Rocke Rockwell Automation ROKRAT rootkit rtf ruby ryptoShuffler samsam samsung Scriptlets security updates sennoma signatures SimpleDirect Media Layer smartthings Smoke Loader Snort Snort Rules Sony South Korea spam spectre spyeye stealer steam struts support Talos TALOS-2017-0507 talosintelligence.com telegrab telegram Tetrane Thanatos ThanatosDecryptor threat intelligence Threat Research Threat Research Summit Threat Round-up Threat Roundup ThreatGrid threats TIFF trickbot trojan TTRS Umbrella ursnif VBScript VMI vpn filter attack VPNFiler VPNFilter VPNFilter malware vuln dev vulndev vulnerabilities Vulnerability vulnerability analysis Vulnerability Report Vulnerability Research vulnerability spotlight vulnerabillity vulnerable routers Whitepaper Windows WindowsCodecs.dll wipers xamarin XSS
false
ltr
item
materialize material: Threat Round Up for Feb 2 - Feb 9
Threat Round Up for Feb 2 - Feb 9
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjn7I54CQ3RVm5xlxNwDYKZEqyWl4Yb-njzWZClh-G1jRsinb2KPQjEwE6MC7FUhF7m31FmQbqljL6yFXScwRNaYIgwPdmw3oerzgxrSCBQeeScesZ4PivTYqYpX8C5bPEG88xglex3BY/s1600/amp-tg-proxy-umbrella.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjn7I54CQ3RVm5xlxNwDYKZEqyWl4Yb-njzWZClh-G1jRsinb2KPQjEwE6MC7FUhF7m31FmQbqljL6yFXScwRNaYIgwPdmw3oerzgxrSCBQeeScesZ4PivTYqYpX8C5bPEG88xglex3BY/s72-c/amp-tg-proxy-umbrella.png
materialize material
https://materialize-material.blogspot.com/2018/02/threat-round-up-for-feb-2-feb-9.html
https://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/2018/02/threat-round-up-for-feb-2-feb-9.html
true
1816414542238562206
UTF-8
Not found any posts Not found any related posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU Tag ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Contents See also related Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy