Threat Roundup for September 14 to September 21


Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Sept. 14 and 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by highlighting key behavioral characteristics and indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

The most prevalent threats highlighted in this round up are:

  • Win.Dropper.Genkryptik-6690044-0
    Dropper
    This threat attempts to spread via removable drives and spam email. It uses legitimate SMTP servers to send spam from its victims.
     
  • Win.Dropper.Dofoil-6689818-0
    Dropper
    Dofoil, aka SmokeLoader, is primarily used to download and execute additional malware. Read more about this threat on our blog here.
     
  • Doc.Malware.Nastjencro-6688356-0
    Malware
    Nastjencro uses PowerShell to download and execute additional malware.
     
  • Win.Dropper.Kovter-6689163-0
    Dropper
    Kovter uses mshta and PowerShell to minimize its presence on the victims harddrive. It uses the registry to execute a malicious script any time a file with a specific file extension is opened (e.g. *.clUQwv).
     
  • Win.Dropper.Coinminer-6688928-0
    Dropper
    This malware installs and executes cryptocurrency mining software. You can read more about this kind of threat on our blog.
     
  • Win.Dropper.Fareit-6688124-0
    Dropper
    The Fareit trojan is primarily an information stealer with the ability to download and install other malware.
     
  • Doc.Downloader.Pederr-6686124-0
    Downloader
    Pederr uses malicious PowerShell scripts to download and execute a malicious executable. It has been seen installing banking malware such as Emotet.
     

Threats

Win.Dropper.Genkryptik-6690044-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • N/A
IP Addresses
  • N/A
Domain Names
  • smtp[.]yandex[.]com
Files and or directories created
  • %AppData%\Windows Update.exe
  • \??\E:\Sys.exe
  • \??\E:\autorun.inf
File Hashes
  • 0b6d3eb6dba7730fdfcaf892eb153c1cf9762419eaf0a29689ec929cc7e57aff
  • 27b205b99c01b6ef21c8ee0df5dce9a970790d61b48da3d6a8be8c8845289db5
  • 3069631a8410decb34e6210a8fc4b36de03d1635baac8655035365076a3613e4
  • 3b6ec2629747f8ddb0b244a686f29f7001b030f0ba86ab7b76961bfff0f6c151
  • 3ccba4f06849edeefe60f8a25f4752f89b9ccf8ca62378f7e6108980b244ac2c
  • 3e2a97b7d366e255fcfd2f470da800e9e5aae08a3c1d75916870f8e42ad6160a
  • 492064ef6226b2b174046c07987dfe09afcd9e2f3f69f80bb109dd8b151ea49d
  • 4b50bda6c3fe41f6c930ec701d851781e1664b720e6fc65ab2fbb6c28916f24b
  • 5325cf98bf3080c9846aba8bc76d5cb49de5ac4cf10e337e12a1945cc9a4763d
  • 5a0a5181cf8be2be6fda2be77eca48030d64ad6f737f4c911eba52219537b746
  • 5f7c12cefe681ce32304c1944da6a14e47de36d83ecb47101873d8702f041b76
  • 656a97b7d3481ebf79887b691637f45ec54c494832f5b83774f35dc2c8d8bba2
  • 714f0773cd6a55310527aa10eba1905284c42ace7a5cc063443fd8a00c9868fb
  • 73efa5fd117d51ffd6d2f51e0a946ed3455ad29334f5899b39ff338d0b72edf8
  • 825f8902a8a8ae4852ff5c2351efbc83140203473b2d90eb8526c9b8eb88faca
  • 896e7407427fdb945e2f09b65095d80c79cae041db31a16bcd5979668bcd14ec
  • 8a6fe46554f345d8e5001bff5b8147edb2570fab335bfef28d9f5cff661d6e2c
  • 8eef0b06ac1bc9445e752d851dd2ed905494df8741ae22cc3acee2af1d2ef36f
  • 9cbe3c887a94b6a4fb47f3ec3d1e329cb90b291c39f14179337c52eb3a6228a0
  • 9fb4cd041ff2bb0cbbf2e62f3633aadcbf9513ff12a449a9db8c69aee048c387
  • a52367db8f3e58f122222d22b62072ad827389760e6cf179382b29e5d5478152
  • a80cb2444eaa865fc268874e90ab7af658335159e6c6d0ffd939662f9f7b82e6
  • af8e4c150fe96ee59d7a9ef0dc5d97624fa94bc4dd6a6bcb947b7c5820b9f47b
  • b906ab1e3606cd64670fa1ad6c308a63f10b6d71d1758f3f58cf72947ce4d836
  • c9a8eefdca421af7871d7dd3bccbb56a64fc1b7c0721260286a5c5e4d3c0ef67

Coverage

Screenshots of Detection

AMP
ThreatGrid
Umbrella

Win.Dropper.Dofoil-6689818-0


Indicators of Compromise


Registry Keys
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value Name: internat.exe
Mutexes
  • N/A
IP Addresses
  • 99[.]12[.]215[.]168
  • 98[.]217[.]41[.]219
  • 99[.]152[.]6[.]105
  • 98[.]66[.]233[.]28
Domain Names
  • N/A
Files and or directories created
  • N/A
File Hashes
  • 09b128c59e326c83d4c51cab9cbdd5be2e94dbfb6f10ec8c6a2624e209c72e48
  • 0c2b53607f9a654193bd746068de1ddf9d5bf6b7bc6f3971f72fae2f3ff9a285
  • 16153bfbe50ea0565dcdf55151483f47dda327a367883a26848e2a5d89205aae
  • 17b672d424c62eeebf742068e1c1e38404d2ec0d28349265ee14b546aa6adbb7
  • 21785834f2d808fa9c19956b9c4f24ddc22730e69ca4c781cc006541a4807e5d
  • 23edd474e7fbdb77e2125cc41c70d79959b8ebc764108a230dbfa2843f6993ba
  • 2664dd574bb2115864e4d9ca72f8ad0acf53bfc6b02697795ad980c05e2d4127
  • 27c1d0d72d43e3af324ce52ccdceae142f404f7636862654a8e9da9890de4099
  • 29e59373e62a2c41003cf065865b07f847003467f70dc50d67a6c8592dd4303c
  • 31609ceba86711fe540c4aa7beca78dba4c0f72f41c15251fe98fb9b6d099b01
  • 394a644677da56ac14dbc5b3c72db0f60f77158ead598f3dc9af3564a326f7a1
  • 3e72c6843feadb36dadf0e34551762164a1f24554584c9cca7e1629d6b8f027e
  • 3fc9444d1ee0fa180d761646db3828b1e5f97e2db46a4fc613ee4bc9eb1211c7
  • 41f3fc180ba3c26cf716adff8ae07a9d509d621390d4733cf4b4d8b68f0ec49e
  • 475fec4512fa00322e723ba1a687a01ffe9c64532f6d8d9899d2c8ffbe0a3088
  • 4d905057797bdddd0f17bc62bbd051bb34c08a095e563fb56c30ab08c67398e2
  • 578e81265a2a78e97cb088b34c45f78c1a75ad1515b0a4720592bd4b061d3f0f
  • 5cb179313e277a4d50a637f69d1277fdb63d3b713d3df37c0f7289814d4f04ca
  • 5f3d2fbdaead02e440ad43475cc6411e08738495129eb83c8897cca10379d180
  • 60d91c1223b66c03b82223ac156437e1d299d51a9cb5e6c0e8b4eb8f383d1982
  • 6bd7d37e7dc72a6681c97abf4e315e780325de849159ac9bcd44174b79048d82
  • 6c6afd4ee02aab0050696b157e6db5b14b5a94c84b10c6475e34b0a544668e72
  • 7209b1b807534e03c3ca7fc12df9b74b5cbebc66f834eef37a22b1764476acbb
  • 73b5f2e591f089008a0b2711adc80e38b83f759d4d2e576bc742ea10734466fb
  • 74b13ba6c7a4e340386826c97b1cb5492e7b2f8b662e4e01b643c817d9866c2c

Coverage

Screenshots of Detection

AMP
ThreatGrid

Doc.Malware.Nastjencro-6688356-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • N/A
IP Addresses
  • 185[.]159[.]130[.]242
  • 185[.]228[.]232[.]143
Domain Names
  • N/A
Files and or directories created
  • %LocalAppData%\Temp\qqqqqqqqq_qqqqq_qqqqqq_qqqqqqq74.exe
  • %LocalAppData%\Temp\handler.bat
  • %LocalAppData%\Temp\j55xmasb.5xy.ps1
File Hashes
  • 0064cc856676d9530b8a8ef988ebf0f0e85941eeb03e92d048bdb61cfd221044
  • 0386cc5236fb5503511727f90f74b5eef0568ca375acbd34b8cef4a873503f50
  • 05d309d7f97a3fb941eecff000a4e552c92765075aa3bfd462c17bea3898d208
  • 05de2abe6e7cbcbd01d9be985eae7fcf874ecbb1479abf6d48ce5ae9f84a8824
  • 07d9423510851c706ae4a8a5f7732e649aa9a9b1bbc2616cffcb6d3c6a49323a
  • 08a032433b81c351cf503ba89954fd93c7b9414d6f63d0253302a23e94ed4f5d
  • 08d284ffcfa51ffc67b769213b211c22390475f614a715e9eec6a494be4eb7ad
  • 0a08e09efa13b5337d6b64b7b7cff355e5ca5eaafc35a50acf0b5032b17c25a3
  • 0a4712cb76c18cf69d9d18d6ba2f3e36a7a8e57ecdb55e588751618e38f999f9
  • 0e177a278f491afa651957dc5df685bb5204e23b46850efa4873cd36a8b0ce9d
  • 0ebde3a80d2d1d0bbe20fab28afb4a956afd685adf750da27122b0a619d2d299
  • 13674ec6f804aad27306cb7100c09630d097fee38f8033fa5b65ffa156d4d9e4
  • 14798d7f311744799d24804d03214f816d553739c90629de1c484f04fc4cda01
  • 17c28bdbd648b237b705687564612a5844ae2898c3b2f8d7af7d244bdc21afba
  • 18b76a5575b1d7dea98eca66d48057e0855c55aa9b6766b2cc0a61b30de55fdf
  • 18bdc01b7d8eb340255dc17d761ae5f444587df4262cbe936cce1a0a0bbf3869
  • 18e3faccf8f62cd05f0b396c2af7501975d0710d2d16318bc65f1e8f6f3654f1
  • 1badce6bf66a310c2deebd61e4d168e11ccf6a045f3b5a4621abced338c6ad0a
  • 1c02f4358e2564f843ba59fa93787f9250e028e7f6bbddd2d5bb8ef56d739347
  • 1ce16aea648c94342a24cab22c33228d0d951fd4e478791ed61d02a511e6f8e6
  • 1f36192c1b9e670836c411bc2bf855ecdb1d5a6eff5052fa9f65251dde011e85
  • 21797bc7f67e06f1e3bb6d63a6e471121ae2ba5227219cd8d7518c39038e892d
  • 247386e46a27fe5a805201d0d8a7547701b344533be725dbaf52c814d9c698a1
  • 24ae782268b91d62055e9b7b39a57cd99707c03de5df953a598c457f998a1a31
  • 24f23bf843af4a7af0bf10aac5763c5d54dedfc0f97caefced30d911cae334df

Coverage

Screenshots of Detection

AMP
ThreatGrid


Win.Dropper.Kovter-6689163-0


Indicators of Compromise


Registry Keys
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value Name: \x008567f942
  • <HKCR>\DR2V\SHELL\OPEN\COMMAND
  • <HKCR>\.CLUQWV
  • <HKCU>\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value Name: \x0070f54730
Mutexes
  • N/A
IP Addresses
  • 98[.]228[.]140[.]122
  • 98[.]228[.]140[.]122
  • 99[.]78[.]177[.]117
Domain Names
  • find-dentalimplants[.]com
Files and or directories created
  • %LocalAppData%\ejybag\i3f1uvT.clUQwv
  • %LocalAppData%\Temp\y4os1u24.vgj.ps1
File Hashes
  • 03b8ab67bdd073132062dbd0f2583168a2d8a0f7ac5b91723d6b1258764ea64f
  • 0a6d5badc010d69326d9761b09b572cc80a309538e28d5fd9cac5c86a57bbc28
  • 11fa307845aee1ddfedcfe32a79e4e0bc2316c0997a06e46e07604ac99b63f79
  • 266fa02dda9470019421609062197911910f0501731b9b9eebddc5a14d9915ec
  • 594c3cb58030b08b5d444a91de2c470d23424a35dd46269939c49cf0a81613e1
  • 61fb82e5b7db8ab7d7bbdafa8a4a908a365c2c33a14f57fab7675997dea4ba20
  • 770f1ef50284455627ce75f2dc169cb8826948201656cab957108120832b01cf
  • 86d45d0596a37611f88855c879e0be52a3732f233b86c4370a592806481ab1aa
  • 8d06806978eb998acef0904676f1e0664fbf5ceec468eb157981f4b3937e865c
  • a0440a5d2e393efec2fb8f257671622b202c726dc8f76682c02db915e1d7318d
  • ba952b2c15317cda9fabfd4928c99a33d45c9e674a0a9f6bb045353021b45624
  • e507665160772d9c8d22a2564bad14a5d4126972a3168145dbe2d30f46d4f84f
  • ef502a248c1a09734b05842f98053d2e184d4f02cd75318eba97fa00af001ecd

Coverage

Screenshots of Detection

AMP
ThreatGrid

Win.Dropper.Coinminer-6688928-0


Indicators of Compromise


Registry Keys
  • <HKLM>\SYSTEM\CONTROLSET001\SERVICES\ZENUPDATE
    • Value Name: Type
Mutexes
  • N/A
IP Addresses
  • 94[.]130[.]64[.]225
Domain Names
  • xmr[.]pool[.]minergate[.]com
Files and or directories created
  • %LocalAppData%\Temp\RarSFX0\mexas.exe
  • %LocalAppData%\Temp\RarSFX1\Support.exe
  • %LocalAppData%\Temp\RarSFX1\system.exe
  • %WinDir%\Windows\1.exe
  • %WinDir%\Windows\1.vbs
  • %WinDir%\Windows\sistem.bat
  • %WinDir%\Windows\sistem.exe
  • %LocalAppData%\Temp\RarSFX2\3.bat
File Hashes
  • 0231bcbb139118577233fb1f7f656259fbf8333a778f6a08bf4313b399a7eda4
  • 0a4759f4397f7002e27ed2a94413e7f2bd2e93af429a344c05243d180ee9db3f
  • 177a90400bef5873f86edccb9644f7aabad085cfb3956358fd47a67d85030d66
  • 1c7aa82bb86c73a7763481af80ab563a58126141dd67a428ff906a216c23acb3
  • 20213d423c8cb20b2cd27ca9068b783ae88d25c8b4132e7398b3e39dc749bc84
  • 208998f4c61a63a06bffc006f6ca72d53a3d26d25ed18a91a729f8d885f3d434
  • 2b4c8855bb8a7886650975150357a7c14ec1f3f79512944e5d96020f2662b3dd
  • 2ce35940413042879446fb3b42d02f959bf88d758635e2b24839a2bb8f5ba5e5
  • 2ec3f6dbbd5265568fb79504311eea752aec5d976f471bb7271845b6715d41d8
  • 3cb153a58e43434c05c3bc78b19cf0d88c598e1a28669a3e695671e0fef20342
  • 45708626b424d9f5671d2985ec6a8b8c0a2ef1ed286615814edef67cd02e5e8f
  • 457c27931565b6f7161d9dcbd55307a931a61eedbee947928c66fcc5f27cf562
  • 4639bb6af2aa32540f966c3bd8bfbf939baabe9e05c6068317c5758731c474e2
  • 4878a5a116e333961832264f2df37d2b6087fd718e2ff813af07c8bd452cff4a
  • 496458dcba5b888e4cc55b96e1662b49cb42504e7d61d99f915c5bd859b6cc51
  • 5486eabfd8ff09c353b1daf1dc3e0897345743d9d6eac8f30a659c57cf8990f9
  • 63f6c26b6336b0e7e589bce24e5e8e59bc7de20bcd3dc4e2f0a4b32518bc9821
  • 6e124f148d16d85b5185c938ce87f10615f40650960c4a8def1aad9a6f6aa517
  • 84350051e0e3f2c397fb6a76ac42ef8982642bc088b8e7776e583233fe4b7163
  • 8e6fe70d98d5cc923be3053d1320812893286182bc03acf2bc1526b4c86de3c1
  • 8e806b7b90b38b45d5d8513e2f3feade0db7e07bb0939617dcb8e5de611eb53a
  • a515905e42ab3f174ffa76bb06963f7d441977da38b536e70ca207749cc10bb2
  • a6303c6d4fb8fdabb3804e537c61e6ceb03729c89481213060ed0747efa18dcb
  • adcfa5fde1d1126cf0091e5fbb2a8960d6d12bab9895169cf09ab9da68917897
  • ce69632177a83f629b2da597bf011904952be92e084872f58f2c9649082ce0cc

Coverage

Screenshots of Detection

AMP
ThreatGrid

Win.Dropper.Fareit-6688124-0


Indicators of Compromise


Registry Keys
  • <HKLM>\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    • Value Name: K4XD4XP0OPG
Mutexes
  • 8-3503835SZBFHHZ
  • OMM-7UQ942T0D7yz
IP Addresses
  • 217[.]160[.]223[.]46
  • 98[.]124[.]199[.]17
  • 52[.]54[.]24[.]134
Domain Names
  • www[.]businessintuitive[.]expert
  • www[.]instrovate[.]com
  • www[.]meesebyte[.]com
  • www[.]mxauny[.]men
  • www[.]anotherlscreation[.]com
  • www[.]maisonlecallennec[.]com
  • www[.]weltho[.]com
  • www[.]ybnonline[.]com
  • www[.]mufflerbrothersbellbrook[.]net
  • www[.]aerolitigate[.]com
Files and or directories created
  • %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\h.vbs
  • \TEMP\transfer application.exe
File Hashes
  • 1865f1902c9f9244dbed9f0610885533d06aba815de58e921fcf67af8b9cfec4
  • 187201a91fb47052f6c8b01310ae17f6fa84bff20b5653a1b0b8af54dc96da50
  • 20517fb0a924314f16246bda9b1ba2e3fdf2f8cf2d541f7a4088f8a63bc6b268
  • 2832d3cceb2392df0b331c96355d91876d3b53d76d2dabcd98cd77df0b3a1c09
  • 3c79a984a1598c9260bc6897f46fc207d3aecdb6b67180d0fa62804128621ca9
  • 4384907852405b4de4c95a6fb4e8f4a8090dcf4efb69f9efe5615752d7518c85
  • 5e8f46ecabd431d173e046a69cd45c30e0855794dc2572226454cca3d97155c6
  • 63ebdc567b8e3633fdbe3f16a1693b79a98dfe901a1f4a3fd59de361286b00e8
  • 68489889e574e1b76cf511a9fdb19d083517d810f29865f58d84816407d6cb5f
  • 69bffa8bfcde33890bbbbcb4df72fee8f455c38decfe78ffbce62cc297ed80f2
  • 6ec3a026ec2847aac11f9be2f033e8a46262cb9cfd0c9bfd93cf35a025986505
  • 9ddfd64d03cee5171560734ebadb29b90a6f152cc77ce01c3748713be7d643bc
  • b82e68bce9ba7a4c081a1f7abf60a8f74677da099ca28b16b35e8eb6265b293f
  • ba61fad6518e22448d52520ab7d1fcff23a341cdc9b8b7d90dd512145a45b659
  • bd988f2f34f4270e16cb477d30672c293a7178a61f0c834cb088a0cc06a70b58
  • dd49e3acf25c03cfd8596f78e58407fce8186e7c95d6ff2b3d0b411b85b0ff0a
  • e2222669d455bb76359e6334c46a76603b7967f54e5bebcd1c29c0ce1a9c1409

Coverage

Screenshots of Detection

AMP
ThreatGrid
Umbrella


Doc.Downloader.Pederr-6686124-0


Indicators of Compromise


Registry Keys
  • N/A
Mutexes
  • N/A
IP Addresses
  • 220[.]253[.]68[.]95
  • 69[.]70[.]248[.]98
Domain Names
  • familiekoning[.]net
Files and or directories created
  • %UserProfile%\480.exe
  • %LocalAppData%\Temp\zaybh0yp.m4u.ps1
File Hashes
  • 0b0f79a09a323f618f566f99cda0e16661e635cda47c4958e0eba33ead354962
  • 43e4d5a9bba1328664912ceb46f5028da57ba14ca0246ff0f0ead90d3c488c11
  • 4b749e172456275d8acfbd0110645198b0f02157f0c8527f3c119d231ad1e364
  • 4f17ac54dae3d4bd6c6d2b7371d7f00ad2a68f662513a75c59678103b328fef0
  • 59d38c5f0fc8779756c2b586a4caa0161949298a03fba80c6253ade7747ba7d5
  • 5e885baff145db23dd14b15a489f174316c39e5bbfaf9b523498fd735920fd45
  • 76b69f93b5532b1d050b38537035eee5c1aae94690d716aa96a1b926c36e6816
  • 7c377ced751e3dfe1b62e337e5aa8835e4a16cf0b4bad8c975c92f5a04b7b434
  • 7db86c3f63c8319cef1a15b85ac2099e9943d27ce8e70c7e756b5ce065e30448
  • 8b3e7b0cd5c83967782bb2aa41996b97e8badd89b43171a48e7b28f94f443c7c
  • 8ea59348fabec29d76e8c9c3c72d08cfe3bb9080ba5e8504afea9af72cf2040e
  • 9a719afc937416f57b260e195384cb89fd72388fb25afe7e392063e5d06d4696
  • 9acc1502c8a145e569fb80ec294f4077f10c7a668f7c8032aaf4464e1d8293ef
  • a6c8b64eb83808c413d4866d6881643c62c28ab583ec848f9445dcacc49870ad
  • b61476ae5ec49be90033eaac7b45d27581b89873191a05da5cfa1594d96085a5
  • bb475f796deb9e2f64f7dbc6561b0b0a929b1eb171becd6cb19bed64bb006a8f
  • bf1e0abe4078554cbc7de5e3d8f8d87f120beb9c803c2cde9f21640c1e629ac1
  • c844112b2b7649bb5e54b2a053f1177ce074725e651160291c1e6d2a1941f697
  • c9d351497963b1f6c24c8d3d1d7e9634cd043f45ebeb211eec99810486afdca9
  • cdb87125ba3ab9416efa180784b9d8d3edc4785166438a54b02917358bf5c9c9
  • e24bad80d42293433fd0bb506319b237d29da100a25c250095af1c1bf09ce02b
  • f7af8177aae877691ea3a6ea290b8a3e29c4613b5038dbb417cf960f10625ff7
  • fd8780f8d82ad7c64e0035a9fe3468342aec9f8c145d9e3e3536d12926133573

Coverage

Screenshots of Detection

AMP
ThreatGrid

Umbrella


Tags: ,,,,,
Share: Email, ReBlog, Twitter, Facebook, Pinterest, Google+
Newer Post: Newer Post
Older Post: Older Post
Date:
Edit this post

Discussion

Powered by Manual Template
Name

.NET 0-day 0day ACDSee Adobe advisory adwind AMP Android Antenna House antivirus apple APT arbitrary code execution Attribution Automation Bahamut BASS beers with talos bitcoin Bitvote Black Hat botnet Brazil BRKSEC-2010 CASC chrome cisco Cisco Live Cisco Security Clam AV ClamAV Cobalt group code injection command injection conferences Coverage cryptocurrency cryptomining CSV CTA CVE-2016-8610 CVE-2017-0199 cve-2017-11882 CVE-2017-5638 CVE-2018-3857 CVE-2018-3858 CVE-2018-3859 CVE-2018-3860 CVE-2018-3870 CVE-2018-3871 CVE-2018-8506 cybercrime dark cloud DDE Decryptor Def Con detection dispute DOC DoS Excel Exploit exploit kits RTF fast flux Flash formbook Foscam Foxit Fuzzing gandcrab google GoScanSSH gozi gplayed GravityRAT Group123 Hangul healthcare HWP Hyland IcedID ICS IDA Pro IMAP incident response India inesap infostealer intel iOS IoT iot malware iPhone IR isfb jRAT JScript kernel mode KevDroid Korea Linux macros MalDoc Malware Malware Analysis Malware Research MDM meltdown meraki Microsoft Microsoft Patch Tuesday Middle East miners mining mobile device management monero Moxa ms tuesday natus NavRAT new router malware NordVPN North Korea nvidia Office office router attack Olympic Destoryer Olympic Destroyer Olympics opsec password stealer patch tuesday PDF phishing PhotoLine PLC podcast pony Powershell privilege escalation ProntoVPN PTEX PubNub PubNubRAT py2exe Pyeongchang pyrebox python Qatar ransomware RAT remcos remote access tool remote code execution research research spotlight reven ReversingLabs Rocke Rockwell Automation ROKRAT rootkit rtf ruby ryptoShuffler samsam samsung Scriptlets security updates sennoma signatures SimpleDirect Media Layer smartthings Smoke Loader Snort Snort Rules Sony South Korea spam spectre spyeye stealer steam struts support Talos TALOS-2017-0507 talosintelligence.com telegrab telegram Tetrane Thanatos ThanatosDecryptor threat intelligence Threat Research Threat Research Summit Threat Round-up Threat Roundup ThreatGrid threats TIFF trickbot trojan TTRS Umbrella ursnif VBScript VMI vpn filter attack VPNFiler VPNFilter VPNFilter malware vuln dev vulndev vulnerabilities Vulnerability vulnerability analysis Vulnerability Report Vulnerability Research vulnerability spotlight vulnerabillity vulnerable routers Whitepaper Windows WindowsCodecs.dll wipers xamarin XSS
false
ltr
item
materialize material: Threat Roundup for September 14 to September 21
Threat Roundup for September 14 to September 21
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio0I6ML0oJW3S0B3JC_gepcbnDpQqWfL8MQqbJz49x_dHzroE-eZYlajtWv7dRWs9LNO2KEfcKSWmcIpk0hVSZZKUiO0mNjmVaONKrSbm8gTB9xt410cE2hJML_WK7npiw1i9_UGEqT3Y/s640/threat_roundup_logo.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio0I6ML0oJW3S0B3JC_gepcbnDpQqWfL8MQqbJz49x_dHzroE-eZYlajtWv7dRWs9LNO2KEfcKSWmcIpk0hVSZZKUiO0mNjmVaONKrSbm8gTB9xt410cE2hJML_WK7npiw1i9_UGEqT3Y/s72-c/threat_roundup_logo.png
materialize material
https://materialize-material.blogspot.com/2018/09/threat-roundup-for-september-14-to.html
https://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/
http://materialize-material.blogspot.com/2018/09/threat-roundup-for-september-14-to.html
true
1816414542238562206
UTF-8
Not found any posts Not found any related posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU Tag ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Contents See also related Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy