Mr.Trunk · @mrtrunk
7 followers · 15418 posts · Server dromedary.seedoubleyou.me
Asec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 15320 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 15215 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 15115 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 15013 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 14912 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
7 followers · 14608 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14507 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14305 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14204 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14103 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Mr.Trunk · @mrtrunk
6 followers · 14002 posts · Server dromedary.seedoubleyou.meAsec: Threat Trend Report on APT Groups – June 2023 https://asec.ahnlab.com/en/56195/ #CharmingKitten #StealthSoldier #CadetBlizzard #CamaroDragon #MustangPanda #MuddyWater #OceanLotus #SharpPanda #Gamaredon #Patchwork #Andariel #Ke3chang #Sidecopy #Kimsuky #Lazarus #RedEyes #trend #APT28
#charmingkitten #stealthsoldier #cadetblizzard #camarodragon #mustangpanda #muddywater #oceanlotus #sharppanda #gamaredon #patchwork #andariel #ke3chang #sidecopy #kimsuky #lazarus #redeyes #trend #apt28
Just Another Blue Teamer · @LeeArchinal
95 followers · 154 posts · Server ioc.exchangeHappy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!
Link in the comments!
***Here is your #miniCTF challenge***
Beginner: What MITRE ATT&CK relates to the way the malware propagates?
Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
#camarodragon #minictf #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting
Just Another Blue Teamer · @LeeArchinal
82 followers · 135 posts · Server ioc.exchange
#HappyFriday everyone! The Check Point Software Technologies Ltd research team continues to discover more tools used by the #APT known as #CamaroDragon. This time, they shed light on Go-based backdoor dubbed #TinyNote. Check out the article for more details! Enjoy and Happy Hunting!
Link is in the comments!
**I am going to leave one of the MITRE ATT&CK blank. I would like to see if any of you that see this can help FILL in that blank! If so, leave your thoughts in the comments OR send me a DM!**
Notable TTPs:
TA0005 - Defense Evasion
T1574.002 - Hijack Execution Flow: DLL Side-Loading
TA0002 - Execution
T1059.003 - Command And Scripting Interpreter: Windows Command Shell
T1059.001 - Command And Scripting Interpreter: PowerShell
TA0003 - Persistence
T[Let me know what persistence techniques you see!]
TA0007 - Discovery
T1033 - System Owner/User Discovery
T1015 - System Network Configuration Discovery
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
#happyfriday #apt #camarodragon #tinynote #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting
Just Another Blue Teamer · @LeeArchinal
71 followers · 121 posts · Server ioc.exchange
Wednesday's #readoftheday if from Check Point Software Technologies Ltd Research team focusing recent #CamaroDragon activity. The tool of choice was a custom made firmware for the TP-Link router. Enjoy and Happy Hunting!
THE DRAGON WHO SOLD HIS CAMARO: ANALYZING CUSTOM ROUTER IMPLANT
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
Notable MITRE ATT&CK TTPs:
TA0002 - Execution
T1059.006 - Command and Scripting Interpreter: Network Device CLI
TA0010 - Exfiltration
T1048 - Exfiltration Over Alternative Protocol
TA0011 - Command And Control
T1071.001 - Application Layer Protocol: Web Protocols
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
#readoftheday #camarodragon #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting