Just Another Blue Teamer · @LeeArchinal
122 followers · 185 posts · Server ioc.exchange
Good day everyone! The DFIR Report released their latest report detailing an attack that involved two different adversaries, one acted as the distributor while the other filled the role of hands on keyboard. #TA551 was responsible for the phishing campaign and a #Nokoyawa ransomware affiliate was responsible for the rest! I hope you enjoy this and find it as useful as I did, and as always, #HappyHunting!
HTML Smuggling Leads to Domain Wide Ransomware
https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/
Some MITRE ATT&CK TTPs (Thanks to the DFIR team):
TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing Attachment
TA0002 - Execution
T1509.001 - Command and Scripting Interpreter: Powershell
TA0003 - Persistence
T1053.005 - Scheduled Task/Job: Scheduled Task
TA0009 - Collection
T1560 - Archon Collected Data
TA0005 - Defense Evasion
T1027.006 -Obfuscated Files or Information: HTML Smuggling
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #readoftheday #MitreMonday
#ta551 #nokoyawa #happyhunting #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #readoftheday #mitremonday
Just Another Blue Teamer · @LeeArchinal
72 followers · 124 posts · Server ioc.exchange
#HappyMonday everyone! The DFIR Report released another amazing report, this time they provide details of an incident that started with #IcedID and ended with #Nokoyawa #ransomware. Interesting enough, it was a malicious EXCEL doc this time that used utilized a VBA macro to download the payload. Enjoy and Happy Hunting!
IcedID Macro Ends in Nokoyawa Ransomware
https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/
Notable MITRE ATT&CK TTPs:
The DFIR team did all the hard work on this one!
#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
#happymonday #icedid #nokoyawa #ransomware #cybersecurity #itsecurity #infosec #blueteam #threatintel #threathunting #ThreatDetection #happyhunting
Marcel SIneM(S)US · @simsus
180 followers · 3136 posts · Server social.tchncs.de
#Patchday: Angreifer infizieren #Windows mit #Nokoyawa-#Ransomware | Security https://www.heise.de/news/Patchday-Angreifer-infizieren-Windows-mit-Nokoyawa-Ransomware-8935888.html #nokoyawaransomware
#nokoyawaransomware #ransomware #nokoyawa #windows #patchday
CyberCrymen · @cybercrymen
15 followers · 22 posts · Server infosec.exchange
Actor : nokoyawa
Victim : Nexon Asia Pacific
Date : 2022-12-23 14:59
According to the #DarkWeb #Ransomware activity by the ThreatMon Threat Intelligence Team, the #NOKOYAWA Ransomware group has added Nexon Asia Pacific to its victims.
Files dumped onto mega upload.
#darkweb #ransomware #nokoyawa #infosec #breached #databreach #auspol #hacked #hack
Julien :verified: · @JMousqueton
11 followers · 47 posts · Server infosec.exchange
🆕 New parser for #Nokoyawa #Ransomware group on https://www.ransomware.live 🏴☠️💰 to add victim's description.
#nokoyawa #ransomware #leak #infosec
Julien :verified: · @JMousqueton
12 followers · 51 posts · Server infosec.exchange🆕 New parser for #Nokoyawa #Ransomware group on https://www.ransomware.live 🏴☠️💰 to add victim's description.
#nokoyawa #ransomware #leak #infosec