FedSearch
Brad · @malware_traffic
2195 followers · 103 posts · Server infosec.exchange
Open media

Original version at: twitter.com/Unit42_Intel/statu

2023-01-23 (Monday) - Google ad led to a fake AnyDesk page. Distributed malicious .msi package first reported to VirusTotal in December 2022. This malware contacts a domain associated with infrastructure from 2020. Indicators available at github.com/pan-unit42/tweets/b

Additional info:

The reason this might be TA505 is because download-cdn[.]com is a domain associated with TA505 infrastructure from 2020 and older. I'm not sure if the same threat actor has revived it, or if someone else grabbed it instead.

The final C2 traffic uses tcp://64.190.113[.]123:443/ and might be some sort of VNC activity.

If anyone can shed some light on it, feel free to reply! I just wanted to get the information out quickly.

#ta505

Last updated 3 years ago
Original post

Malwar3Ninja | Threatview.io · @Malwar3Ninja
149 followers · 47 posts · Server infosec.exchange
Open media

[Threatview.io]🌀 Our proactive hunter detected malicious download site distributing malware

⚠️zoomapp[.]tech
🚫c2: download-cdn[.]com
⚙️tria.ge/230123-hmkksad…





#zoom #ta505 #malware #threatintel #dfir #cti #cybersecurity

Last updated 3 years ago
Original post

Malwar3Ninja | Threatview.io · @Malwar3Ninja
149 followers · 47 posts · Server infosec.exchange

[Threatview.io]🌀 Our proactive hunter detected malicious download site distributing malware

⚠️zoomapp[.]tech
🚫c2: download-cdn[.]com
⚙️tria.ge/230123-hmkksad…





#zoom #ta505 #malware #threatintel #dfir #cti #cybersecurity

Last updated 3 years ago
Original post

ITSEC News · @itsecbot
988 followers · 32791 posts · Server schleuss.online

Breaking the silence - Recent Truebot activity - Since August 2022, we have seen an increase in infections of Truebot (aka Silence.... blog.talosintelligence.com/bre -2022-31199

#ta505 #grace #botnet #truebot #RaspberryRobin #cve

Last updated 3 years ago
Original post

ITSEC News · @itsecbot
988 followers · 32788 posts · Server schleuss.online

New Ransom Payment Schemes Target Executives, Telemedicine - Ransomware groups are constantly devising new methods for infecting victims and co... krebsonsecurity.com/2022/12/ne .0

#cl0p #ta505 #tripwire #emsisoft #alexholden #ransomware #fabianwosar #webfraud2 #holdsecurity #clopransomware #thecomingstorm #venusransomware

Last updated 3 years ago
Original post

ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT

Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT - By Vanja Svajcer.
News summaryGroup TA505 has been active for at least seven years... feedproxy.google.com/~r/feedbu

#ta505 #trojans #threats #stealer #securex

Last updated 4 years ago
Original post

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Threatpost - English - Global - threatpost.com - FIN11 Cybercrime Gang Shifts Tactics to Double-Extortion Ransomware

FIN11 Cybercrime Gang Shifts Tactics to Double-Extortion Ransomware - The Clop ransomware has become a tool of choice for the financially motivated group. threatpost.com/fin11-gang-doub

#clop #ta505 #fin11 #breach #malware #mandiant #ransomware #leakeddata #shiftingtactics #doubleextortion #financiallymotivated

Last updated 5 years ago
Original post

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Threatpost - English - Global - threatpost.com - TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover

TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover - The custom RAT offers persistent access, data exfiltration and lateral network movement. more: threatpost.com/ta505-crime-gan -force

#rat #ta505 #sdbbot #onehub #malware #hive0065 #ibmx #cyberattack #websecurity #custommalware #malwareanalysis #maliciousemails #activedirectory #dataexfiltration #remoteaccesstrojan

Last updated 6 years ago
Original post