www.securonix.com
Open in
urlscan Pro
2606:4700:3108::ac42:2b19
Public Scan
URL:
https://www.securonix.com/securonix-threat-research-lab
Submission: On September 08 via api from US — Scanned from DE
Submission: On September 08 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
https://www.securonix.com/
<form autocomplete="off" action="https://www.securonix.com/">
<div class="search-field">
<input type="text" placeholder="Search" name="s" id="search-input">
<button><i class="icon-search"></i></button>
</div>
</form>Text Content
* English
* Blog
* Demo
* Contact Us
* Products
* * Overview
* Platform
* ‘Bring Your Own’ Deployment Models
* Bring Your Own Snowflake
* Bring Your Own AWS
* * Products
* Unified Defense SIEM
* UEBA
* SOAR
* ATS
* Investigate
* Why Securonix?
* * Why Securonix?
* Threat Labs
* Analyst Resources
* Compare Us
* * Featured – Gartner® Peer Insights™ 2023 Customers’ Choice for Security
Information and Event Management
Learn More
* Solutions
* * Monitoring the Cloud
* Cloud Security Monitoring – Gain visibility to detect and respond to
cloud threats.
* Amazon Web Services – Achieve faster response to threats across AWS.
* Google Cloud Platform – Improve detection and response across GCP.
* Microsoft Azure – Expand security monitoring across Azure services.
* Microsoft 365 – Benefit from detection and response on Office 365.
* * Featured Use Case
* Insider Threat – Monitor and mitigate malicious and negligent users.
* NDR – Analyze network events to detect and respond to advanced threats.
* EMR Monitoring – Increase patient data privacy and prevent data
snooping.
* * Industries
* Financial Services
* Healthcare
* Resources
* * Resource Library
* Case Studies
* Resources by Topic
* SIEM
* UEBA
* Cloud Security
* Insider Threat
* Information Security
* Security Analytics
* * Featured – 2022 Gartner® Magic Quadrant™ For SIEM
Learn More
* Partners
* * Global System Integrators
* MSSPs
* Solution Providers
* Technology Alliance
* Distributors
* Partner Portal Login
* Company
* * About
* Leadership
* Newsroom
* Press
* Events
* Awards
* English
* Blog
* Demo
* Contact Us
SECURONIX THREAT LABS
Get up-to-date threat content from the experts at Securonix Threat Labs.
Learn More
UNCOVER THE THREATS OF TOMORROW, TODAY.
Securonix Threat Labs helps your team fend off rising threats by bringing the
industry’s brightest minds together to equip you with the latest countermeasures
and best practices.
Powered by Threat Labs
AUTONOMOUS THREAT SWEEPER
Acting as your own dedicated Cyber Rapid Response Team, Securonix Autonomous
Threat Sweeper (ATS) automatically and retroactively hunts for new and emerging
threats based on the latest threat intelligence from our Threat Labs Team.
Learn More
LATEST ATS ENTRIES
All indicators of compromise (IOC) and Spotter queries are available on our
GitHub repository.
2023-09-08
Advanced_Attack_Groups_JavaScript_RATs_and_APT_Ransomware
MEDIUM
+
—
Intel Source: Gteltsc Intel Name:
Advanced_Attack_Groups_JavaScript_RATs_and_APT_Ransomware Date of Scan:
2023-09-08 Impact: MEDIUM Summary: This article highlights Chimera Group
targeting semiconductor and aerospace industries, a JavaScript RAT campaign in
Asian government institutions, the Solorigate campaign’s transition, Chinese APT
groups turning to ransomware, and the PLEASE_READ_ME ransomware campaign
targeting MySQL servers.
Source:
https://gteltsc.vn/blog/thong-tin-cac-moi-de-doa-bao-mat-trong-thang-01-2021-9681.html
2023-09-07
Cybercriminals_are_abusing_Advanced_Installer
LOW
+
—
Intel Source: Talos Intel Name: Cybercriminals_are_abusing_Advanced_Installer
Date of Scan: 2023-09-07 Impact: LOW Summary: Talos observed an ongoing
cryptocurrency mining campaign that sends malicious payloads by abusing the tool
Advanced Installer. This is a legitimate tool designed to create software
packages for Windows. The software installers targeted in this campaign are
specifically used for 3-D modeling and graphic design.
Source:
https://blog.talosintelligence.com/cybercriminals-target-graphic-designers-with-gpu-miners/
2023-09-07
Phishing_emails_abusing_another_Cloudflare_service
LOW
+
—
Intel Source: Trustwave Intel Name:
Phishing_emails_abusing_another_Cloudflare_service Date of Scan: 2023-09-07
Impact: LOW Summary: Trustwave is seeing a lot of phishing emails with URLs
abusing another Cloudflare service which is r2.dev. The subjects of the phishing
emails contain alarming or common keywords like statement paid, upgrade mail,
purchase order, etc.
Source:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-bucket-of-phish-attackers-shift-tactics-with-cloudflare-r2-public-buckets/
2023-09-07
New_Warp_Malware_Dropping_Modified_Stealerium_Infostealer
LOW
+
—
Intel Source: Seqrite Intel Name:
New_Warp_Malware_Dropping_Modified_Stealerium_Infostealer Date of Scan:
2023-09-07 Impact: LOW Summary: In order to address certain demands and
vulnerabilities, cybercriminals started marketing and disseminating several
stealthy malware variants. Stealer malware today, such the “Warp Stealer,” is
quite advanced and versatile. From infected PCs, they can collect useful data
such as hardware specifications, network setups, browser history, and private
information pertaining to finances and online activities.
Source:
https://www.seqrite.com/blog/new-warp-malware-drops-modified-stealerium-infostealer/
2023-09-07
Mac_users_targeted_in_new_malvertising_campaign_delivering_Atomic_Stealer
LOW
+
—
Intel Source: Malwarebytes Intel Name:
Mac_users_targeted_in_new_malvertising_campaign_delivering_Atomic_Stealer Date
of Scan: 2023-09-07 Impact: LOW Summary: AMOS was first promoted as a Mac OS
stealer with a strong focus on crypto assets in April 2023. It also included a
file grabber and the ability to harvest passwords from browsers and Apple’s
keychain. A new version of the project was released at the end of June as a
result of the developer’s active work on it.
Source:
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising
2023-09-07
In_depth_analysis_of_Scarleteel_2_threat
LOW
+
—
Intel Source: Sysdig Intel Name: In_depth_analysis_of_Scarleteel_2_threat Date
of Scan: 2023-09-07 Impact: LOW Summary: In Sysdig post, their analysts provided
a full detailed report about cyber attack that reverberated across the digital
realm – SCARLETEEL. In their analysis this serious incident using the MITRE
ATT&CK framework, where analysts are providing deep insights into the
operational tactics of cyber adversaries.
Source:
https://sysdig.com/blog/scarleteel-mitre-attack/
2023-09-07
Spreading_New_Agent_Tesla_Variant_through_Excel_Document
MEDIUM
+
—
Intel Source: Fortinet Intel Name:
Spreading_New_Agent_Tesla_Variant_through_Excel_Document Date of Scan:
2023-09-07 Impact: MEDIUM Summary: Researchers from FortiGuard have discovered a
phishing campaign spreading a new Agent Tesla variant. To obtain initial access,
this well-known malware family uses a data stealer and.Net-based Remote Access
Trojan (RAT). For Malware-as-a-Service (MaaS), it is frequently utilized. When
this campaign was thoroughly examined, everything from the initial phishing
email to the acts of Agent Tesla installed on the victim’s computer to the
gathering of personal data from the harmed device was discovered.
Source:
https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document
2023-09-07
An_Examination_of_a_New_Stealing_Campaign
LOW
+
—
Intel Source: Zscaler Intel Name: An_Examination_of_a_New_Stealing_Campaign Date
of Scan: 2023-09-07 Impact: LOW Summary: A new theft campaign known as the
“Steal-It” campaign was just found by Zscaler ThreatLabz. In this campaign, the
threat actors use modified versions of Nishang’s Start-CaptureServer PowerShell
script to steal and exfiltrate NTLMv2 hashes. They then run various system
tasks, extract the data, and exfiltrate it utilizing Mockbin APIs.
Source:
https://www.zscaler.com/blogs/security-research/steal-it-campaign
2023-09-06
Backdoor_Distribution_Through_Malicious_LNK
LOW
+
—
Intel Source: ASEC Intel Name: Backdoor_Distribution_Through_Malicious_LNK Date
of Scan: 2023-09-06 Impact: LOW Summary: Malware that was formerly delivered in
CHM format is now being spread in LNK format, according to ASEC experts. Through
the mshta process, this malware runs other scripts that are located at a certain
URL. Following that, it gets instructions from the threat actor’s server to
engage in more malicious actions.
Source:
https://asec.ahnlab.com/en/56756/
2023-09-06
Analysis_of_the_FBI_Operation_Duck_Hunt
LOW
+
—
Intel Source: Emanuele Delucia Intel Name:
Analysis_of_the_FBI_Operation_Duck_Hunt Date of Scan: 2023-09-06 Impact: LOW
Summary: The “Duck Hunt” campaign is linked to a specific campaign called
“Operation Duck Hunt” that disrupted the Qakbot botnet. The name might have been
chosen to symbolize the effort to track down and disable the Qakbot botnet,
similar to shooting down ducks in the game.
Source:
https://www.emanueledelucia.net/under-the-shellcode-of-operation-duck-hunt-analysis-of-the-fbis-ducks-killer/
View All
Threat Content
SHARED SECURITY CONTENT ON SIGMA
Securonix Threat Labs publishes up-to-date IOCs and threat hunting queries on
Sigma, allowing you to tap into a vast community of collective defense and stay
ahead of emerging threat research.
Visit our Sigma Page
WHY SECURITY CONTENT MATTERS
Learn how Securonix is paving the way to make precise, and actionable security
content a reality for our customers.
WHAT'S NEW FROM THREAT LABS
*
Blog
Securonix Threat Labs Monthly Intelligence Insights – July 2023
Learn More
*
Blog
Detecting Ongoing STARK#MULE Attack Campaign Targeting Victims Using US
Military Document Lures
Learn More
*
Blog
Securonix Threat Labs Security Advisory: Detecting Microsoft Office Zero-day
HTML Vulnerability (CVE-2023-36884) “RomCom”/Storm-0978 Exploitation With
Security Analytics
Learn More
THREAT LABS ARCHIVES
* Threat Research
* Why Securonix?
* Why Securonix?
* Analyst Resources
* Overview
* Compare Us
* Products
* Platform
* Bring Your Own Snowflake
* Bring Your Own AWS
* Unified Defense SIEM
* UEBA
* SOAR
* ATS
* Investigate
* Solutions
* Cloud Security
* Google Cloud Platform
* Microsoft Azure
* Microsoft 365
* Amazon Web Services
* Insider Threat
* NDR
* EMR Monitoring
* Healthcare
* Manufacturing
* Financial Services
* Resources
* Resource Library
* Threat Labs
* Legal Center
* Open Source Software Listing – 5.0
* Open Source Software Listing – 6.0
* Company
* About
* Newsroom
* Careers
* Blog
* Services
* Training
* Support Services
* Professional Services
* Partners
* Global System Integrators
* MSSPs
* Solution Providers
* Technology Alliance
* Distributors
* Partner Portal Login
Securonix 2022. All Rights Reserved
Legal Center | Privacy Policy
*
*
*
*
*
Contact Us
×
We Value Your Privacy
Settings
NextRoll, Inc. ("NextRoll") and our advertising partners use cookies and similar
technologies on this site and use personal data (e.g., your IP address). If you
consent, the cookies, device identifiers, or other information can be stored or
accessed on your device for the purposes described below. You can click "Allow
All" or "Decline All" or click Settings above to customize your consent.
NextRoll and our advertising partners process personal data to: ● Store and/or
access information on a device; ● Create a personalized content profile; ●
Select personalised content; ● Personalized ads, ad measurement and audience
insights; ● Product development. For some of the purposes above, our advertising
partners: ● Use precise geolocation data. Some of our partners rely on their
legitimate business interests to process personal data. View our advertising
partners if you wish to provide or deny consent for specific partners, review
the purposes each partner believes they have a legitimate interest for, and
object to such processing.
If you select Decline All, you will still be able to view content on this site
and you will still receive advertising, but the advertising will not be tailored
for you. You may change your setting whenever you see the Manage consent
preferences on this site.
Decline All
Allow All
Manage consent preferences