network

WannaRen Returns as Life Ransomware, Targets India

Posted on November 23, 2022November 24, 2022 by Admin

WannaRen Returns as Life Ransomware, Targets India Ransomware This blog entry looks at the characteristics of a new WannaRen ransomware variant, which we named Life ransomware after its encryption extension. By: Don Ovid Ladores, Jeffrey Francis Bonaobra November 23, 2022 Read time: ( words) Although not as well-known as ransomware families such as Ryuk, REvil, or Maze, WannaRen ransomware made a name for itself back in 2020 after it launched attacks against Chinese internet users,…

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Posted on November 8, 2022November 8, 2022 by Admin

Changing the paths is likely something that an attacker will do, and this will cause some of the things we’ve previously discussed to change in the binaries and in the traffic patterns. For instance, if the getname in the DOH agent is changed, it will no longer go to 6765746e616d65 but will instead redirect to a subdomain of whatever it was changed to, converted to the hexadecimal system (an example being “trendmicroftr”, which would look…

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

Posted on October 12, 2022October 12, 2022 by Admin

Tactic / Technique Notes TA0001 Initial Access T1566.001 Phishing: Spear phishing Attachment Victims receive spear phishing emails with attached malicious zip files – typically password protected or HTML file. That file contains an ISO file. T1566.001 Phishing: Spear phishing Link QAKBOT has spread through emails with newly created malicious links. TA0002 Execution T1204.001 User Execution: Malicious Link QAKBOT has gained execution through users accessing malicious link T1204.002 User Execution: Malicious Link QAKBOT has gained execution…

Tracking Earth Aughisky’s Malware and Changes

Posted on October 4, 2022October 4, 2022 by Admin

Tracking Earth Aughisky’s Malware and Changes APT & Targeted Attacks For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed. By: CH Lei October 04, 2022 Read time: ( words) For security researchers and analysts monitoring advanced persistent threat (APT) groups’ attacks and tools, Earth Aughisky (also known as Taidoor) is among the…

Improve Threat Detection & Response with OCSF

Posted on August 10, 2022August 10, 2022 by Admin

Trend Micro has always been a team player. Over the past three decades and more, we’ve worked closely with law enforcement, industry solution providers, academics and others to strengthen our collective hand against a common adversary. Yet while we’ve been breaking down barriers through this collaborative approach, the cybersecurity industry sometimes unwittingly puts more up. That’s why we’re thrilled to join a new open source initiative designed to make it easier for organizations to detect…

Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data

Posted on July 20, 2022July 20, 2022 by Admin

The use of legitimate Windows tools as part of malicious actors’ malware arsenal has become a common observation in cyber incursions in recent years. We’ve discussed such use in a previous article where PsExec, Windows Management Instrumentation (WMI), simple batch files or third-party tools such as PC Hunter and Process Hacker were used to disable endpoint security products, move laterally across networks, and exfiltrate information, among others. We have also extensively discussed legitimate tools that…

Hacking the Crypto-monetized Web

Posted on June 30, 2022July 1, 2022 by Admin

Hacking the Crypto-monetized Web Cyber Threats What danger lies around the corner? By: Jon Clay June 30, 2022 Read time: ( words) The web is several decades old. But it largely still relies on the same method of monetization as it always has: advertising. However, things are changing thanks to the power of cryptocurrency and blockchain. It’s what Trend Micro has coined the “crypto-monetized web” (CMW). But where there’s money to be made and users…

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

Posted on June 28, 2022June 28, 2022 by Admin

Lateral movement to machines in the network After the initial infection with Cobalt Strike, we observed that the threat actor dropped node.exe, which is a stowaway proxy tool that is publicly available on Github. The tool is written in the GO language and can provide many capabilities to threat actors: remote shell execution, upload/downloading files, and more. In this case, the tool is used to provide a reverse shell to threat actors on IP: 45[.]32.108.54…

Examples of Cyber Warfare #TrendTalksBizSec

Posted on June 21, 2022June 23, 2022 by Admin

Jon Clay, VP of Threat Intelligence: [00:00:00] Hey welcome everybody. Jon Clay, VP of Threat Intelligence here at Trend Micro and welcome to another episode of #TrendTalksBizSec. Joining me again is my cohort in crime. Ed Cabrera, Chief Cybersecurity Officer: My name’s Ed Cabrera. I’m the Chief Cybersecurity Officer at Trend Micro. It’s great to be here. Jon: You know, interesting Ed, I recently was able to travel to Switzerland, to Davos for the World…

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

Posted on May 2, 2022May 2, 2022 by Admin

Conclusion While AvosLocker has been documented for its abuse of AnyDesk for lateral movement as its preferred application, we note that other remote access applications can also be abused to replace it. We think the same can be said for the software deployment tool, wherein the malicious actors can subsequently decide to replace and abuse it with other commercially available ones. In addition, aside from its availability, the decision to choose the specific rootkit driver…

« 1 2 3 4 5 »

WannaRen Returns as Life Ransomware, Targets India

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

Tracking Earth Aughisky’s Malware and Changes

Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data

Examples of Cyber Warfare #TrendTalksBizSec

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)