The blog post from Malwarebytes, titled "Malvertisers zoom in on cryptocurrencies and initial access," details a rise in malicious ads targeting software like Zoom, often used by those interested in cryptocurrencies and corporate networks. Two specific cases were highlighted: HiroshimaNukes, a new malware loader, and FakeBat, a loader tracked via a new control panel called Hunting panel 1.40. The report outlines the methods, distribution, and specific indicators of compromise for these malvertising campaigns, emphasizing the continued threat they pose and the efforts to protect users from such attacks.
IoC
SSLCertFingerprint
- 18:ff:07:f3:05:a7:6a:c2:7a:38:89:c5:06:fd:d7:b8:d9:06:88:ab
- 6a:21:31:8b:f4:0a:04:40:fa:37:46:15:a3:ce:1f:0a:c5:0a:93:c3
- 89:29:97:5e:e9:f7:14:d9:95:16:9b:b3:74:33:0c:7b:d0:8f:98:30
- b6:74:45:84:0c:ff:81:05:c2:28:0f:ef:91:23:d8:a0:e8:ed:3a:2e
DOMAIN
- 222camo.com
- baronessabernesemountaindogpuppies.com
- delivery-usps.ren
- delivery-usps.vip
- delivery-usps.wiki
- erinemailbiz.com
REFERENCES
- https://unit42.paloaltonetworks.com/detecting-malicious-stockpiled-domains/
- https://otx.alienvault.com/pulse/658181bc828850f35f6b26c7
TAGS
Phishing
No comments:
Post a Comment