Cybersecurity

30 readers

28 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io

Happy Wednesday everyone! (ioc.exchange)

submitted 11 months ago by LeeArchinal@ioc.exchange to c/cybersecurity@fedia.io

1 comments fedilink hide all child comments

Happy Wednesday everyone!

Today's #readoftheday is a tale of victims getting compromised when they tried to download pirated movies! Mandiant (part of Google Cloud) reports that it all started with a zip file whos title hinted that it would be a movie but really contained a malicious LNK (Microsoft Shortcut files) that executes a PowerShell downloader script which leads to the #PEAKLIGHT malware, another PowerShell-based downloader.

Interestingly, one of the variations uses an executable named Setup.exe which appears to be masquerading as a legitimate application, which is a common technique that is used by threat actors to gain trust from their victims!

As always, enjoy the rest of the article, I hope you have time to read it for yourself, and stay tuned for your Threat Hunting Tip of the Day!

PEAKLIGHT: Decoding the Stealthy Memory-Only Malwarehttps://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/

Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

you are viewing a single comment's thread
view the rest of the comments

[–] LeeArchinal@ioc.exchange 1 points 11 months ago

For your Threat Hunting Tip of the Day:

Masquerading is a common technique used by attackers and by using legitimate names for their malicious programs it makes the victims more likely to click the application. But, as a hunter, what can you do? Easy: Look at the process chain!

Part of Threat Hunting is learning your environment and by identifying process chains that are legitimate in your environment, you can start to look for process chains that may not make sense. So when you are looking at "legit" sounding apps that are executing, make sure you look at the parent process!

Good luck and Happy Hunting!

Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #huntoftheday #gethunting!