#nokoyawa — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #nokoyawa, aggregated by home.social.
-
The DFIR Report provides a case study of a ransomware incident in February to late March 2023 where the initial access was Microsoft OneNote files to deliver IcedID malware. Cobalt Strike and AnyDesk were used to target a file server and a backup server. After exfiltrating data with FileZilla, Nokoyawa ransomware was executed. The DFIR Report provides everything from attack chain, to IOC, to MITRE ATT&CK and also Diamond Model. 🔗 https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
#threatintel #IOC #Nokoyawa #ransomware #cybercrime #CobaltStrike #FileZilla #IcedID #Anydesk
-
Threat Actor Farnetwork Linked to Five Ransomware Schemes - https://www.redpacketsecurity.com/threat-actor-farnetwork-linked-to-five-ransomware-schemes/
#threatintel #Ransomware-as-a-service #Threat_actor #Nokoyawa
-
#HappyMonday everyone! The DFIR Report released another amazing report, this time they provide details of an incident that started with #IcedID and ended with #Nokoyawa #ransomware. Interesting enough, it was a malicious EXCEL doc this time that used utilized a VBA macro to download the payload. Enjoy and Happy Hunting!
IcedID Macro Ends in Nokoyawa Ransomware
https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/Notable MITRE ATT&CK TTPs:
The DFIR team did all the hard work on this one!#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting
-
It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.
#Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.
There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.
The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.
TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.
The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.
The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.
This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!
https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023
#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day
