tag:blogger.com,1999:blog-22552387434687179732024-03-01T23:50:36.639-08:00HOMEVikneswaran Rhttp://www.blogger.com/profile/00119885792068666447noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-2255238743468717973.post-85680283494420057902021-07-17T01:02:00.003-07:002021-07-17T01:02:51.592-07:00 Beware! – Kaseya-themed Malware Scam -Fake Kaseya VSA Security Update Drops Cobalt Strike<br /><br />Notorious hacking group REvil was behind the attack, which exploited vulnerabilities in Kaseya's VSA software to distribute ransomware.<br /><br />While the investigation takes place, A phishing campaign that claims to offer a security update for Kaseya’s VSA software is actually attempting to install deploying malware to infect computers with Cobalt Strike-delivered malware. <br /><br />Kaseya has urged customers to be aware of a wave of phishing emails taking advantage of the disruption caused by a recent ransomware attack. <br /><br />The fake email urge recipients to download and execute an attachment called “SecurityUpdates.exe” as well as a link pretending to be security update from Microsoft to patch Kaseya vulnerability.<br /><br /><img height="401" src="https://media-exp3.licdn.com/dms/image/C4D12AQGWrYlSpF5AFg/article-inline_image-shrink_1500_2232/0/1625906173480?e=1631750400&v=beta&t=XVesLxbv-vZ-3FRjTn0uwSVeDDRwCreL63eANzt8ngY" width="496" /><br />(Source: Malwarebytes)<br /><br />However, the attachment, is actually a Cobalt Strike package. Also once users click the URL, they are redirected to some other server [45[.]153[.]241[.]113/download/pload.exe] where the malicious file exists.<br /><br />Researchers added that with the use of Cobalt Strike, hackers intend to also gain access to already-compromised systems, possibly for further reconnaissance or to conduct a local, follow-up attack.<br /><br />Individuals may receive an email that looks like a security update from Microsoft.Phishing prevention requires constant vigilance. As per usual best practices :<br /><br />IOCs for Spam Campaign:<br /><br /><b>File:</b><br /><br />SHA1: 7B6621202AC7795E89891B7BD65E769BA6C267C5<br /><br /><b>Network:</b><br /><br />hxxp://45[.]153[.]241[.]113/download/pload[.]exe <br /><br />hxxp://31[.]42[.]177[.]52/dpixel<br /><br />hxxp://31[.]42[.]177[.]52/submit.phpVikneswaran Rhttp://www.blogger.com/profile/00119885792068666447noreply@blogger.com0tag:blogger.com,1999:blog-2255238743468717973.post-49485866867693385302016-07-22T01:05:00.003-07:002017-01-02T01:57:05.375-08:00VENDORS<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="http://quickkirukkalgal.blogspot.in/p/ciscotroupleshooting.html">CISCO</a><br />
<a href="http://quickkirukkalgal.blogspot.in/p/f5troubleshooting.html" target="_blank">F5</a><br />
<a href="http://quickkirukkalgal.blogspot.in/p/fgtroubleshooting.html">FORTIGATE</a><br />
<a href="http://quickkirukkalgal.blogspot.in/p/a10.html" target="_blank">A10</a><br />
<a href="http://quickkirukkalgal.blogspot.in/p/others.html">OTHERS</a></div>
Vikneswaran Rhttp://www.blogger.com/profile/00119885792068666447noreply@blogger.com0