Talos Threat Source is a regular intelligence update from Cisco Talos, highlighting the biggest threats each week and other security news.
Microsoft Releases Monthly Security Advisories for Feb 2018
###Event: Talos Insights: The State of Cyber Security @ Novosco Cyber Security and GDPR Seminar
####Date: 2018-02-22
####Speaker: Warren Mercer, Technical Leader
Synopsis: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.novosco.com/cyber-security-gdpr-belfast
###Event: [BRKSEC-2777] Talos Insights: The State of Cyber Security @ Cisco Live Melbourne
####Date: 2018-03-06 - 2018-03-09
####Speaker: Nick Biasini, Threat Researcher
Synopsis: Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary for maintaining a secure network. People responsible for defending networks realize that the security threat landscape is constantly in flux as attackers evolve their skills. Talos advances the overall efficacy of all Cisco security platforms by aggregating data, cooperating with teams of security experts, and applying the cutting-edge big data technology to security. In this talk we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies. ####Reference: https://www.ciscolive.com/anz/learn/sessions/session-catalog/?search=BRKSEC-2777
###Event: Surprise, Supplies! @ OPCDE (Dubai, UAE)
####Date: 2018-04-06 - 2018-04-07
####Speaker: Paul Rascagneres
Synopsis: Supply chain attacks are often long thought about and often overlooked in terms of how well a business prepares itself for any associated compromise or breach. 2017 has truly marked itself as ‘The Year Of The Supply Chain Attack’ and marked a turning point concerning supply chain attacks. Talos was involved in two major campaigns: MeDoc compromise that paralyzed the Ukraine and CCleaner compromise that impacted a reported 2.27M consumers. In this presentation we will firstly present these two cases. In both cases, we will present how the attackers modified a legitimate application and what was the result of the modification. We will explain the purpose of the attackers and the malware used against the victims. For the MeDoc compromise, we were directly involved in the incident response and we will provide a timeline of the events to give an idea of the before, during and after picture associated with Nyetya and MeDoc. Concerning the CCleaner compromise, we will provide some data and statistics from the attacker’s database and the profiles of the targeted organizations. In a second part, we will speak globally about supply chain attacks. We will remember that it’s not the first time in the history that this kind of attacks occurred and we will finally open the discussion on the future of this attacks. ####Reference: https://www.opcde.com/
###Title: Microsoft Releases Monthly Security Advisories for Feb 2018
Description: Microsoft has released its monthly set of security advisories for vulnerabilities that have been addressed in supported products. This month’s update sees 54 vulnerabilities addressed with 14 rated critical, 38 rated important, and 2 rated moderate. These vulnerabilities impact Edge, Office, Outlook, Windows, and more.
####Reference: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/879af9c3-970b-e811-a961-000d3a33c573
####Snort SID: 45624-45637, 45649-45650, 45654-45657, 45659-45660, 45673-45674, 40691-40692
Olympic Destroyer Takes Aim At Winter Olympics
http://blog.talosintelligence.com/2018/02/olympic-destroyer.html?f_l=s
Source Code for iOS iBoot Leaked; Apple Downplays Impact of Issue
https://threatpost.com/apple-downplays-impact-of-iboot-source-code-leak/129852/
Hackers Keep it Simple: Malware Evades Detection by Simply Copying kernel32.dll
https://blogs.bromium.com/malware-copies-file-evades-detection/
Drive-by cryptomining campaign targets millions of Android users
https://blog.malwarebytes.com/threat-analysis/2018/02/drive-by-cryptomining-campaign-attracts-millions-of-android-users/
RECon Brussel 2018 Slides
https://recon.cx/2018/brussels/slides/
- SHA 256: 238e42e887eddbb4ab164a62874e21b905665b32fe3b5d80473500d6c3f2e8c9
- MD5: 3395357300dd177727443c015bcdecfe
- VirusTotal: https://www.virustotal.com/file/238e42e887eddbb4ab164a62874e21b905665b32fe3b5d80473500d6c3f2e8c9/analysis/#additional-info
- Typical Filename: WPA_Kill.exe
- Claimed Product: Windows 2003 & XP Anti Product Activation Patch
- Detection Name: W32.238E42E887-95.SBX.TG
- SHA 256: 9a51195e1515e0a405f5c251297b3b8888ca625d93052e3af97dd3f248b837b3
- MD5: a354b0d4cc6f0d15bd838e259f4d8b0d
- VirusTotal: https://www.virustotal.com/file/9a51195e1515e0a405f5c251297b3b8888ca625d93052e3af97dd3f248b837b3/analysis/#additional-info
- Typical Filename: helperamc.zip
- Claimed Product: Advanced Mac Cleaner
- Detection Name: Auto.9A51195E15.Sbmt.tht.Talos
- SHA 256: 8dff8c055205be8ccca6fc48d21084cc56f54bbfde1050722f8320030fb23d6c
- MD5: d95501350cce35a8e2bf8021f82dd4c0
- VirusTotal: https://www.virustotal.com/file/8dff8c055205be8ccca6fc48d21084cc56f54bbfde1050722f8320030fb23d6c/analysis/#additional-info
- Typical Filename: Sales Invoice.doc
- Claimed Product: N/A
- Detection Name: W32.8DFF8C0552-100.SBX.TG
- SHA 256: aac89cbf9639282212d8c4842def901471eca392f18c4ccf119380eb4155d2b5
- MD5: b9ec59d036d43e1302083ef3e48b1311
- VirusTotal: https://www.virustotal.com/file/aac89cbf9639282212d8c4842def901471eca392f18c4ccf119380eb4155d2b5/analysis/#additional-info
- Typical Filename: dwm.exe
- Claimed Product: (none)
- Detection Name: W32.Generic:Gen.20hd.1201
- SHA 256: 15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b
- MD5: 799b30f47060ca05d80ece53866e01cc
- VirusTotal: https://www.virustotal.com/file/15716598f456637a3be3d6c5ac91266142266a9910f6f3f85cfd193ec1d6ed8b/analysis/#additional-info
- Typical Filename: mf2016341595.exe
- Claimed Product: (none)
- Detection Name: W32.Generic:Gen.21cp.1201
####TOP SPAM SUBJECTS OBSERVED
####MOST FREQUENTLY USED ASNs FOR SENDING SPAM