Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
FinalSite Ransomware
FinalSite, a SaaS provider for school websites, was hit by a ransomware attack on January 4, 2022, affecting over 8,000 schools globally. The attack disrupted emergency notifications, crucial for school closures and COVID-related updates. FinalSite is working with Charles River Associates and assures no client data was compromised. The ransomware strain remains undisclosed.
ONUS Compromised from Log4Shell
The ONUS cryptocurrency platform was compromised via the Log4Shell vulnerability, leading to the exposure of 2 million users' data. Attackers exploited insecure AWS S3 configurations to access sensitive information and deploy a backdoor, allowing further access. The attack revealed user EKYC data, personal information, and password hashes.
Purple Fox Rootkit
Minerva reports a malicious Telegram installer, identified by MalwareHunterTeam, spreading the Purple Fox rootkit. The installer evades detection, modifies the registry, and bypasses UAC. It then exfiltrates information on AV products to the C2 server and downloads the Purple Fox rootkit, compromising the victim's system.
Lapsus$ Ransomware Gang Hacks Portugal's Media Conglomerate, Impresa
Over New Year's weekend, the Lapsus$ ransomware gang hacked Portugal's media conglomerate Impresa, affecting TV channel SIC and newspaper Expresso. The attack forced the media platforms offline and left a ransomware note on defaced sites. Lapsus$ also claimed access to Impresa's Amazon Web Services account.
Log4j 2.17.1
The Log4j 2.17.1 update addresses CVE-2021-44832, a remote code execution (RCE) vulnerability with a score of 6.6. The exploit requires the attacker to modify the Log4j configuration file. The flaw impacts versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4). The update fixes the issue by limiting JNDI data source names to the java protocol.
Diavol Ransomware - DFIR Report
The DFIR Report's intrusion analysis reveals that a BazarLoader infection, initiated via a phishing email with a malicious OneDrive link, led to the deployment of Diavol ransomware by Wizard Spider. The attack involved extensive reconnaissance, credential harvesting, lateral movement using RDP and AnyDesk, data exfiltration with FileZilla, and ransomware deployment.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
