Anvilogic Forge Threat Research Reports
Here you can find an accumulation of trending threats published weekly by the Anvilogic team.
We curate threat intelligence to provide situational awareness and actionable insights
Atomic detections that serve as the foundation of our detection framework.
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Bandai Namco Confirms A Cyberattack
Bandai Namco has confirmed a cyberattack that occurred on July 3, 2022, currently under investigation. The attack may have compromised customer information related to the Toys and Hobby Business in Asia (excluding Japan). While the company investigates the scope and cause of the damage, reports from vx-underground suggest ALPHV/BlackCat as the ransomware gang behind the attack.
Bumblebee Loader Incorporated into New Ransomware Operations
Symantec's Threat Hunter team has identified the integration of the Bumblebee loader into various ransomware operations, including Conti and Quantum. This transition may have been pre-planned as a replacement for Trickbot and BazarLoaders. The Bumblebee loader is delivered via phishing emails containing a malicious DLL and LNK file within an ISO file. The LNK file uses rundll32.exe to execute the Bumblebee DLL, which then contacts the attacker's C2 server. Persistence is established through a scheduled task running a VBS file. Hours later, Cobalt Strike is deployed, system reconnaissance is performed using 'systeminfo' and AdFind, and ransomware encryption follows.
Undoing Microsoft Macros Block By Default
Microsoft has rolled back its decision to block macros by default in Office products due to customer feedback, surprising many admins. This reversal could lead to increased security risks as threat actors might reuse old macro-based malware tactics.
Report of Infection Chain XLoader Abuses PDF, MS and Equation Editor Released
Cyble's report uncovers XLoader's infection chain, exploiting PDF and Microsoft vulnerabilities. The malware uses a spam email with a PDF and XLSX file, leveraging the equation editor vulnerability (CVE-2017-11882) for execution. XLoader employs steganography for stealth and exfiltrates credentials and data to the attacker's server.
Researchers Found Infection Chain in USB Devices and Shared Folders
Cybereason's research uncovers the Raspberry Robin worm's infection chain via USB devices and shared folders. The malware uses LNK files to call msiexec.exe, downloading a malicious DLL. It injects into rundll32.exe, regsvr32.exe, and dllhost.exe, and maintains persistence through the registry run key.
Hacker Alleges to Steal Data from Chinese Citizens
An anonymous hacker, "ChinaDan," claims to have stolen data from the Shanghai National Police database, affecting 1 billion Chinese citizens. The data includes personal details and criminal records, allegedly exfiltrated from Alibaba Cloud due to an open ElasticSearch database and a tech blog exposing credentials. Binance CEO Zhao Changpeng and Wall Street Journal reporter Karen Hao have investigated and verified the breach's authenticity.
.png)
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
.png)
Whitepapers
The World's Best SOC Teams Use Anvilogic
.png)
.svg)
.svg)
.svg)
.svg)
.svg)
