2022-06-14 (Tuesday) - #TA578 #Bumblebee malware infection led to #CobaltStrike activity on 172.93.181[.]105:443 using hocavopeh[.]com - IOCs available at:
bit.ly/3HoonBO
2022-07-06 (Wed) - #TA578 #ContactForms campaign used Yandex URL to deliver zip-ed ISO - Led to #IcedID ( #Bokbot ), which led to #DarkVNC on 188.40.246[.]37:8080 & #CobaltStrike on 198.44.132[.]80:8080 using centertechengineering[.]com - IoCs available at: bit.ly/3nK8FYB
Today's quick #malware analysis with #SecurityOnion : #TA578 , #Bumblebee , and #CobaltStrike pcap from 2022-06-14!
Thanks to Brad for sharing this #pcap !
More screenshots:
blog.securityonion.net/2022/06/quick-…
#DFIR
#infosec
#infosec urity
#ThreatHunting
#IncidentResponse
Today's quick #malware analysis with #SecurityOnion : #TA578 #ContactForms #IcedID #CobaltStrike #pcap from 2022-05-10!
Thanks to Brad for sharing this #pcap !
More screenshots:
blog.securityonion.net/2022/05/quick-…
#DFIR
#infosec
#infosec urity
#ThreatHunting
#IncidentResponse
Today's quick #malware analysis with #SecurityOnion : #TA578 Contact Forms Campaign #Bumblebee Infection with #CobaltStrike pcap from 2022-06-09!
Thanks to Brad for the #pcap !
More info:
blog.securityonion.net/2022/06/quick-…
#infosec
#infosec urity
#ThreatHunting
#IncidentResponse