LeeArchinal, to Cybersecurity
@LeeArchinal@ioc.exchange avatar

Happy Wednesday everyone!

As we continue down the "Year in Review" from Cisco Talos Intelligence Group we move to the MITRE ATT&CK Technique, which is second on their list of top 20 most common seen, T1078, Valid Accounts.

T1078 or Valid Accounts is used when "adversaries obtain and abuse credentials of existing accounts as a means of Initial Access, Persistence, Privilege Escalation, or Defense Evasion." Basically, the adversary is leveraging your own users against you! Of course, the more privileges the account has the better!

This technique also has 4 sub-techniques, which helps defenders get a little more specific with the technical details. These include the abuse of Default Accounts, Domain Accounts, Local Accounts, and Cloud accounts, all of which have their own little role to play in an adversaries attack!

https://attack.mitre.org/techniques/T1078/

LeeArchinal, to Cybersecurity
@LeeArchinal@ioc.exchange avatar

Happy Friday! I hope the week was kind to you!

The Cisco Talos Intelligence Group researchers discovered a new remote access trojan () that they dubbed "SugarGh0st". The adversary was "targeting the Uzbekistan Ministry of Foreign Affairs and users in South Korean".

In one of the attacks, the adversary used a shortcut file with a double extension, which is a technique adversaries use to abuse the default settings of Windows, which is to hide the extensions, so the user may not suspect anything. Some of the capabilities include video and screen capture as well as the ability to clear tracks by deleting event logs. Check out the rest of the technical details and the second infection chain in the article! Enjoy and Happy Hunting!

New SugarGh0st RAT targets Uzbekistan government and South Korea
https://blog.talosintelligence.com/new-sugargh0st-rat/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • khanakhh
  • kavyap
  • thenastyranch
  • everett
  • tacticalgear
  • rosin
  • Durango
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • InstantRegret
  • Youngstown
  • slotface
  • megavids
  • ethstaker
  • ngwrru68w68
  • cisconetworking
  • modclub
  • tester
  • osvaldo12
  • cubers
  • GTA5RPClips
  • normalnudes
  • Leos
  • provamag3
  • anitta
  • lostlight
  • All magazines