Happy Wednesday everyone!

Today’s #readoftheday is a tale of victims getting compromised when they tried to download pirated movies! Mandiant (part of Google Cloud) reports that it all started with a zip file whos title hinted that it would be a movie but really contained a malicious LNK (Microsoft Shortcut files) that executes a PowerShell downloader script which leads to the #PEAKLIGHT malware, another PowerShell-based downloader.

Interestingly, one of the variations uses an executable named Setup.exe which appears to be masquerading as a legitimate application, which is a common technique that is used by threat actors to gain trust from their victims!

As always, enjoy the rest of the article, I hope you have time to read it for yourself, and stay tuned for your Threat Hunting Tip of the Day!

PEAKLIGHT: Decoding the Stealthy Memory-Only Malwarehttps://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/

Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

  • Just Another Blue Teamer@ioc.exchangeOP
    link
    fedilink
    arrow-up
    1
    ·
    2 months ago

    For your Threat Hunting Tip of the Day:

    Masquerading is a common technique used by attackers and by using legitimate names for their malicious programs it makes the victims more likely to click the application. But, as a hunter, what can you do? Easy: Look at the process chain!

    Part of Threat Hunting is learning your environment and by identifying process chains that are legitimate in your environment, you can start to look for process chains that may not make sense. So when you are looking at “legit” sounding apps that are executing, make sure you look at the parent process!

    Good luck and Happy Hunting!

    Cyborg Security Intel 471 #CyberSecurity #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #huntoftheday #gethunting!