Blog | Scenario

Adhubllka ransomware

ByDetecteam 2023-09-142023-09-14

TLP

TLP CLEAR

Author

Jordi M. Lobo

Summary

A new ransomware variant has emerged as part of the Adhubllka ransomware family, targeting individuals and small enterprises with smaller ransom demands to evade media attention. The ransomware spreads via phishing emails and employs a victim portal on Tor for decryption key delivery after ransom payment. Adhubllka has been previously mislabeled and associated with various aliases, used by threat groups like TA547 in campaigns targeting diverse sectors. Researchers anticipate potential rebranding of the Adhubllka family and its adoption by other cybercriminal groups. This underscores the need for robust endpoint security measures to combat evolving ransomware threats effectively.

TIMELINE

DATA

We are consistently providing data for attacks weekly hoping to contribute raising awareness to threats from their data.

windows_security.xml_Download

references

MITRE ATT&CK

Blog | Scenario

F5 Server Audit
ByDetecteam 2023-11-092023-11-09

TLP TLP TLP CLEAR Author Sebastien Tricaud Summary This week, we share data from an actively exploited attack from the CISA Known Exploited Vulnerabilities Catalog. This is the /var/log/audit.log file from the F5 boxes which were compromised. A critical security advisory, CVE-2023-46747, reveals an unauthenticated remote code execution vulnerability in the BIG-IP Configuration utility. This…

Read More F5 Server Audit
Blog | Scenario

Agent Tesla RAT
ByDetecteam 2023-08-102023-08-10

TLP TLP TLP CLEAR Author Sebastien TRICAUD Summary Agent Tesla RAT is a potent remote access trojan designed to infiltrate systems discreetly. Employed by threat actors, it facilitates unauthorized access to compromised systems, enabling data theft, surveillance, and control. Operating since 2014, it is notorious for its keylogging capabilities, recording keystrokes to gather sensitive information…

Read More Agent Tesla RAT
Blog | Scenario

Critical Vulnerabilities in WS_FTP Server
ByDetecteam 2023-10-252023-10-25

TLP TLP TLP CLEAR Author Sebastien Tricaud Summary Caitlin Condon, an expert at Rapid7, has highlighted critical vulnerabilities in WS_FTP Server, a secure file transfer solution. These vulnerabilities, notably CVE-2023-40044 and CVE-2023-42657, were disclosed by Progress Software on September 27, 2023. CVE-2023-40044, a .NET deserialization flaw, allows remote code execution with a single HTTPS POST…

Read More Critical Vulnerabilities in WS_FTP Server
Blog | Scenario

BlackByte 2.0 Ransomware
ByDetecteam 2023-08-032023-08-03

TLP TLP TLP CLEAR Authors Jordi M. Lobo Summary BlackByte 2.0 Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions, believed to be an offshoot of the now-discontinued Conti group, is part of the big game cybercrime crews, which zeroes in on large, high-profile targets as part of its ransomware-as-a-service (RaaS) scheme. The forensic analysis…

Read More BlackByte 2.0 Ransomware
Blog | Company

Launching Detecteam
BySebastien Tricaud 2022-09-162023-02-08

Detecteam is a continuous Breach and Attack Simulation platform to enable you discover attacks you cannot detect. Have you noticed when an attack is found and described, the vendor’s security research team writes a fairly accurate document, update it over time with new discovers and provide a list of Indicator of Compromises (IoC) in the…

Read More Launching Detecteam
Blog | Scenario

Barracuda ESG Zero-Day Vulnerability
ByDetecteam 2023-09-062023-09-06

TLP TLP TLP CLEAR Author David Deflache Summary In May 2023, Barracuda disclosed a zero-day vulnerability (CVE-2023-2868) exploited by UNC4841, a suspected Chinese espionage actor. UNC4841 targeted Barracuda Email Security Gateways (ESG) since October 2022, using malicious email attachments. They deployed code families (SALTWATER, SEASPY, SEASIDE) to infiltrate and maintain control, often disguising as legitimate…

Read More Barracuda ESG Zero-Day Vulnerability

TLP