Subscribe To Our Newsletter!

Stay up to date on the top trending threats as well as the top stories in Security, Networks, Cloud, IT Ops & AIOps.

KNOW what happened last week – A quick recap

Looking at last week's trending malware, threat actor, and attack method.

Post by Rajarshi Mitra Sep 07, 2020

Let’s analyze the state of last week’s global threat landscape. The categories to be studied and analyzed through KNOW’s threat intelligence dashboard are:

Malware of the week – Emotet

Emotet malware

Gaining over 2,100 references during the week, Emotet was, quite comfortably, our malware of the week. Emotet delivers modular payloads to monetize infections. These payloads include:

  • Godzilla loader
  • Dridex
  • Gootkit
  • Qbot
  • Qakbot
  • BitPaymer

KNOW’s dashboard also gave us the following insights on Emotet:

  • 4,734 associated IP addresses.
  • 878 associated domains.
  • 14,546 known hashes.
  • 14,983 associated URLs.
  • Known threat actors: Mummy Spider, Mealybug, and TA542.

Industries affected by Emotet

As per KNOW, Emotet has affected the following industries:

  • Finance
  • Manufacturing
  • Media and entertainment
  • Healthcare
  • Education
  • Banking
  • Transportation
  • Retail
  • Food and beverage
  • Law
  • Aviation
  • Electricity
  • Services

Threat actor of the week – Hidden Cobra

Hidden Cobra was, by far and away, the most referenced threat actor on KNOW’s threat intel dashboard.

hidden cobra

KNOW allows you to gain a bird’s eye view and full context about the threat actor in question. This empowers you to make business-critical decisions with full context and ensure that you have everything you need to protect your organization from Hidden Cobra.

Industries affected by Hidden Cobra

  • Finance
  • Aerospace and defense
  • Manufacturing
  • Media and entertainment
  • Telecommunications
  • Banking
  • Industrial equipment
  • Hospitals
  • Aviation

Important data captured by KNOW:

  • Associated IP addresses: 20
  • Associated domains: 19
  • Hashes:85
  • URLs: 27
  • Malware: 32
  • Attack Vectors: 39

Attack Method of the Week – Data Breach

The attack method of the week was data breaches.

data breach visual

Data breaches were:

  • The third most referenced attack method in the last seven days.
  • The second most popular attack method for the last two months.

Investigating trending data breaches

KNOW is not just a threat intel dashboard, but it also happens to be a news aggregator serving up the latest, hottest-trending security stories of the moment for a bird’s-eye view of the global threat landscape.

The main news section of the KNOW can be accessed here. When you go to the “data breach” section, you will see the most trending story. Last week, it was:

data breach

Besides collating all these stories, KNOW collects relevant tweets to give you more context about the breach. Along with that, KNOW gives you a small snapshot of all the malware, threat actors, etc. that are somewhat related to this incident.

In this case, we have five malware softwares that have been pinpointed by KNOW.

Lokibot

  • Type: Botnet
  • Alias: Loki Bot, Loki Password Stealer, and LokiPWS.
  • Historically Linked to Campaign: Aggah campaign.
  • Recent Sandbox Sighting: AnyRun and Hybrid Analysis.
  • Historic Sandbox Sighting: AnyRun, Hybrid-Analysis, and CAPE.

AveMaria

  • Type: Botnet
  • Alias: Loki Bot, Loki Password Stealer, and LokiPWS.
  • Recent Sandbox Sighting: AnyRun and Hybrid Analysis.
  • Historic Sandbox Sighting: AnyRun, Hybrid-Analysis, and CAPE.

NetWiredRC

  • Type: RAT
  • Historic Sandbox Sighting: Hybrid-Analysis, and CAPE.

XMRig Miner

  • Type: Cryptocurrency Miner
  • Alias: XMRig.
  • Recent Sandbox Sighting: AnyRun and Hybrid Analysis.
  • Historic Sandbox Sighting: AnyRun, Hybrid-Analysis, and CAPE.

FritzFrog

  • Type: Botnet
  • Historic Sandbox Sighting: Hybrid-Analysis.

If you need more context, you can click on each malware and gain more context about what you are dealing with here.

What is KNOW?

KNOW is Netenrich’s Threat Intel Platform that extracts data from billions of data points and correlates relevant intel and expert analyst insights to help you follow, search, and act—in a fraction of the time it takes now.

One of KNOW’s handiest tools is the trending threats dashboard, which gives you a bird’s eye view of the most potent malware, threat actors, methods, and vulnerabilities in the following time frames:

  • Last 7 days.
  • Last 60 days.

So, want to check out KNOW some more? Why don’t you sign up? Did we mention that it’s completely free?
Or just subscribe to get daily threat intel updates.

About the Author

Rajarshi Mitra

Rajarshi is a creative and accomplished writer who made his mark in the blockchain space before stepping into cybersecurity. When he is not working, he is busy chilling with his wife and cat.

Subscribe To Our Newsletter!

The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.

Thank you for subscribing!

Related Post

Jun 28 2021

KNOW this week – Clop ransomware and Molerats resurface agai

Clop ransomware launches a series of new attacks, ...

Read More
Jun 22 2021

Attack Surface Management during Mergers & Acquisitions

How to be more proactive and fix the holes in your...

Read More