Lmst

The threat actor #SharpPanda is the focus of this #readoftheday by ThreatMon | Advanced Threat Intelligence Platform. This time they were targeting G20 members with a sophisticated phishing emails that deploy a downloader. Enjoy and Happy Hunting!

Link in comment!

***Switching things up a bit this time: Take a look at the MITRE ATT&CK Tactic of Discovery and let me know what commands and information you can see from the article. [Hint: Look for the memory]***

TA0001 - Initial Access
T1566.001 - Phishing: Spearphishing Attachment

TA0002 - Execution
T1204.002 - User Execution: Malicious File

TA0003 - Persistence
T1053.005 - Scheduled Task/Job: Scheduled Task

TA0007 - Discovery
T1082 - System Information Discovery
T1518.001 - Software Discovery: Security Software Discovery

TA0005 - Defense Evasion
T1027 - Obfuscated Files or Information

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

New malware variant has “radio silence” mode to evade detection

The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the ‘Soul’ malware framework

#sharpPanda #asia #SEasia #vietnam #thailand #indonesia #malware #security #cybersecurity #hackers #hacking

https://www.bleepingcomputer.com/news/security/new-malware-variant-has-radio-silence-mode-to-evade-detection/

This is a very detailed analysis on the #SharpPanda #APT group's use of the #Soul #malware framework, used to recently target Southeast Asian government entities.
#DFIR

Check Point Report: https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/