Happy Friday everyone! We are going to wrap this week of #miniCTF with a report from Avast shedding light on the infection chain and action-on-objectives of the HotRat malware, a variant of the AsyncRAT, and its use of a AutoHotkey script which has been compromising victims who are searching for free software and getting infected instead. Enjoy and Happy Hunting!

***In this miniCTF, I have mapped some of the TTPs to MITRE ATT&CK BUT I have either mislabeled or possibly left some out! It is up to you to correct me and fill in the blanks! Enjoy and good luck!***

Notable MITRE TTPs:
TA0002 - Execution
T1204.002 - User Execution: Malicious File
T1059.001 - Command And Scripting Interpreter: Powershell

TA0005 - Defense Evasion
T1562.006 - Impair Defenses: Disable or Modify Tools

TA0110 - Persistence
T1053.005 - Scheduled Task / Job: Scheduled Task

TA0001 - Collection
T1113 - Screen Capture

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Good day everyone! This Thursday's #miniCTF is brought to you by the Lookout professionals Kristina Balaam and Justin Albrecht. In their latest threat intel they provide details of the #WyrmSpy and #DragonEgg Android surveillanceware that is attributed to APT41, a group that is based out of the People's Republic of China. These malware masquerade as legitimate apps on the Google play store to trick their victims to downloading and installing them. Enjoy and Happy Hunting!

Link in the comments

***Let's step this up a notch! I am going to give you just the Tactic, can you fill in the techniques and sub-techniques? Good luck!***

Notable MITRE ATT&CK TTPs:
Mobile Matrix
TA0035 - Collection

TA0027 - Initial Access

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41
https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41

The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
Hint: Check the links in the article!***

Notable MITRE ATT&CK TTPs:
TA0005 - Defense Evasion
T1055.? - Process Injection: [fill in this blank]
T1562 - Impair Defenses: Disable or Modify Tools
T1112 - Modify Registry

TA0009 - Collection
T1005 - Data from Local System

TA0011 - Command and Control
T1102 - Web Service

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/

Happy Monday everyone! Rapid7 is the source of this #miniCTF and they highlight the recent activity of the #APT known as Blackmoon, aka KRBanker. Blackmoon is back with a new campaign that is designed to deploy unwanted programs and persistence, or to stay in the victims' environment as long as possible. Enjoy and #HappyHunting!

Link is in the comments!

***I mention multiple Mitre TTPs but can you find any I left out? And I MAY have messed up some of the numbers on some of them! Let me know what needs corrected!***

Notable MITRE ATT&CK TTPs:
Enterprise Matrix
TA0028 - Persistence
T1547.010 - Boot or Logon Autostart Execution: Port Monitors
T1543.001 - Create or Modify System Process: Windows Service

TA0005 - Defense Evasion
T1055.012 - Process Injection: Process Hollowing
T1562.001 - Impair Defenses: Disable or Modify Tools

TA0007 - Discovery
T1135 - Network Share Discovery

TA0040 - Impact
T1489 - Service Stop

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection

Happy Friday everyone! Travel the world with the Check Point Software Technologies Ltd research team as they report how #CamaroDragon spread uncontrollably. Enjoy and Happy Hunting!

Link in the comments!

***Here is your #miniCTF challenge***
Beginner: What MITRE ATT&CK relates to the way the malware propagates?
Intermediate: There are at least two means of persistence mentioned in this article. What are they and what are their Technique/sub-technique IDs and titles?
Extra Credit: What log sources and event codes from those log sources will capture either the beginner's or intermediate (or both) challenges activity?

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting

Heard you like turtles -- we're finally live with February's challenge #minictf #turtles #wifihacking

Play along and send in your writeups and you might just win a raspberry pi!

https://turtles.supernetworks.org/february

https://github.com/spr-networks/turtles-feb-2023