It also modifies the registry so that it will launch when the system is booted. Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files.
The most prevalent threats highlighted in this roundup are:Įmotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products. As always, please remember that all IOCs contained in this document are indicators, and one single IOC does not indicate maliciousness. An accompanying JSON file can be found here that includes the complete list of file hashes, as well as all other IOCs from this post. For the most current information, please refer to your Firepower Management Center,, or .įor each threat described below, this blog post only lists 25 of the associated file hashes. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. Spotting a single IOC does not necessarily indicate maliciousness. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.Īs a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. As with previous roundups, this post isn't meant to be an in-depth analysis.
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan.
0 kommentar(er)
