Malware Campaign Utilizes Microsoft Executable MSBuild

International Institute for Strategic Studies

Overview of TIR-20210516 This report is about a malware campaign using a well-known Microsoft executable called MSBuild to propagate in a file-less manner. The type of malicious software being used are remote access tools (RATs) and information stealers. This kind of attack uses a living of the land binary (LOLBin) strategy while operating completely in […]

FiveHands Ransomware Overview

International Institute for Strategic Studies

Overview of the FiveHands Ransomware Variant This report is an overview of the FiveHands Ransomware variant that successfully attacked an organization (CISA release date May 6, 2021). CISA reports that the variant used publicly-available pen test and exploitation tools—plus FiveHands ransomware and SombRAT remote access trojan (RAT)—to steal information, obfuscate files, accomplish network discovery, accomplish […]

Overview of the BadAlloc Vulnerabilities

International Institute for Strategic Studies

Overview of TIR-20210502 This report is an overview of a series of vulnerabilities discovered by Microsoft’s Section 52 research team, which they have labeled “BadAlloc”. More than 25 critical memory allocation vulnerabilities affecting various consumer, industrial and medical IoT and OT devices have been identified. Successful exploitation of these vulnerabilities may give a malicious actor […]

Dell BIOS Driver Privilege Escalation Flaws

Summary of Dell Computer BIOS Driver Privilege Escalation Flaws May 4, 2021 Our Technology Partner SentinelOne announced today that hundreds of millions of Dell Computers (desktops, laptops, notebooks, and tablets), could be vulnerable to a BIOS Driver Privilege Escalation Flaw.  SentinelLabs discovered five high severity flaws in Dell’s firmware update driver impacting Dell desktops, laptops, notebooks and tablets.  Attackers may exploit these vulnerabilities to […]

Exploitation Campaign by Two Threat Actor Groups Affects Pulse Secure

International Institute for Strategic Studies

CVE-2021-22893 Overview This report is about the exploitation campaign affecting the Pulse Secure vpn appliance by two different threat actor groups. Successful exploitation of the vulnerability CVE-2021-22893 and some older software bugs provides the bad actor with the ability to gain legitimate privileged access to the network remotely. The two groups involved in this campaign […]

Clop Ransomware (TIR-20210419)

International Institute for Strategic Studies

Overview of Clop Ransomware This report is an overview of the Clop ransomware. Discovered in February of 2019, a recent increase in Clop attacks have been noticed by cyber security researchers. Notably, in March of 2021 the actor behind Clop attacked the well-known security firm Qualys, with the intention of leaking customer data. Palo Alto’s […]

Phishing Campaign Targets the Medical Research Community

International Institute for Strategic Studies

Overview of TIR-20210411 This report is about a well-known threat targeting the medical research community in both the United States and Israel. The threat actor is based out of Iran with ties to the Iranian military. The campaign involves phishing notable targets with the promise of viewing an exclusive report. Tactics, Techniques, and Procedures The […]

Two Vulnerabilities Affect FireEye EX 3500

International Institute for Strategic Studies

Overview of CVE-2021-28970 and CVE-2021-28969 This report is about two vulnerabilities affecting FireEye EX 3500. Successful exploitation of this vulnerability may allow the attacker to view, add, modify, or delete information in the back-end database. If your company uses this FireEye EX 3500 e-mail security appliance product, it is highly recommended that vendor supplied patches […]

Overview of the Crypter-as-a-Service, HCrypt

International Institute for Strategic Studies

TIR-20210329 Overview This report is an overview of the crypter-as-a-service, HCrypt. Similar to ransomware-as-a-service, HCrypt is sold to less technical malicious actors. The end goal of this malware is installation of a user-defined RAT (remote access trojan) on the victim machine. Creation and scale of the malware have been attributed to malware author NYANxCAT, who […]