X-Industry

Law enforcement agencies in the United States and Europe announced on 30 May Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.  Titled: “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.

Link to full report: IR-24-151-001_OPendgame.p

Activity Summary - Week Ending on 8 April 2022:

• Red Sky Alliance identified 1,898 connections from new IP’s checking in with our Sinkholes
• Go Daddy LLC domain - 61 x
• Analysts identified 1,311 new IP addresses participating in various Botnets
• IcedID Trojan
• DoubleZero Wiper Malware
• ChronoPay
• Inverse Finance
• TX Infrastructure
• CN also attacking UA

Link to full report: IR-22-098-001_weekly098.pdf

IcedID, also known as Bokbot is a banking trojan and information stealer and can be used as an entry point for subsequent attacks, such as manually operated ransomware for high-value targets. It is typically proliferated using another trojan called Emotet, which is often distributed using spam email campaigns. Human-operated ransomware attacks are increasingly common and require the attacker to sit at the keyboard and orchestrate the attack, in contrast to an automated attack.

Microsoft is warni