sality (7)

10588724464?profile=RESIZE_400xRecently, researchers have identified a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices. Named by researchers as MaliBot, the malware poses as a cryptocurrency mining application, but may also pretend to be a Chrome browser or another app. On infected devices, the threat focuses on harvesting financial information and stealing banking, finance, cryptocurrency and Personally Identifiable Information PII.

The malware us

10503132260?profile=RESIZE_400xActivity Summary - Week Ending on 20 May 2022:

  • Red Sky Alliance identified 33,648 connections from new IP’s checking in with our Sinkholes
  • InterServer Inc. has Issues
  • Analysts identified 1,553 new IP addresses participating in various Botnets
  • Sality remains our top Malware Variant
  • Apache LogJ4 and LogJ4 2 still an issue / CVE-2021-44228
  • Nerbian RAT
  • Blind Eagle APT
  • SEGs and ICES
  • Wizard Spider in Russia

Link to full report: IR-22-140-001_weekly140.pdf

9727389264?profile=RESIZE_400xActivity Summary - Week Ending 22 October 2021:

  • Red Sky Alliance identified 22,569 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 594 new IP addresses participating in various Botnets
  • Sality remains the top Malware Variant at 20279 times seen
  • FontOnLake Malware
  • Tanglebot
  • Harvester APT
  • LightBasin - China
  • Missouri Teacher’s Pension System
  • Sinclair Broadcast Group
  • “Huawei on Wings”
  • Rising Hackers in Vietnam and Turkey

Link to full report: IR-21-295-001_weekly_295.pdf

9704153466?profile=RESIZE_400xActivity Summary - Week Ending 15 October 2021:

  • Red Sky Alliance identified 37, 307 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 1,873 new IP addresses participating in various botnets
  • Sality remains the top Malware Variant at 33,705 times seen
  • AtomSilo targeting Confluence
  • FamousSparrow and Hotels
  • BloodyStealer
  • Another .edu Hit in the UK
  • Pointing a Finger at China
  • Spanish Melia Hotels hacked
  • Afghan Telcom Roshan

Link to full report: IR-21-288-001_weekly_288.pdf

9553661087?profile=RESIZE_400xActivity Summary - Week Ending 10 September 2021:

  • Red Sky Alliance identified 47,398 connections from new unique IP addresses- Sinkholes
  • Analysts identified 1,034 new IP addresses participating in various Botnets
  • 4 unique email accounts compromised with Keyloggers were used to log into Personal Accounts
  • Sality Malware Variant seen 42252 times this past week
  • Hive Ransomware Alert
  • STRRAT RAT
  • FIN7 again
  • Microsoft and $20 billion in Cyber Security
  • South Korea and TrickBot Arrest
  • To SOAR, or to SIEM

8659482252?profile=RESIZE_400xActivity Summary - Week Ending 12 March 2021:

  • Super Keylogger being used as a Lure – ‘Super.Keylogee’
  • Red Sky Alliance identified 29,347 connections from new unique IP Addresses
  • Analysts identified 1,199 new IP addresses participating in various Botnets
  • Sality still reigns as our #1 Malware Variant
  • IcedID
  • Baby Elephants are Cute, but…….
  • Qualys and Accellion FTA
  • SonicWall hacking
  • FireEye Attack
  • Myanmar, China and Russia curtailing social media, No Surprise

Link to full report: IR-21-071-001_wee

8302951861?profile=RESIZE_400xActivity Summary - Week Ending 18 December 2020:

  • 28 unique email accounts compromised with keyloggers in the RedXray collections
  • Red Sky Alliance identified 41,143 connections from new unique IP addresses
  • Analysts identified 2,439 new IP addresses participating in various Botnets
  • The top Malware Variants we again, Sality and Corkow, followed by Loki
  • Covid-19 lures remain one of the top Suspicious Domains
  • Bandook Trojan is Back
  • UK based ‘end user computing’ (EUC)
  • The Education Sector remains a t