X-Industry

Recently, researchers have identified a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices. Named by researchers as MaliBot, the malware poses as a cryptocurrency mining application, but may also pretend to be a Chrome browser or another app. On infected devices, the threat focuses on harvesting financial information and stealing banking, finance, cryptocurrency and Personally Identifiable Information PII.

The malware us

Activity Summary - Week Ending on 20 May 2022:

• Red Sky Alliance identified 33,648 connections from new IP’s checking in with our Sinkholes
• InterServer Inc. has Issues
• Analysts identified 1,553 new IP addresses participating in various Botnets
• Sality remains our top Malware Variant
• Apache LogJ4 and LogJ4 2 still an issue / CVE-2021-44228
• Nerbian RAT
• Blind Eagle APT
• SEGs and ICES
• Wizard Spider in Russia

Link to full report: IR-22-140-001_weekly140.pdf

Activity Summary - Week Ending 22 October 2021:

• Red Sky Alliance identified 22,569 connections from new IP’s checking in with our Sinkholes
• Analysts identified 594 new IP addresses participating in various Botnets
• Sality remains the top Malware Variant at 20279 times seen
• FontOnLake Malware
• Tanglebot
• Harvester APT
• LightBasin - China
• Missouri Teacher’s Pension System
• Sinclair Broadcast Group
• “Huawei on Wings”
• Rising Hackers in Vietnam and Turkey

Link to full report: IR-21-295-001_weekly_295.pdf

Activity Summary - Week Ending 15 October 2021:

• Red Sky Alliance identified 37, 307 connections from new IP’s checking in with our Sinkholes
• Analysts identified 1,873 new IP addresses participating in various botnets
• Sality remains the top Malware Variant at 33,705 times seen
• AtomSilo targeting Confluence
• FamousSparrow and Hotels
• BloodyStealer
• Another .edu Hit in the UK
• Pointing a Finger at China
• Spanish Melia Hotels hacked
• Afghan Telcom Roshan

Link to full report: IR-21-288-001_weekly_288.pdf

Activity Summary - Week Ending 10 September 2021:

• Red Sky Alliance identified 47,398 connections from new unique IP addresses- Sinkholes
• Analysts identified 1,034 new IP addresses participating in various Botnets
• 4 unique email accounts compromised with Keyloggers were used to log into Personal Accounts
• Sality Malware Variant seen 42252 times this past week
• Hive Ransomware Alert
• STRRAT RAT
• FIN7 again
• Microsoft and $20 billion in Cyber Security
• South Korea and TrickBot Arrest
• To SOAR, or to SIEM

Activity Summary - Week Ending 12 March 2021:

• Super Keylogger being used as a Lure – ‘Super.Keylogee’
• Red Sky Alliance identified 29,347 connections from new unique IP Addresses
• Analysts identified 1,199 new IP addresses participating in various Botnets
• Sality still reigns as our #1 Malware Variant
• IcedID
• Baby Elephants are Cute, but…….
• Qualys and Accellion FTA
• SonicWall hacking
• FireEye Attack
• Myanmar, China and Russia curtailing social media, No Surprise

Link to full report: IR-21-071-001_wee

Activity Summary - Week Ending 18 December 2020:

• 28 unique email accounts compromised with keyloggers in the RedXray collections
• Red Sky Alliance identified 41,143 connections from new unique IP addresses
• Analysts identified 2,439 new IP addresses participating in various Botnets
• The top Malware Variants we again, Sality and Corkow, followed by Loki
• Covid-19 lures remain one of the top Suspicious Domains
• Bandook Trojan is Back
• UK based ‘end user computing’ (EUC)
• The Education Sector remains a t