BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Iranian Cobalt Mirage "leaves" bookmarks GitHub


    Hackers hide malicious code of an unknown program in legitimate services.

    The Iranian government-linked group Cobalt Mirage is using the new Drokb malware to attack various US organizations using GitHub as a Dead Drop stash.

    Dead Drop Resolver is an attack technique in which attackers place content on legitimate web services with malicious domains or IP addresses embedded in an attempt to hide their intentions. The malicious code does not contain the address of the C&C server - instead, the program accesses a post published on a public service and reads from it a string of characters that at first glance seem meaningless. In fact, this is encrypted information that serves to activate the next stage of the attack.

    The Drokbk malware is written in .NET and consists of a dropper and a payload. It is used to install a web shell on a compromised server, after which additional tools are deployed in a lateral move.

    According to Secureworks Counter Threat Unit (CTU) researchers, Drokbk provides hackers with remote access and an additional attack vector, along with Fast Reverse Proxy (FRP) and Ngrok tunneling tools. Moreover, Drokbk is little known and can quietly be in the networks of companies right now.

    CTU advises organizations to implement the following safeguards:

    fix systems with Internet access, since Cobalt Mirage exploits known vulnerabilities in ProxyShell and Log4Shell;
    look for indicators of compromise (IOC) to detect possible intrusion by hackers;
    keep anti-virus software up to date;
    deploy EDR and XDR solutions to provide complete network and cloud monitoring.

    Secureworks analysts have already come across Cobalt Mirage attacks targeting organizations in Israel, the US, Europe, and Australia. Then the experts noted that Cobalt Mirage created 2 completely different sets of attacks to invade systems. The first set of attacks includes ransomware and legitimate tools such as BitLocker and DiskCryptor, and its main purpose is to obtain a ransom. The second set of attacks is used to steal sensitive data.

    Author DeepWeb
    A group associated with Evil Corp has found a new way to infect victims
    CHAOS in the ranks of Linux users

    Comments 0

    Add comment