"campaign were targeted through webinjects and socks. they included but were not limited to : - allianzbank. it - bcc. it - bnl. it - bancacrfirenze. it - bancagenerali. it - bankingforyou. it - carifvg. it - caript. it - cedacri. it - credem. it - csebo. it - icb. mps. it - inban…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1583.001Domains
56%
"##x - coin. com. minex - coin is also registered with namesilo. com, but the whois is privacy protected. the name servers are in russia : samara. ens. mail. ru under a provider ( asn 47764 ) that comes up often in f5 labs ’ threat research. may campaign - botnet “ 2. 6. 8 ” targe…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1583.001Domains
55%
"##niture [. ] top /. again, note the use of https to hide activity from traditional intrusion inspection controls. it ’ s also a. top top - level domain ( tld ) like the us campaign. spamhaus. org says 40 % of. top tlds are used for abusive purposes. 4 the registrant is also in r…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
50%
"campaign were targeted through webinjects and socks. they included but were not limited to : - allianzbank. it - bcc. it - bnl. it - bancacrfirenze. it - bancagenerali. it - bankingforyou. it - carifvg. it - caript. it - cedacri. it - credem. it - csebo. it - icb. mps. it - inban…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
45%
"this campaign is : hxxps : / / adshiepkhach [. ] top /. note the use of https again to hide from traditional intrusion inspection controls. the registrant is in russia. the domain for the email contact is bk. ru, which is owned by the same asn 47764 that continually comes up in o…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
43%
"provider ( microsoft ) targets as the other campaigns. figure 13 : may panda " cosmos3 " campaign targets latam financial services, social media, search, email, and tech providers the latin american targets in this campaign are : - avvillas. com. co - bbvanet. com. co - bancodebo…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
30%
"##niture [. ] top /. again, note the use of https to hide activity from traditional intrusion inspection controls. it ’ s also a. top top - level domain ( tld ) like the us campaign. spamhaus. org says 40 % of. top tlds are used for abusive purposes. 4 the registrant is also in r…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.