We are seeing an uptick in spam from sanityancle[.]com. In addition we are seeing the usual ad tracking and malicious activity. In addition we have noted Smoke Loader activity targeting Russian assets. The C2 associated with this campaign looks similar to previously reported OSX.Dummy activity and is using the same C2 server.
OSX Dummy and Smoke Loader Activity - Not available to subscribers
Activity around recent defacements - A list of highly suspicious defacements has occurred and has been reported in the platform. Event: 28853
Domain Threat Update Feed - A new event with 458 newly discovered domains has been added to Jigsaw Security Threat Intelligence. Event: 28850
Emotet Malware Activity - You can review details of this incident in the platform. Event: 28847
Additional Analyst Notes:
As suspected we observed an higher than normal amount of activity surrounding the healthcare and military/contracting sectors. Specifically phishing activity of which is available for subscribers to review.