MSS News: Today's activity report


Today's News

NETCORE and Remote Script Execution: We are seeing lots of NETCORE router scanning as well as remote command execution attempts. See the list of sources below.

Sources:

206.189.1[.]234

209.97.158[.]125

159.65.81[.]70

209.97.135[.]30

206.189.226[.]218

178.128.152[.]12

178.128.152[.]50

We have previously reported on this type of activity in other daily reports. We continue to see these attacks and understand that it is part of a larger campaign. In addition we are seeing RIG EK dropping miners and other cryptocurrency activity. As previously report, this campaign has moved from Ransomware to bitcoin and other mining activity.

Docusign Phishing Campaigns Continue: We have been getting reports of Office 365 and Docusign Phishing activity. These campaigns are very convincing and are ongoing. We have observed over 64000 individual attempts to phish users on our networks.

Other Activity: The campaigns we are seeing active at this time include BankBot, Hide N Seek, various cryptocurrency mining malware attacks, RIG EK, APT28 and daily scanning activity from various location to include Russia and Chinese host.

Today's Events

Router Exploit Activity Report: As reported above, see event 28891.

DBGer's Ransomware: See event 28892 for details on this activity.

ROKRAT Activity: We have updated event 28884 which is related to Lazarus Group.

Operation Red Gambler (Not Active): This activity was observed but none of the domains associated and known to Jigsaw Security are active at this time.

Android Malware Targeting Israeli Soldiers: A historical look and new indicators have been added to event 28886. None of the new indicators are known to our competitors and are being presented at TLP:RED levels to protect our sources.

#MSS

5 views

Contact: (800)447-2150 Ext. 1        To contact Jigsaw simply send a message in our chat window!

  • Facebook - Black Circle
  • Twitter - Black Circle

© 2017-2018 Jigsaw Security Enterprise Inc.

Jigsaw Security Enterprise Inc is a SDVOSB - Service Connected Disabled Veteran Owned Small Business Jigsaw Security is an operator of WIMAX networks and is operating under license WQVC235 as a common carrier, non-common carrier and private communications operator. Jigsaw Security operates cable and satellite services. Courses may be provided by a third party authorized training partner in some cases. Some training is only available for cleared and US Citizens. Courses approved by the North Carolina Department of Public Safety Private Protective Services Board for licensing and CE credits. JPM program insurance is provided by an authorized Jigsaw Security Insurance Partner and is not underwritten by Jigsaw Security. For insurance information please contact our JPM program manager. Jigsaw Security operates a network through our NCBroadband brand.