What were seeing today 24 Feb 2021

Updated: Feb 26


Today activity has been moderate but lower than yesterday.



Activity Observations

  • Noted a malicious JQuery file on http://cdn.bootcss[.]com/jquery-3.3.1.min.js - That's gonna be a problem and why supply chain attacks work extremely effectively against developers that link to third party repositories

  • Noted Cobalt Strike on 8[.]210[.]38[.]183

  • Noted some unknown APT related activity at nameshow[.]site which is currently resolving to 144[.]34[.]182[.]145

  • Noted an unknown piece of Windows based malware on 173[.]234[.]25[.]78 hosted on dedicated.com servers

  • Noted Liberomail mail client for Android that is malicious being downloaded from CDN servers

  • Noticed Iranian based APT activity utilizing shokocafe[.]com domain and 13 others

  • Noted malware on world888[.]cn as well as 17 other China based domains

  • Mass scans from 170[.]83[.]0[.]89 looking for Dasan GPON routers, note that this same activity was detected on 13 February 2021

  • Malicious Signal messenger downloads were noted and added to Jigsaw Threat intelligence for detection. This is the third variant we have spotted in the last month.

  • There were a total of 184 total incidents added to threat intelligence today of which 20 were serious


This report may be updated in the next couple of hours with additional information as analyst are currently reviewing new detection's and activity of interest.


In addition we added the following documents for reference

Added 3 docucuments to our library from CISA including Mozille Security Update, VMware Releases Multiple Security Updates and Joint Cybersecurity Advisory on Accellion File Transfer Appliance



Other Notes

Nothing additional today


Last Updated: 3:39 PM EST




1 view0 comments