Today activity has been moderate but lower than yesterday.
Activity Observations
Noted a malicious JQuery file on http://cdn.bootcss[.]com/jquery-3.3.1.min.js - That's gonna be a problem and why supply chain attacks work extremely effectively against developers that link to third party repositories
Noted Cobalt Strike on 8[.]210[.]38[.]183
Noted some unknown APT related activity at nameshow[.]site which is currently resolving to 144[.]34[.]182[.]145
Noted an unknown piece of Windows based malware on 173[.]234[.]25[.]78 hosted on dedicated.com servers
Noted Liberomail mail client for Android that is malicious being downloaded from CDN servers
Noticed Iranian based APT activity utilizing shokocafe[.]com domain and 13 others
Noted malware on world888[.]cn as well as 17 other China based domains
Mass scans from 170[.]83[.]0[.]89 looking for Dasan GPON routers, note that this same activity was detected on 13 February 2021
Malicious Signal messenger downloads were noted and added to Jigsaw Threat intelligence for detection. This is the third variant we have spotted in the last month.
There were a total of 184 total incidents added to threat intelligence today of which 20 were serious
This report may be updated in the next couple of hours with additional information as analyst are currently reviewing new detection's and activity of interest.
In addition we added the following documents for reference
Added 3 docucuments to our library from CISA including Mozille Security Update, VMware Releases Multiple Security Updates and Joint Cybersecurity Advisory on Accellion File Transfer Appliance
Other Notes
Nothing additional today
Last Updated: 3:39 PM EST