New Cyberattack wave is launched using official web site of the accounting software developer «Crystal Finance Millennium»

Published: 22.08.2017 17:17 | Category: | Source: http://issp.ua

New Cyberattack wave is launched using official web site of the accounting software developer «Crystal Finance Millennium»

ISSP informs on new wave of cyber attack in Ukraine on August 22, 2017

During ISSP Labs daily threat activity monitoring a new virus distribution campaign with a unique malware sample was discovered.

According to the public information, cfm.com.ua domain belongs to the «Crystal Finance Millennium» software developer.

Probably, attackers used web site vulnerabilities for placing malicious files.

This could be an indicator of the massive cyber attack preparation before the National Holidays in Ukraine.

Follow the link to read the full report.

Recommendation: temporarily block the ip address and the link specified in the report in the IOC section of http: [cfm.com [.] Ua / awstats / load.exe194.28.172 [.] 73 on the firewalls. 

UPD: behavior analysis of the “load.exe” sample follow the link. 

 

 

 


 

20.06.2018 11:11 | News

23.02.2018 14:00 | News

11.12.2017 0:00 | News

15.11.2017 9:00 | News

26.10.2017 16:57 |

NEXT STEPS

Send a request

NEWSLETTER SUBSCRIBTION

Enter a valid email address
that can be used to receive newsletters