New Cyberattack wave is launched using official web site of the accounting software developer «Crystal Finance Millennium»

Published: 22.08.2017 17:17 | Category: | Source: http://issp.ua

New Cyberattack wave is launched using official web site of the accounting software developer «Crystal Finance Millennium»

ISSP informs on new wave of cyber attack in Ukraine on August 22, 2017

During ISSP Labs daily threat activity monitoring a new virus distribution campaign with a unique malware sample was discovered.

According to the public information, cfm.com.ua domain belongs to the «Crystal Finance Millennium» software developer.

Probably, attackers used web site vulnerabilities for placing malicious files.

This could be an indicator of the massive cyber attack preparation before the National Holidays in Ukraine.

Follow the link to read the full report.

Recommendation: temporarily block the ip address and the link specified in the report in the IOC section of http: [cfm.com [.] Ua / awstats / load.exe194.28.172 [.] 73 on the firewalls. 

UPD: behavior analysis of the “load.exe” sample follow the link. 

 

 

 


 

15.11.2017 9:00 | News

26.10.2017 16:57 |

25.10.2017 16:56 |

Locky1024 attack analysis

17.10.2017 18:19 | News

13.10.2017 0:00 | News

NEXT STEPS

Send a request

NEWSLETTER SUBSCRIBTION

Enter a valid email address
that can be used to receive newsletters