RST Cloud

09/07/2024

Today, RST Cloud in collaboration with explored the crucial role of in the process and highlighted key to make it efficient and stress-free:
🎥 https://buff.ly/3zBI7Cf

01/07/2024

What's on the radar this week:

🐲 ChamelGang & Friends:
Summary: ChamelGang, a suspected group, is using to target critical infrastructure globally, including AIIMS in and the Presidency of . This aligns with intrusions linked to Chinese and North Korean APT groups.
Threats: CatB ransomware, BestCrypt, Cobalt Strike.

🦂 HFS (HTTP File Server) Vulnerability (CVE-2024-23692):
Summary: Critical RCE vulnerability in HFS web server exploited by attackers to install malware such as XMRig, XenoRAT, and PlugX.
Threats: XMRig miner, Gh0st RAT, PlugX RAT.

🐛 Supposed Grasshopper Campaign:
Summary: Malicious actors impersonate Israeli government and private companies to deploy open-source malware, targeting Israeli entities with sophisticated tactics.
Threats: Sliver C2 tool, Cobalt Strike.

🕸 Xctdoor Malware (Andariel) Attacks:
Summary: AhnLab uncovered attacks exploiting ERP solutions to deploy Xctdoor and Rifdoor backdoors linked to Andariel and Lazarus groups.
Threats: Xctdoor, Rifdoor, Lazarus group.

🦑 RedJuliett Cyber-Espionage in Taiwan:
Summary: RedJuliett, a Chinese state-sponsored group, targeted Taiwanese sectors using vulnerabilities in network edge devices, expanding beyond Taiwan.
Threats: RedJuliett group, Acunetix tool.

🐜 8220 Mining Gang’s k4spreader Tool:
Summary: The 8220 gang's new tool, k4spreader, installs Tsunami DDoS botnet and PwnRig mining malware, showcasing evolved tactics.
Threats: k4spreader, Tsunami botnet, 8220 gang.

🐀 XenoRAT Targeting Gamers:
Summary: XenoRAT spreads via .gg domains and GitHub, targeting the gaming community with advanced surveillance and proxy features.
Threats: XenoRAT, Quasar RAT.

🕷 SpyMax Targeting Telegram Users:
Summary: SpyMax is an Android RAT that targets Telegram users to steal personal data without requiring root access.
Threats: SpyMax RAT.

These summaries provide a snapshot of the threats, tools, and threat actors involved from 10 out of 36 threat reports analysed by RST Cloud this week. For comprehensive details, additional reports, and indicators of compromise (IoCs), refer to the RST Report Hub.

Some available here:

We analysed 36 threat intelligence reports this week. As usual sharing summaries, IOCs, and threat details for 10 of them.

26/06/2024

Understanding your true is crucial when analysing , as it varies for different company profiles. The cyber threat landscape evolves daily with new , tactics, techniques from threat actors ( ), and emerging . Automating the threat profiling process is essential to keep up with these changes.

By leveraging advanced tools like OpenCTI and integrating data from RST Cloud, organisations can gain deeper insights into potential threats and enhance their defensive strategies.

Discover how you can elevate your threat profiling using OpenCTI and RST Cloud data in our latest article:

https://buff.ly/3xBaPlZ

By leveraging advanced tools like OpenCTI and integrating data from RST Cloud, organisations can gain deeper insights into potential threats.

19/06/2024

🚀 Exciting news! We've integrated GPT-4 Vision into our RST Report Hub engine!
✅ This means full parsing of PDF reports, even when crucial information is buried within images of documents.

Now, we parse PDF reports more effectively:
✔️ Extracting all threat objects from text
✔️ Generating relationship graphs for PDF reports

07/06/2024

The current Pakistan threat landscape according to RST Cloud analysis and data. Feel free to share!

05/06/2024

📢 Exciting Partnership Announcement!
We are thrilled to announce our new partnership with Gadget Access, an Australian cybersecurity consultancy renowned for its expertise in developing Cyber Uplift Programs for Enterprise and Government clients.

🇦🇺 This partnership aligns with the #2023–2030, aiming to enhance cyber hashtag across the nation. By combining Gadget Access’s cutting-edge hashtag technologies used in hashtag and hashtag environments with RST Cloud’s high-quality hashtag feeds and innovative reporting tools, this alliance will provide comprehensive, AI-enhanced hashtag solutions designed to protect digital capabilities, critical infrastructure, and vital government systems.

🤝 Together, we are committed to delivering unparalleled security services, equipped with global cyber threat intelligence (hashtag ) and bespoke products tailored for hashtag and hashtag teams. hashtag enterprises will benefit from advanced, predictive, and real-time hashtag and scalable threat mitigation strategies, essential for safeguarding against the ever-evolving landscape of cyber threats:
https://buff.ly/3V2soTK

27/05/2024

🚨 50 OSINT reports were issued this week! 🚨 Check out our digest for details on 10 of the reports, aggregated from various TI sources, with extracted indicators, relevant threat names, and concise summaries:
📄🔍 https://buff.ly/3WXOFEN

We have analysed 50 OSINT reports issued this week and have presented summaries along with extracted relevant threats and indicators

21/05/2024

💌💩 with spear-phishing tactics,
👾 banking ,
💣 tunneling in communications,
What’s more on the security radar this week? Read in our digest:

This is a weekly threat intelligence report review from RST Cloud. We have analysed 34 threat intelligence reports this week, and have prepared a concise summary of the findings along with the…

08/05/2024

Thrilled to see our product featured in Top 10 free IOC search and enrichment platforms list! 🚀 We admire SOCRadar’s work, and together, we’re committed to making the digital world a safer place.
Check out the article here: https://buff.ly/3wtbcP0

This article will look at the top free IoC search and enrichment platforms that stand out due to their large and active communities...

08/05/2024

🚀 Check out the latest updates to our RST Threat Feed App for Splunk! The app features improved logic, updated indicator management, and has full compatibility with Splunk Enterprise and Splunk Cloud (supporting Platform Versions 9.2, 9.1, 9.0, 8.2, 8.1, and 8.0, as well as CIM Version 5.X).
✅ Download the new version now from the Splunk marketplace (/app/6616)!

06/05/2024

Check out our latest compilation of Threat Intelligence news! Stay informed and receive your free Indicators of Compromise (IoCs) for Serwent Loader, The Cuttlefish Malware, ViperSoftX, Wpeeper, and others.

This is a weekly threat intelligence report review from RST Cloud. We have analysed 31 threat intelligence reports this week.