FOCUS MODE
EXTRACT IOC
Threat Research

RST TI Report Digest: 31 Mar 2025

iocOne
RST TI Report Digest: 31 Mar 2025
This week’s threat intelligence report reveals an analysis of multiple cyber threat reports. Key highlights include espionage tactics from APT groups, sophisticated malware deployments, and various Indicators of Compromise (IoCs) detected across platforms. The ongoing evolution of cyber threats emphasizes adaptive techniques utilized by attackers to infiltrate critical sectors. Affected: government, NGOs, telecommunications, finance, industrial enterprises, YouTube creators, educational institutions

Keypoints :

  • Multiple APT groups analyzed, including FishMonger and UAC-0050.
  • Advanced malware deployment techniques observed, including the use of Watering Hole attacks.
  • Espionage campaigns target various sectors, particularly government and NGOs.
  • Employment of social engineering tactics to deceive victims into executing malware.
  • Heightened usage of legitimate services for command-and-control operations.
  • Malware such as Lumma Stealer and PUMA rootkit being highlighted for their capabilities.
  • Strategic evolution of tactics by threat actors, indicating growing sophistication.
  • Numerous IoCs identified across several threats linking back to multiple campaigns.

MITRE Techniques :

  • Credential Dumping (T1003) – Utilizing tools like Credential Manager to extract sensitive credentials.
  • Process Injection (T1055) – Implementing methods to inject code into existing processes to evade detection.
  • Exploitation of Vulnerability (T1203) – Using compromised high-privilege accounts to facilitate malware delivery.
  • Command and Control over HTTP (T1071) – Establishing communication with command and control servers using standard web protocols to obfuscate the traffic.
  • Service Execution (T1035) – Persistence strategies through scheduled tasks to maintain long-term access.

Indicator of Compromise :

  • [IP Address] 213[.]59[.]118[.]124
  • [Domain] junlper[.]com
  • [URL] http://45[.]76[.]165[.]227/wECqKe529r[.]png
  • [SHA-256] e51c6f0fbc5a7e0b03a0d6e1e1d26ab566d606b551c785bf882e9a02f04c862b
  • [Email] attacker@example[.]com

Full Story: https://medium.com/@rst_cloud/rst-ti-report-digest-31-mar-2025-40d7b53f87b1?source=rss——cybersecurity-5

Tags: PERSISTENCE, BROWSER, ANDROID, VULNERABILITY, ZERO-DAY, COLLECTION, SOCIAL ENGINEERING, RECONNAISSANCE