FOCUS MODE
EXTRACT IOC
0Trash

The Feed 2025, 01, 14

iocOne
The Feed 2025, 01, 14
A summary of recent cybersecurity threats including ransomware targeting AWS S3 buckets, a macOS vulnerability allowing SIP bypass, a cyber espionage campaign linked to Russia, and exploitation of a critical RCE vulnerability in Aviatrix Controller. Affected: AWS, macOS, Aviatrix, Microsoft Office

Keypoints :

  • Codefinger ransomware targets Amazon S3 buckets using SSE-C.
  • CVE-2024–44243 allows SIP bypass in macOS through third-party kernel extensions.
  • Double-Tap campaign involves cyber espionage by Russia-nexus APT targeting Central Asian diplomatic relations.
  • Exploitation of CVE-2024–50603 in Aviatrix Controller leads to cryptojacking and backdoor deployment.
  • Combining agent-based and agentless cloud security approaches enhances overall security posture.

MITRE Techniques :

  • T1071.001 – Application Layer Protocol: Using AWS API calls to access S3 buckets.
  • T1486 – Data Encrypted for Impact: Encrypting files in S3 buckets with AES-256.
  • T1203 – Exploitation for Client Execution: Exploiting macOS vulnerability to load malicious kernel extensions.
  • T1070.001 – Indicator Removal on Host: Modifying registry keys to evade detection in Double-Tap campaign.
  • T1202 – Command and Control: Utilizing Sliver backdoors for remote access in Aviatrix exploitation.

Indicator of Compromise :

  • [IP Address] 38.180.207[.]137
  • [IP Address] 107.172.43[.]186
  • [Domain] background-services[.]net
  • [File Hash] 06e4084e2d043f216c0bc7931781ce3e1cea4eca1b6092c0e34b01a89e2a6dea3b87dc25a11b6268019d5eae49a6b93271dfdc262f2607cfefa35d196f72499747092548660d5200ea368aacbfe03435c88b6674b0975bb87a124736052bd7c36edf3d03bd38c800d5d1e297d59c2496968202358f4be47e1f07e57a52485e0cc61e9326421d05d62cafd6c04041ab1a8f57c0a21d424b9ca04b6a1fc275af19e3a0be8852d77771dc3f44f3e9a051e7fe56547b569aad5a178ae44ef31713b9e440bad60823642e8976528bd450364ce2542d15a69778ff20996eb107158b8defc99e6f3cdd10313c52a8ad099424e3f39ab85b75375b8db82717d61c7f0118fd78051817b5e2375c92d14588f9a4ba1adc92cc1564e55e6150ae350ed6c889
  • Check the article for all found IoCs.

Full Research: https://medium.com/@lovable_chestnut_chinchilla_54/the-feed-2025-01-14-34e057cf1cbc?source=rss——cybersecurity-5

Views: 2

Tags: SOCIAL ENGINEERING, CLOUD, DNS, PRIVILEGE, BACKDOOR, MACOS, EXPLOIT, PAYLOAD