Weekly: Gootkit & REvil, Spam Haus Findings, and More!

December 4, 2020 Digital Shadows

ShadowTalk hosts Kacey, Charles, Alec, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover:  

  • REvil ransomware breathes new life into Gootkit malware
  • C-level email credentials listed for sale on a cybercriminal marketplace
  • Does REvil have ties to Maze and Egregor? A conversation about source evaluation and attribution.
  • Spam Haus reports that thousands of IPV4 addresses are suddenly coming alive - is more BGP abuse on the horizon?

Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-4-december

***Resources from this week’s podcast***

Gootkit: https://www.bleepingcomputer.com/news/security/gootkit-malware-returns-to-life-alongside-revil-ransomware/

Threat actor sells accounts: https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/

REvil: https://twitter.com/campuscodi/status/1333462999105998848

Spam Haus: https://www.reddit.com/r/blueteamsec/comments/k42sk7/suspicious_network_resurrections_spamhouse/?utm_source=share&utm_medium=web2x&context=3 2021

Predictions blog: https://www.digitalshadows.com/blog-and-research/2021-forecasts/ 2021

Predictions webinar: https://info.digitalshadows.com/2020Dec09-Live-Webinar-Predictions.html

Egregor blog: https://www.digitalshadows.com/blog-and-research/egregor-the-new-ransomware-variant-to-watch/

Previous Report
Weekly Intelligence Summary 11 December
Weekly Intelligence Summary 11 December

A global spearphishing campaign targeted organizations associated with a COVID-19 vaccine cold chain.

Next Report
Weekly Intelligence Summary 4 December
Weekly Intelligence Summary 4 December

A threat actor recently hijacked a vulnerable WordPress website set up by a security researcher.