all InfoSec news
3CX Customers suffering intrusions
March 29, 2023, 4:24 p.m. | /u/digicat
For [Blue|Purple] Teams in Cyber Defence www.reddit.com
Sigma:
[https://github.com/SigmaHQ/sigma/pull/4151/files](https://github.com/SigmaHQ/sigma/pull/4151/files)
Yara:
[https://github.com/Neo23x0/signature-base/blob/master/yara/gen\_mal\_3cx\_compromise\_mar23.yar](https://github.com/Neo23x0/signature-base/blob/master/yara/gen_mal_3cx_compromise_mar23.yar)
source:[https://twitter.com/cyb3rops/status/1641130326830333984?s=20](https://twitter.com/cyb3rops/status/1641130326830333984?s=20)
*Atomic Indicators*
The following domains have been observed beaconing which should be considered an indication of malicious intent.
akamaicontainer[.]com
akamaitechcloudservices[.]com
azuredeploystore[.]com
azureonlinecloud[.]com
azureonlinestorage[.]com
dunamistrd[.]com
glcloudservice[.]com
journalide[.]org
msedgepackageinfo[.]com
msstorageazure[.]com
msstorageboxes[.]com
officeaddons[.]com
officestoragebox[.]com
pbxcloudeservices[.]com
pbxphonenetwork[.]com
pbxsources[.]com
qwepoi123098[.]com
sbmsa[.]wiki
sourceslabs[.]com
visualstudiofactory[.]com
zacharryblogs[.]com
source: [https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329\_situational\_awareness\_crowdstrike/](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/)
3cx blueteamsec customers domains intent malicious org sigma wiki yara
More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368
@ Allen Integrated Solutions | Chantilly, Virginia, United States
Consultant Sécurité SI H/F Gouvernance - Risques - Conformité
@ Hifield | Sèvres, France
Infrastructure Consultant
@ Telefonica Tech | Belfast, United Kingdom