all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

3CX Customers suffering intrusions

Add to bookmarks
March 29, 2023, 4:24 p.m. | /u/digicat

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

[https://www.3cx.com/community/threads/threat-alerts-from-sentinelone-for-desktop-update-initiated-from-desktop-client.119806/page-2](https://www.3cx.com/community/threads/threat-alerts-from-sentinelone-for-desktop-update-initiated-from-desktop-client.119806/page-2)

Sigma:

[https://github.com/SigmaHQ/sigma/pull/4151/files](https://github.com/SigmaHQ/sigma/pull/4151/files)

Yara:

[https://github.com/Neo23x0/signature-base/blob/master/yara/gen\_mal\_3cx\_compromise\_mar23.yar](https://github.com/Neo23x0/signature-base/blob/master/yara/gen_mal_3cx_compromise_mar23.yar)

source:[https://twitter.com/cyb3rops/status/1641130326830333984?s=20](https://twitter.com/cyb3rops/status/1641130326830333984?s=20)

*Atomic Indicators*

The following domains have been observed beaconing which should be considered an indication of malicious intent.

akamaicontainer[.]com
akamaitechcloudservices[.]com
azuredeploystore[.]com
azureonlinecloud[.]com
azureonlinestorage[.]com
dunamistrd[.]com
glcloudservice[.]com
journalide[.]org
msedgepackageinfo[.]com
msstorageazure[.]com
msstorageboxes[.]com
officeaddons[.]com
officestoragebox[.]com
pbxcloudeservices[.]com
pbxphonenetwork[.]com
pbxsources[.]com
qwepoi123098[.]com
sbmsa[.]wiki
sourceslabs[.]com
visualstudiofactory[.]com
zacharryblogs[.]com

source: [https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329\_situational\_awareness\_crowdstrike/](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/)

3cx blueteamsec customers domains intent malicious org sigma wiki yara

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

How To: Use UFW(Uncomplicated Firewall) and Send the logs to Sentinel and Parse with a … 8 hours ago | www.reddit.com
blueteamsec check connections easy +8
Discover Proton Mail registration date with one weird trick… 1 day, 4 hours ago | www.reddit.com
blueteamsec date discover mail +5
NATO Deputy Secretary General: we must be big on cyber defence ambitions 1 day, 7 hours ago | www.reddit.com
big blueteamsec cyber cyber defence +4
YARA is dead, long live YARA-X 1 day, 7 hours ago | www.reddit.com
blueteamsec dead live yara
BSI is suing Microsoft to release information about security disasters 1 day, 12 hours ago | www.reddit.com
blueteamsec bsi disasters information +3
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets 2 days, 9 hours ago | www.reddit.com
azure blueteamsec employee expose +6
Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID 2 days, 9 hours ago | www.reddit.com
blueteamsec cleaning icedid latrodectus +1
Revealing Spammer Infrastructure With Passive DNS - 226 Toll-Themed Domains Targeting Australia 2 days, 11 hours ago | www.reddit.com
australia blueteamsec dns domains +6
Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule 3 days, 9 hours ago | www.reddit.com
blueteamsec denial of service down filter +4

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Consultant Sécurité SI H/F Gouvernance - Risques - Conformité

@ Hifield | Sèvres, France
View on infosec-jobs.com

Infrastructure Consultant

@ Telefonica Tech | Belfast, United Kingdom
View on infosec-jobs.com