all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

HTML Smuggling Leads to Domain Wide Ransomware

Add to bookmarks
Aug. 28, 2023, 3:17 p.m. | /u/TheDFIRReport

Malware Analysis & Reports www.reddit.com

In this case a threat actor delivered a password protected ZIP file via HTML smuggling. Within the password protected ZIP file, there was an ISO file that deployed IcedID which led to the use of Cobalt Strike. Nokoyawa ransomware was deployed domain wide within 12 hours of initial access.

Report: [https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/](https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/)

access actor case cobalt cobalt strike domain file html html smuggling icedid initial access iso led malware nokoyawa nokoyawa ransomware password ransomware smuggling strike threat threat actor zip

Visit resource

More from www.reddit.com / Malware Analysis & Reports

Phising opensea 5 days, 8 hours ago | www.reddit.com
mail malware opensea phishing +1
Understanding How CVEProject/cvelistV5 Works 1 week ago | www.reddit.com
api cve cves etc +18
[Video] Triaging Files on VirusTotal 1 week, 5 days ago | www.reddit.com
files malware video virustotal
Need recommendations for Premium Tools 1 week, 5 days ago | www.reddit.com
analysis atm budget can +12
Are hidden incoming SMS common for C&C? 2 weeks ago | www.reddit.com
account android android malware carrier +12
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters 2 weeks ago | www.reddit.com
attackers clusters critical exploiting +5
A Powerful tracing engine based on Qemu 2 weeks, 5 days ago | www.reddit.com
binary called can case +20
[Fixed] Coding The Rat King: A Multi-Family Malware Configuration Parser 2 weeks, 6 days ago | www.reddit.com
code coding configuration family +5
Dynamic Malware Analysis of Konni RAT Malware APT37 With Any.Run 3 weeks, 5 days ago | www.reddit.com
advanced amp analysis any.run +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Principal Business Value Consultant

@ Palo Alto Networks | Chicago, IL, United States
View on infosec-jobs.com

Cybersecurity Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX
View on infosec-jobs.com

Penetration Testing Engineer- Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Internal Audit- Compliance & Legal Audit-Dallas-Associate

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com

Threat Responder

@ Deepwatch | Remote
View on infosec-jobs.com
View more jobs