Adver

sar
yCent
ricI
ntel
li
gence
Summary
 ADVERSARY CENTRIC INTELLIGENCE / DASHBOARD

FROM TO

RISK EXPOSURE

CREDENTIAL EXPOSURE
00 228.85M STEALER INFECTION
00 00
CREDENTIAL EXPOSED CREDENTIALS INDEXED COMPROMISED SYSTEMS STEALERS FOUND

ASSOCIATED THREATS HIGH RELEVANCE REPORTS

SECT OR SPECIFIC T HREAT S  Feb 22, 2023 | Flash Report

Darknet | BidenCash Marketplace, XSS Forum
Financial Services
103 Reports
[Historical] Card details of the customers of 'Banco de
los T rabajadores' identified in the data shared by th…

GEOGRAPHY VERT ICAL T HREAT S

North America  Feb 22, 2023 | Flash Report
181 Reports HUMINT | DDoSecrets
[Historical] Email conversations pertaining to 'BANT RAB'
identified in the data shared by the hacktivist group…

GLOBAL EVENT EXPOSURE

OSINT  Feb 02, 2023

[Fort iGuard Threat Research] [Advisory] # OpSweden:

Hact ivist s spur t he cyberspace against Swedish
Organizat ions in response t o t he recent incident of burning…

Recently, a Danish-Swedish far-right extremist triggered by anti-

Muslim hatred burnt a copy of the Holy Quran in front of the T urkis…
Threat Report  Medium

Educat io n Financial Services Go vernment Ho spit alit y

No n Pro f it Organizat io n Teleco m

CARD FRAUD
08 00 08
CARDS FOR SALE CREDIT CARDS DEBIT CARDS

8 | 46203 0

TOP CARD BIN's

 Debit Card

intel@volon.io
 GLOBAL THREATS 939 T HREAT INT ELLIGENCE REPORT S

RELEVANCE DARKNET TECHINT OSINT HUMINT

High 02 | Medium 320 | Low 617
389 254 241 55

MOTIVATION & TAGS

LATEST INTELLIGENCE

Brut e f o rce at t ack

HUMINT  Feb 22, 2023
Server Compromise Web Application Vulnerability

# OpIran

Disinf o Operat io n
# OpSweden

Brand Abuse
[Hist orical] Email conversat ions pert aining t o 'BANTRAB' ident if ied in t he dat a…
Data Breach
Insider Threat Supply chain attack
Vulnerability & Exploitation
Adware

New TTP While searching for threats towards 'BANT RAB', FortiGuard T hreat Research also…
Website Compromise
Cyber Crime
Database
Information Stealer Flash Report  High
Malware
DDOS

Card Sho p
Ransomware

Phishing

Multiple
Account(s) Compromised
Anticipated

Mobile malware
Trends Go vernment

Adviso ry
Multiple T argets
Product(s) Targeted
In-the-wild

Credential Stealer
Network Compromise

Russia-Ukraine conf lict

Guidance Exploited
Early Warning

New malware Ho neyPo t

Cyber Espionage

Hacktivist

Evade Security Control

Botnet ACTIVELY EXPLOITED CVEs
Selling Service
Cryptominer
FortiGuard Research Clo ud Abuse

Account Takeover (ATO) 172 | Current

NEWLY EXPLOITED CVEs
Mis-conf iguration Scam 3 95 | Previous
zero-day  CVE-2020-27986
Variant Seeking Help
Fortinet Research  CVE-2012-1710
Execut ive Perspect ive
 CVE-2012-1723
 CVE-2017-6884
 CVE-2018-5391

TOP ACTORS
424 629
TRACKED ACTORS REPORTS

Int elBroker Proxy Bar Leakbase locat ive

MOTIVATION MOTIVATION MOTIVATION MOTIVATION

Cyber Crime Cyber Crime Cyber Crime Cyber Crime

THREATS THREATS THREATS THREATS

Acco unt Takeo ver (ATO), Dat a Breach, Mult iple Ant icipat ed, Early Warning, Vulnerabilit y & Acco unt Takeo ver (ATO), Dat a Breach, Dat abase, Acco unt (s) Co mpro mised, Credent ial St ealer,
Target s, Ranso mware, Acco unt (s) Co mpro mised, Explo it at io n, Web Applicat io n Vulnerabilit y Perso nal Inf o rmat io n Ident if icat io n (PII), Perso nal Inf o rmat io n Ident if icat io n (PII)
Dat abase, Perso nal Inf o rmat io n Ident if icat io n (PII), Acco unt (s) Co mpro mised, Mult iple Target s
Server Co mpro mise, Net wo rk Co mpro mise INDUSTRY INDUSTRY
INDUSTRY
- -
INDUSTRY
Co nsumer services, E-co mmerce, Financial
Aut o mo t ive, Co nglo merat e, Teleco m, Co nsumer GEOGRAPHY Services, Fo o d & Beverages, Manuf act uring, GEOGRAPHY
services, Educat io n, Financial Services, - Pro f essio nal Services, Ret ail, Spo rt indust ry, -
Manuf act uring, Go vernment , Healt h Care, Techno lo gy, Go vernment , Ent ert ainment
Ho spit alit y, No n Pro f it Organizat io n, Pro f essio nal
Services, Techno lo gy, Ret ail GEOGRAPHY
Af rica, No rt h America, So ut h America, So ut h East
GEOGRAPHY
Asia, West ern Euro pe, Middle East , So ut h Asia
Asia Pacif ic and Japan, No rt h America, West ern
Euro pe, So ut h Asia

NOTABLE CATEGORY REPORTING

HUMINT Vulnerability & Exploitation Data Breach

 [Historical] Email conversations pertaining to 'BANT RAB'…  Indicators associated with the AT W, aka AgainstT heWest,…  [Historical] Email conversations pertaining to 'BANT RAB'…
High  Feb 22, 2023 Medium  Feb 22, 2023 High  Feb 22, 2023

 T hreat Actor 'mhz ' claimed to have sold GlobalProtect VPN…  [Executive Perspective] Security researchers observe a trend in…  T hreat Actor 'mhz ' advertises a database claimed to be from…
Low  Feb 22, 2023 Medium  Feb 22, 2023 Medium  Feb 22, 2023

 T hreat Actor '4L1t3' advertises access via VPN (Pulse Connec…  Security Researchers discovered a Privilege Escalation…  American video game publisher, Activision confirmed sufferin…
Low  Feb 21, 2023 Medium  Feb 22, 2023 Low  Feb 22, 2023

 [Version 2] [Early Warning] T hreat Actor 'nightcat' advertises…  [Early Warning] T hreat Actor 'malloc' advertises exploit for an…  Actor 'DAT 4' advertises data claimed to be exfiltrated from a…
Medium  Feb 20, 2023 Medium  Feb 22, 2023 Low  Feb 22, 2023

 T hreat Actor 'beffjez os' claims to have sold web-shell acces…  [Early Warning] T hreat Actors 'Wolverine', 'Zodiac' and…  T hreat Actor 'iodestr' advertises over 750 GB of data claimed t…
Medium  Feb 20, 2023 Medium  Feb 22, 2023 Low  Feb 22, 2023

intel@volon.io
 HIGH RELEVANCE REPORTS

Darknet | BidenCash Marketplace, XSS Forum

[Historical] Card details of the customers of 'Banco de los T rabajadores' identified in the data shared by the operators of 'BidenCash Marketplace'
 Feb 22, 2023 | Cyber Crime | Flash Report

HUMINT | DDoSecrets
[Historical] Email conversations pertaining to 'BANT RAB' identified in the data shared by the hacktivist group 'Guacamaya', claimed to be from a Guatemala based government entity
'MARN'
 Feb 22, 2023 | Hacktivist | Flash Report

intel@volon.io
 GLOBALE EVENT EXPOSURE

OSINT | FortiGuard T hreat Research, T witter

[FortiGuard T hreat Research] [Advisory] #OpSweden: Hactivists spur the cyberspace against Swedish Organizations in response to the recent incident of burning of the Islamic holy
book 'Quran'
 Feb 02, 2023 | Hacktivist | T hreat Report

Darknet | FortiGuard T hreat Research

[FortiGuard Research] Darknet T rends for Q4, 2022
 Jan 24, 2023 | Cyber Crime | T hreat Report

T echnical Intelligence | Blog Post

Indicators and MIT RE AT T &CK techniques associated with new phishing campaign by 'Gamaredon' using multi-staged approach to first profile potential victims and then leads them to
the final payload
 Jan 23, 2023 | Cyber Espionage | T hreat Alert

T echnical Intelligence | Blog Post

Indicators associated with new phishing activity by a group tracked as UAC-0142 targeting the Ukrainian Military's systems by installing FateGrab/StealDeal malware
 Dec 19, 2022 | Cyber Espionage | T hreat Alert

Darknet | Breached aka BreachForums

Actor 'UberLeak' shared data claimed to be from an American IT asset management service provider 'T eqtivity', and its clients such as the mobility services giant 'Uber' along with its
subsidiary 'Uber Eats', as well as a travel management service provider 'T ripActions', exfiltrated from a compromised AWS backup server of the vendor
 Dec 13, 2022 | Cyber Crime | T hreat Alert

T echnical Intelligence | Blog Post

Indicators and MIT RE AT T &CK techniques associated with a phishing campaign attributed to Russian espionage group 'Blue Callisto' targeting Government organisations and individuals
in Europe and US, also shifting their attack curve towards Ukraine
 Dec 06, 2022 | Cyber Espionage | T hreat Alert

Media T rends | Media Blog Post

Alleged Ransomware attack on AIIMS Delhi, India's Premiere Healthcare Institute, that led to impaired the day-to-day activities
 Nov 25, 2022 | Cyber Crime | T hreat Alert

intel@volon.io