U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
Dudear (aka TA505/SectorJ04/Evil Corp), used in some of the biggest malware campaigns today, is back in operations this month after a short hiatus. While we saw some changes in tactics, the revived Dudear still attempts to deploy the info-stealing Trojan GraceWire.
The new campaign uses HTML redirectors attached to emails. When opened, the HTML leads to the download Dudear, a malicious macro-laden Excel file that drops the payload. In contrast, past Dudear email campaigns carried the malware as attachment or used malicious URLs.pic.twitter.com/mcRyEBUmQH
This is the first time that Dudear is observed using HTML redirectors. The attackers use HTML files in different languages. Notably, they also use an IP traceback service to track the IP addresses of machines that download the malicious Excel file.pic.twitter.com/1qnx3NmwiB
Microsoft Threat Protection provides comprehensive protection against Dudear. Office 365 ATP detects malicious attachments and URLs used in emails. On endpoints, Microsoft Defender ATP detects and blocks the malicious HTML and Excel files and payload.
The Microsoft Defender ATP research team has also released a Threat Analytics report that customers can use to get technical info about the techniques and tools used by the threat, the impact to the organization, advanced hunting queries, mitigation status, and recommendations.pic.twitter.com/xerMufUpQD
IoCs: HTML SHA-256: 44ffbe69f8f189de7fa4f794686241ee4c814de90681bfff0a37e344ed12954e, 63c137ed882560ba03b7333a49b0714990c581f4e8a1b7579b339c74f465aa03, 6dee4408f563522f7fe5efb9891c409827643039bf7c8cd17c0d80bcc2997ece
Dudear SHA-256: b81302bc5cbfeddf3b608a60b25f86944eddcef617e733cddf0fc93ee4ccc7ab, bf86ccaf5e7f20124a259212a3a78dae12ec2594f48d5256a01323c772abc606, d75c0e88f203dce04e7c90a32a17cee25e5d3acbb5add7c33d257b8600281f2b
TA505 does not equal Evil Corp.
Whoopsie 
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
