🛡 H3lium@infosec.exchange/:~# :blinking_cursor:<p>"🔍 Unveiling Sandman APT: The Silent Menace Targeting Global Telcos 🎯"</p><p>SentinelLabs has unearthed a new threat actor dubbed Sandman APT, primarily targeting telecommunication providers across the Middle East, Western Europe, and South Asia. This enigmatic group employs a novel modular backdoor named LuaDream, utilizing the LuaJIT platform, a rarity in the threat landscape. The meticulous movements and minimal engagements hint at a strategic approach to minimize detection risks. The LuaDream malware, a well-orchestrated and actively developed project, is designed for system and user info exfiltration, paving the way for precision attacks. The intriguing part? The attribution remains elusive, hinting at a private contractor or a mercenary group akin to Metador. The activities observed are espionage-driven, with a pronounced focus on telcos due to the sensitive data they harbor. The meticulous design of LuaDream showcases the continuous innovation in the cyber espionage realm, urging for a collaborative effort within the threat intelligence community to navigate the shadows of the threat landscape.</p><p>Source: <a href="https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/" rel="nofollow noopener" target="_blank">SentinelOne Labs</a></p><p>Tags: <a href="https://infosec.exchange/tags/SandmanAPT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SandmanAPT</span></a> <a href="https://infosec.exchange/tags/LuaDream" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LuaDream</span></a> <a href="https://infosec.exchange/tags/TelecomSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelecomSecurity</span></a> <a href="https://infosec.exchange/tags/CyberEspionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberEspionage</span></a> <a href="https://infosec.exchange/tags/ThreatActor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatActor</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/LuaJIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LuaJIT</span></a> <a href="https://infosec.exchange/tags/SentinelLabs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SentinelLabs</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> 🌐🔐🎯</p> <p>Indicators of Compromise (IoCs):</p><ul><li>Domains: mode.encagil[.]com, ssl.explorecell[.]com</li><li>File Paths: %ProgramData%\FaxConfig, %ProgramData%\FaxLib</li><li>SHA1: <ul><li>fax.dat: 1cd0a3dd6354a3d4a29226f5580f8a51ec3837d4</li><li>fax.Application: 27894955aaf082a606337ebe29d263263be52154</li><li>ualapi.dll: 5302c39764922f17e4bc14f589fa45408f8a5089</li><li>fax.cache: 77e00e3067f23df10196412f231e80cec41c5253</li><li>UpdateCheck.dll: b9ea189e2420a29978e4dc73d8d2fd801f6a0db2</li><li>updater.ver: fb1c6a23e8e0693194a365619b388b09155c2183</li><li>fax.module: ff2802cdbc40d2ef3585357b7e6947d42b875884</li></ul></li></ul> <p>Author: Aleksandar Milenkoski, a seasoned threat researcher at SentinelLabs, has meticulously dissected the activities of Sandman APT, shedding light on the LuaDream backdoor. His expertise in reverse engineering and malware research is evident in the detailed analysis provided.</p>
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.
Administered by:
Server stats:
1.5Kactive users
mastodon.ie: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#luadream
0 posts · 0 participants · 0 posts today
Just Another Blue Teamer<p>Happy Friday everyone!</p><p>The SentinelOne Labs research team has discovered a new <a href="https://ioc.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> they named <a href="https://ioc.exchange/tags/Sandman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sandman</span></a>. This group targets telecommunication providers and uses a modular backdoor known as <a href="https://ioc.exchange/tags/LuaDream" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LuaDream</span></a>. They used techniques that included pass-the-hash and DLL hijacking to meet their objectives! Enjoy and Happy Hunting!</p><p>Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit<br><a href="https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">sentinelone.com/labs/sandman-a</span><span class="invisible">pt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/</span></a></p><p><a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueTeam</span></a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a></p>
securityaffairs<p><a href="https://infosec.exchange/tags/Sandman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sandman</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> targets telcos with <a href="https://infosec.exchange/tags/LuaDream" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LuaDream</span></a> <a href="https://infosec.exchange/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a><br><a href="https://securityaffairs.com/151191/apt/sandman-apt-targets-telco.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/151191/apt</span><span class="invisible">/sandman-apt-targets-telco.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload