Last Updated: 11:27AM EST
Today's News
Today we are seeing targeted Email attacks from104.47.34[.]64 and 105.8.2[.]175.
Clipboard Hijacking Reports - A Clipboard Hijacker targeting bitcoin has affected over 300,000 computers according to Chinese security firm Qihoo 360 Total Security.
Cryptocurrency Mining Bot Targets SSH - A report from Trend Micro
Today's Events
PBot Malware - Several news reports of this Python ad campaign that may by used for other attacks. Event: 28796
Emails (Above) - Continued suspicious emails - Updated to TLP:RED in our data Event: 28795
Spam Messages - We are seeing an uptick in activity from cdn.kustomerapp[.]com and others. In addition we have updated an event 28797 to include a series of suspicious domains associated with this activity.
ASUSWRT Exploits - We are seeing EXPLOIT ASUSWRT 3.0.0.4.376_1071 LAN Backdoor Commands Execution that we have previously reported on. The activity is coming from 179.219.203[.]40. In addition we are still seeing the previous Netcore Router Backdoor Access attempts.
DDOS - Seeing CVE-2016-9312 exploited in DDOS attacks.
IOCS
104.47.34[.]64
105.8.2[.]175
cdn.kustomerapp[.]com
179.219.203[.]40