Cyber Intelligence

1. Lorenz Ransomware Group

https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in

2. How Malicious Actors Abuse Native Linux Tools in Attacks

https://www.trendmicro.com/en_us/research/22/i/how-malicious-actors-abuse-native-linux-tools-in-their-attacks.html

Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free - Arctic Wolf Learn about Arctic Wolf Lab’s recent investigation into a Lorenz ransomware intrusion which leveraged a Mitel MiVoice VOIP appliance vulnerability for initial access and Microsoft’s BitLocker Drive Encryption for data encryption.

1. CVE-2022-34709:
Windows Credential Guard ASN1 Decoder Type Confusion EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2301

2. CVE-2022-37706:
A reliable exploit + write-up to elevate privileges to root (Ubuntu 22.04)
https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit

2301 - project-zero - Project Zero - Monorail

1. XorDdos malware
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices

2. Malware Analysis Series (MAS) - Article 5
https://exploitreversing.com/2022/09/14/malware-analysis-series-mas-article-5

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog Observing a 254% increase in activity over the last six months from a versatile Linux trojan called XorDdos, the Microsoft 365 Defender research team provides in-depth analysis into this stealthy malware's capabilities and key infection signs.