Threat Thursday: March

This Threat Thursday delves into Ubuntu Endpoint Hygiene, the sophisticated malware strain AppleJeus and Bifrost, which poses a significant threat to endpoints and enterprise networks.

New Threat Releases

IMG_2151

Ubuntu Endpoint Hygiene

We are delving back into the realm of cyber hygiene, but this time with a focus on Ubuntu 20 endpoints. This threat is comprised of 17 essential STIG CAT I & II checks designed to validate security posture of your endpoints, ranging from SSH login requirements to firewall utilization. This release has been given to all SCYTHE customers so check it out in the knowledge base and see where your endpoint hygiene stacks up.

 

Empower IOC Releases

This month we wanted to highlight two of the four IOC sets we have created for Empower subscribers pertaining to the sophisticated malware strain AppleJeus and Bifrost, which poses a significant threat to endpoints and enterprise networks.

AppleJeus

AppleJeus is a sophisticated malware strain known for its multi-faceted attacks and elusive nature. Notably, it has been associated with various Command and Control (C2) infrastructures, including: Celas Trade Pro, JMT Trading, Union Crypto, Kupay Wallet, CoinGoTrade, Dorusio, and Ants2Whale. While they have a robust infrastructure, each campaign is comprised of consistent behaviors and actions across these platforms. SCYTHE has provided an IOC, in the form of a threat, for use in your SCYTHE Platform.

applejeus2

Bifrost

Bifrost, poses a significant threat to endpoints and enterprise networks, often infiltrating systems via phishing emails or malicious websites. Once deployed, it conducts a range of malicious activities, gathering sensitive data such as hostname, IP address, and process IDs, which it encrypts using RC4 before sending to a Command and Control (C2) server for further instructions. SCYTHE has provided an IOC, in the form of a threat, for use in your SCYTHE Platform.


bif

Want to learn more about what SCYTHE's Empower offering can do for you? Reach out to us here.

March 26 Free Virtual Workshop - Detection Engineering

Register today! Register today! Learn the detection engineering process in this FREE three-hour workshop with Lead Adversary Emulation Engineer Trey Bilbrey. After going over each step of the cycle, we will dive into a hands-on workshop to put the method to practical use.

Register to ENTER TO WIN Unicorn Goodies!

300 x 175px Unicon

Save the date(s) for upcoming events featuring SCYTHE experts. Click here to see the full lineup! 

About the Author

Trey Bilbrey is a Lead Adversary Emulation Engineer at SCYTHE, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey's 15 years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps ( Defensive and Offensive Cyber Operations). Current certifications include the CISSP, GICSP, GCIP, and K>FiveFour RTAC.

About SCYTHE

SCYTHE represents a paradigm shift in cybersecurity risk management, empowering organizations to Attack, Detect, and Respond efficiently. The SCYTHE platform enables collaboration between red, blue, and purple teams to build and emulate real-world adversarial campaigns. SCYTHE's innovative dual-deployment options and comprehensive features ensure a proactive cybersecurity approach. Headquartered in Arlington, VA, SCYTHE is privately funded by distinguished partners dedicated to shaping a more resilient cybersecurity landscape.