<p><strong>NBC was owned this morning and serving up malicious javascript.</strong></p><p><img alt="" src="https://cdn.filestackcontent.com/F3IvTYwoRXCcct4TxZfu" style="width: 957px; height: 413px;"/></p><p>Malicious javascript file added to nbc.com this morning is serving up Citadel (Zeus Varient) by exploiting known PDF and Java vulnerabilities.</p><p><strong>Indicators of compromise:</strong></p><p>hxxp://priceworldpublishing.com<br/> hxxp://flying-gators-mac.com<br/> hxxp://clientesporinternet.com<br/> hxxp://finesseindia.com<br/> hxxp://zafood.net<br/> hxxp://fabricaequiposestetica.com<br/> hxxp://gonullersultani.net<br/> hxxp://justyourmessage.com<br/> hxxp://allsystemscorp.com<br/> hxxp://registrosanitarioinvima.com<br/> hxxp://fattjoints.com<br/> hxxp://buubinorthpointestates.com<br/> hxxp://hideshadow.com<br/> hxxp://erabisnis.net<br/> hxxp://datingquotes.net<br/> hxxp://bridalplaces.com<br/> hxxp://moi-npovye-sploett.com/qqqq/1.php<br/> hxxp://priceworldpublishing.com/aynk.html<br/> hxxp://nikweinstein.com/cl/google.php<br/> hxxp://walterjeffers.com/ctuk.html<br/> hxxp://barbecuechickenrecipes.org/ctuk.htm<br/> hxxp://umaiskhan.com/ztuj.html<br/> hxxp://toplineops.com/mtnk.html<br/> hxxp://gonullersultani.net/znzd.htm<br/> hxxp://erabisnis.net/znzd.htm<br/> hxxp://electricianfortwayne.info/62.html<br/> hxxp://moi-npovye-sploett.com/cGeQc0wz1KPI/larktion.php<br/> hxxp://toplineops.com/mtnk.html<br/> hxxp://electricianfortwayne.info/62.html<br/> hxxp://electricianfortwayne.info/987.pdf</p><p><strong>MD5/VT: </strong></p><p><a href="https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/6b276bee21bf5946461e3c62f447b3be7179e9cce4742a61b26417609ed001ee/analysis/</a></p><p><a href="https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/" rel="nofollow" target="_blank">https://www.virustotal.com/en/file/9cd13ffb2e5eb7b96cbfb3cc3b10e223043940daeb51aa2e68983849673d2dc9/analysis/</a></p><p><a href="http://www.threatstream.com/">THREAT STREAM</a> users are covered via SIEM correlation rules to detect potential compromise from this event.</p>
FEATURED RESOURCES
Anomali Cyber Watch
Anomali Cyber Watch: Notepad++ Attack, RAT Uses Hugging Face, Microsoft Office Flaw and more
Notepad++ Supply Chain Attack Delivers Chrysalis Backdoor. Android RAT Uses Hugging Face Platform to Host Malicious Payloads. Fancy Bear Exploits Microsoft Office Flaw in Ukraine. Nitrogen Ransomware Decryptor Fails Due to Coding Error. And more...
Anomali Cyber Watch
Anomali Cyber Watch: Stanley Malware Toolkit, ShinyHunters, Vulnerability in WhatsApp and more
Stanley Malware Toolkit Abuses Browser Extensions to Enable URL-Trusted Phishing. ShinyHunters Linked to Large-Scale Okta SSO Credential Harvesting via Voice Phishing. Silent Media Chain Vulnerability in WhatsApp Group Chats. And more...
