Browser-Based Threat Report: Dec. 4
Browser-Based Threat Report
Week of December 4th, 2023
ConcealBrowse is leveraged by teams across the world to combat weaponized URLs and Browser-Based Threats. The technology is constantly analyzing suspicious web artifacts to identify risks in the form of drive-by attacks, phishing portals, and other threats that materialize while browsing.
At Conceal, your digital safety is our utmost priority. Our weekly threat report for the week of December 4th, 2023, unveils critical insights into the ever-evolving landscape of online threats.
The following report highlights recently detected sites that were deemed suspicious:
_____________
SHA-256: : d7ac58e21dd05f2309e09e96c4deac274fa3bfe753d45af29d205f49262f80e2
This URL was detected by ConcealBrowse on December 4th, 2023 and 4 additional security vendors the same day. This highlights Conceal’s ability to remain on the leading edge of threat prevention through real-time analysis.
The URL redirects to a medical news outlet that once engaged by clicking on the “Watch Now” button, opens additional tabs that load various medical ads and hoaxes. More importantly, the source HTML has embedded JavaScript that delivers a temp file to the endpoint. This file specifically matched numerous YARA and Sigma rules after dynamic analysis since it is obfuscated, lays dormant (long-sleeps), and executes wscript/cscript. ConcealBrowse prevents the page from loading, assigning it a 14% risk score due to suspicion, and numerous identical links with different labels.
_____________
SHA-256: f3c75ad42c932bff7e498e90745f7a4b0d85da444f7fbfa3960e8ffbe41c6561
This URL was detected by ConcealBrowse on December 1st, 2023. The URL was first detected on August 26th, 2023, by 7 reputable security vendors. To date, 17 vendors have flagged the URL, further categorizing it as phishing, malicious, and malware. Using this information and real time analysis conducted by our Sherpa AI Engine, ConcealBrowse assigned a 29% risk score and isolated the URL 3 times in a row, combatting and protecting against end-user persistence.
Without ConcealBrowse, the end user would have introduced an HTML file to their endpoint, that subsequently reaches out to a “.cc” domain. This Australian domain, due to its cost effectiveness, is used by spammers and nefarious actors worldwide. It is hard to extrapolate the intent of the file, however, the action of introducing suspicious files to the endpoint raises concern. Additionally, the page is harvesting crypto wallet addresses to locate wallets, and potentially use the downloaded HTML file for follow on data exfiltration.
_____________
SHA-256: 195aad5302702e9159617c0ed2023a05116bd663324998e333d4cb9a60bb93f2
This URL was detected by ConcealBrowse on December 4th, 2023. It was first submitted to various CTI feeds August 8th, 2023 and has since only been identified by 3 security vendors as malicious demonstrating the unreliability and lengthy time necessary to populate feeds.
With real-time analysis, ConcealBrowse was able to identify and isolate this URL with a 14% risk due to various reasons such as the lack of basic metadata. Although the URL delivers a blank webpage, the page does drop files on the endpoint that have exhibited various MITRE ATT&CK techniques used by malicious actors. Dynamic analysis shows that the dropped files do create registry run keys to survive reboot, which can also lead to privilege escalation depending on who logs into the system. Further, the URL in question has a high-risk reputation score, short duration domain certificate, and is even sinkholed by 2 DNS providers.
_____________
Valuable Outcomes
ConcealBrowse offers comprehensive protection against many sophisticated cyber threats, as recent threat reports exemplify. Our advanced threat detection capabilities have successfully flagged and quarantined malicious web pages, preventing users from falling victim to various cyber-attacks. Conceal remains dedicated to upholding the integrity of online interactions, constantly refining our detection algorithms and threat identification protocols to ensure proactive protection against emerging cyber threats. By integrating cutting-edge technology and a robust security infrastructure, we empower users to navigate the digital landscape with confidence, knowing that their online activities are shielded from potential harm.
Join the Conceal Community and claim your FREE ConcealBrowse licenses!
Join the Conceal Community today and fortify your online security for free! Don’t miss the chance to benefit from our advanced threat protection and stay one step ahead of cybercriminals. Experience peace of mind while browsing the internet, knowing that ConcealBrowse is your shield against the ever-evolving threat landscape. Take the proactive step towards a safer online experience – get your free ConcealBrowse license now and join a community committed to safeguarding your digital world.
Sign up for the Conceal Community and claim your free licenses by completing the form below.